End-to-end encrypted communities with post-quantum key exchange. The server cannot read your messages, your metadata, or even your community's name.
Channels, voice chat, roles, DMs. The stuff you use every day. The difference is that everything is encrypted before it leaves your device.
Text channels organized into categories. Direct messages. Replies, reactions, editing, file attachments, encrypted pins. The familiar shape of a community platform, encrypted end-to-end by default.
Two layers of encryption: ChaCha20-Poly1305 transport encryption plus Sender Keys for end-to-end encryption. The server relays audio packets it cannot decrypt. Low latency, no third party listening in.
19 granular permissions. Per-channel and per-category overwrites. Multi-role assignment. Audit logs. Full community governance without giving up encryption to get it.
Your key exchange is protected against quantum computers. PQXDH with Kyber1024 means encrypted traffic captured today cannot be broken by tomorrow's hardware.
Every DM uses a unique key via Double Ratchet. Group channels rotate epoch keys when members leave. Compromising one message — or one member — does not compromise the rest.
The server delivers your DMs without knowing the sender. Your community's name is stored as ciphertext it cannot read. Metadata is not a side channel — it is not collected at all.
You already know the pitch from every other platform: we care about your privacy. And then they log everything, sell the patterns, and hand it over when someone with a badge asks nicely. Any platform that can read your data will eventually be compelled to share it. That is a structural problem, not a policy failure.
Hushwire doesn't ask you to trust us. The server literally cannot read your messages. It cannot read your community's name. It cannot see who sent a direct message. It cannot decrypt your profile picture. Not because of a policy: because of math.
When you search for a GIF, the server queries Giphy on your behalf — your IP address never touches Giphy's servers. That is the kind of detail that separates a privacy policy from a privacy architecture.
If you've ever had to think twice about what you say in a group chat — about who you are, who you're with, what you believe, what you're working on — this is built for you. Not as a feature. As the entire point.
The protocol is peer-reviewed and battle-tested. The code is open source. If you're a security researcher, read it, audit it, try to break it.
Messages are encrypted on your device. The server relays ciphertext it cannot read. But Hushwire goes further: community names, descriptions, and avatars are also encrypted before upload. The server cannot produce readable data because it never had any.
Choose the right tradeoff per channel. Open: no encryption. Standard: encrypted, full history. Secure: epoch keys rotate on member removal. Strict: no history. Transient: deleted after delivery.
Verify contacts by comparing safety numbers out-of-band — the same pattern Signal uses. Multi-device linking uses 30-digit SAS verification. Identity key changes trigger visible warnings.
Hushwire is in closed alpha. Download the client, create a community, and invite the people who matter. Available for macOS, Windows, and Linux.
Download Hushwire