Security
Designed so we can't spy on you
even if we wanted to
Every security property is a technical consequence — not a promise, not a policy, not a terms-of-service commitment. The system is designed so the claims are enforced by mathematics, not by trust.
Principles
Four properties. All technical.
End-to-end encryption
Messages are encrypted on your device before they leave. Nobody — not Ndevar, not your internet provider, not the relay — can decrypt them. Only the intended recipient can.
Stealth addressing
Your identity is never exposed in transit. Each message uses a one-time token derived from your public key — the relay cannot link messages to identities.
Device-native identity
Your identity is an Ed25519 keypair generated on your device. It never leaves your device. No server stores it. No company controls it.
Zero message storage
Messages are never written to disk on any server. The relay holds an encrypted envelope only long enough to deliver it, then discards it. There's nothing to subpoena.
What Ndevar's relay can and cannot see
The relay routes messages to the right device — which means it knows which device should receive each message. It also sees connection metadata: IP address, connection frequency, and push notification tokens.
What it cannot see: message content (end-to-end encrypted), who sent each message (sealed sender), or who read each message (sealed receipt).
Users who want zero relay visibility can use Bluetooth-only mode, which sends no data to any Ndevar server.
Known limitations
What we don't claim to do
We believe in being honest about what the system can and cannot protect against.
No forward secrecy
Accepted tradeoffKey compromise reveals past messages. We've accepted this tradeoff to enable offline messaging and key recovery. Future protocol versions may address this.
Frame metadata visible on Bluetooth
Low impactNearby devices can observe Bluetooth advertisement frames — not content, but the fact that Ndevar is running. This is a property of Bluetooth, not a cryptographic weakness.
Group messages use shared key
Expected behaviourGroup encryption uses a shared group key rather than pairwise keys. This means a compromised group member can read group messages.
No identity verification UI
Low impactThere's no in-app mechanism to verify that a shortAddress belongs to the person you think it does. Key verification via out-of-band channels (in person, QR code) is supported but not enforced.
For the technically curious
Everything below is for security researchers, developers, and anyone who wants to verify our claims rather than take them on trust. The algorithms we use are open standards — nothing here is secret.
Cryptography stack
The cryptography stack
Stealth addressing
The relay never reads your messages
- Sender identity visible in every message
- Recipient identity visible in every message
- Server knows exactly who talks to whom
- Contact graphs are readable by the operator
- Sender address zeroed in every envelope
- One-time token per message — never reused
- Relay sees only encrypted envelope payloads
- Message content and sender identity invisible to relay
HKDF token derivation — how it works
Identity
Identity & key storage
AddressID
PermanentYour permanent device identity. An Ed25519 keypair generated locally, never transmitted. Never appears in relay logs.
ShortAddress
PermanentThe human-readable 8-character representation of your AddressID. Used in QR codes and contact sharing.
Transport ID
~15 minAn ephemeral identity used for Bluetooth transport only. Rotates approximately every 15 minutes. Never linked to your AddressID in transit.
Security you can actually verify.
The security properties described here are technical constraints, not policies.