New here? Read this in plain language →

Open · Anonymous · Onchain

Privacy. By design. Onym.

No company in the loop. Identity, keys, and history stay on your device. End-to-end encrypted, with an honest threat model.

Try the alpha See how it works
Why Onym exists →

The product

Trust no one,
just math and physics.

  1. 01

    Every other messenger has a server.

    A binary on hardware you don't own, run by a company you have to trust — its owners, its admins, and whoever can serve them a warrant. Their privacy ends where their org chart begins.

  2. 02

    Onym replaces the server with a public smart contract.

    Group membership and governance live on Stellar. Anyone can audit the rules. No one can override them. The contract is the only shared state — and it's public by design.

  3. 03

    Everything else lives on your device.

    Identity, keys, contacts, and message history are generated locally and stay on device. Nothing is ever synced to a cloud Onym controls. What does cross the network — encrypted message blobs, signed Stellar transactions — is named in the threat model.

9:41onym · e2ee
— end-to-end encrypted —
flight lands at nine
if traffic is bad, ten
i’ll be there. usual spot
moved the meeting to thursday btw
noted
9:41recovery phrase

Twelve words.

Write these down. Never share them.

1private
2shield
3silent
4shadow
5guard
6secret
7bright
8peace
9light
10trust
11love
12free
9:41new group

Choose governance.

Set the rules for who can admit, remove, post.

One-on-one
Anarchy
Founder
Democracy
Oligarchy

Sovereign identity

Your identity,
in twelve words.

Generated on this device. Stored only on device. Never synced to the cloud. Never sent anywhere. These twelve words restore your Nostr, Stellar, and BLS keys on any device — and they are the only key to your chats.

BIP-39 · 128-bit entropy · device-bound · zero exfiltration
9:41
Identities

Identities

Tap an identity to open it. Each identity has its own keys, chats, and recovery phrase.

YOUR IDENTITIES

Alice
BLS  a35c74815b15…
Active
Bob
BLS  a65f5e048a09…
Add Identity

Only the active identity's chats are visible. Switch between identities to see different inboxes.

The relayer, plainly

Yes, there is a server.
Here’s what it does —
and what it can’t.

Onym uses a relayer: a small service that submits your signed Stellar transactions and pays the on-chain fees so you never need a funded account. It is a server. It is not a server with kill-switch authority over your account, your conversations, or your group’s rules. The difference matters.

A full accounting of what every party sees lives in the threat model. Short version, drawn:

Relayer, cross-section honest · blind · replaceable
DEVICE keys plaintext signing history SOROBAN verifies proof stores commitment public ledger ZK PROOF · OPCALL → CONTRACT RELAYER translucent · replaceable · blind INSPECTION LOG 14:02:11.4 size 1.42 KB ip 92.13.4.· to Q9F4···d2 freq +1 READS · size · ip · timing · contract target — nothing else. + FEE π OUTSIDE THE BOX · THE RELAYER CANNOT REACH ACCOUNT DB does not exist KEY VAULT keys never leave the device MESSAGE ARCHIVE history is only on devices
It sees size & timing your IP* contract target governance flavor
Blind to plaintext which member sent it recovery phrase cleartext roster
Cannot disable account forge a transaction rewrite group rules silence you for good

* IP unless you bring your own privacy network. Run your own relayer or use several — the protocol is the same. Contract address tells the relayer the group’s governance flavor; cleartext membership lives inside the contract as commitments. The diagram shows the common case (in-group state changes via update_commitment); create_group additionally carries a Soroban auth entry signed by the founder, the only call where a user-bound signature touches the chain.

No one — not even Onym

can reconstruct your social graph.

Anonymous identities · No phone numbers · No address book.

Governance models

Pick the rules. Then prove them, on chain.

Three live today; two on the roadmap. Each is a separate Soroban contract suite — the family shares one client-side call shape.

01 / 06

Live

One-on-one.

A two-party encrypted thread. No admins, no votes — just two devices and their keys.

02 / 06

Live

Founder.

A single founder admits and removes. Honest about who holds the keys.

03 / 06

Live

Anarchy.

Anyone in can invite anyone. Anyone can leave. The group is what its members make it.

04 / 06

Planned

Democracy.

A majority of members admits and removes. Every change is a signed, on-chain vote.

05 / 06

Planned

Oligarchy.

A small council of admins. Threshold signatures decide who's in and who's out.

06 / 06

Bring your own

Imagine your governance.

Need a rule set we don’t ship? The protocol is governance-agnostic — propose a new flavor, or fork the contracts and define your own.

Cryptographic primitives

Boring math. Nothing exotic.

Onym is built from primitives that have been deployed, attacked, and studied by cryptographers for decades. No new crypto.

Keystone · the contract on top of these bricks

sep-anarchy

Seven primitives, one contract, any current member admits. The simplest of five policy contracts, with the full brick-by-brick soundness chain.

See the wall →

Open source · MIT

The whole stack,
in the open.

Apps, contracts, relayer — every layer is MIT-licensed. Clone the source, audit the math, build reproducible binaries yourself. Onym never has to be in the path.