A short, factual catalog of BlindPost's capabilities and the architecture choices behind them.

Privacy you control

End-to-end encrypted. Every message is encrypted on your device. The server processes ciphertext and cannot read content. X25519 for key exchange, AES-256-GCM for symmetric encryption.
No phone number, no email, no account. Your identity is a local Ed25519 keypair generated on your device at first launch. There is no signup form to fill.
Server-blind architecture. Relay servers hold ciphertext blobs only. They see no sender, no recipient, no group membership, no message content. Privacy by architecture, not by promise.
Burn after read. Pick how long after the recipient opens a message it disappears, on both devices.
Burn after send. Pick a wall-clock time when you send. Both devices burn the message at that exact moment — no waiting for a read.
12-word recovery phrase. The only way to recover your identity on a new device. The recovery phrase lives only with you; BlindPost cannot reset it.

Talk however you want

All the basics. Text, voice messages, images, video, files. Each delivered E2E like text.
100,000-member groups. Fully end-to-end encrypted. Group state never leaves member devices in plaintext.
Voice effects. Send a voice message with a few playful pitch effects.
Polls and group cards. Vote inside a group. Share another group as a tap-to-join card in any chat — open mode for instant join, approval mode if admins want to review.
Inline translation and Reader View. Translate a bubble in place; pop a long markdown message into a clean full-screen reader.

Peer-to-peer cluster. Multiple relay nodes operate the network. Clients discover and switch among them automatically.
Cross-platform. iOS, Android (Google Play and direct APK), macOS (Apple Silicon and Intel), and Linux (deb and rpm). Windows client in development.
Free, no ads, no tracking. No advertising. No data brokers. No premium tier dangling features behind a paywall.