Privacy is a right,
not a feature.

Every messenger today asks you to trust an operator. Signal runs on AWS. Telegram runs its own data centers. iMessage runs Apple's. WhatsApp runs Meta's. The encryption between users is end-to-end, but the plumbing runs on hardware one company owns and one company can be compelled to change.

"Trust" sounds harmless until you read the fine print: when governments, courts, lawyers, or new owners come knocking, the operator's job is to comply. Even when they cannot read your messages, they can almost always reveal who talked to whom, when, and how often. That is the social graph — and that is what gets people targeted, profiled, or arrested.

Onym narrows the trust surface. The way it does it is to remove the operator from the loop, and to make the only piece of shared state public, auditable, and beyond any one party's control. That is not the same thing as having no servers; we still use the Stellar network and a relayer that pays its fees. We are honest about what each of those sees and does, on the threat model page.

Identity on device. Your keys, contacts, and message history are generated and stored on your phone. Twelve BIP-39 words restore the lot on another device — and they leave only when you type them. No account creation, no phone number, no email.

Group state on a public smart contract. The rules of every group — who can admit, who can remove, who can speak — live on Stellar via Soroban. Anyone can verify them; no one can override them. The contract is the only piece of shared state, and it is public by design.

Relayer pays the fees, sees the wrapper. A relayer submits your signed Stellar transactions and pays the on-chain fees so users never need a funded account. It sees ciphertext and connection metadata — never plaintext, never which group member sent a given message. Run your own; switch any time.

Every layer is MIT-licensed and on GitHub: onym-ios, onym-android, onym-contracts, the onym-relayer, and the SDKs.

The cryptographic primitives are not novel. BIP-39 (mnemonics), secp256k1 with Schnorr (Nostr identity), Ed25519 (chain anchors), X25519 (sealed inboxes), BLS12-381 (group signatures), PLONK (membership proofs), Poseidon (SNARK-friendly hashes) — each one studied, deployed, and attacked by cryptographers for decades. We do not roll our own crypto.

If you would like to read the source, audit the math, or build the binaries from source, you can. That is the deal.

Onym is, today, the work of a single maintainer. There is no Foundation yet. There is no Series A, no advisory board, no PR firm. There is one person, working in public, on MIT-licensed code that anyone can fork the day this page becomes inaccurate.

The maintainer’s name and GitHub account are public — visible on every commit across every Onym repo. The website just doesn’t put the name on a banner; the project shouldn’t be about the person. For correspondence, including from journalists, security researchers, and prospective contributors, write to lead@onym.app.

The "Onym Foundation" language used elsewhere on the internet is from earlier drafts and is being walked back. If a Foundation is formed, it will be announced here with jurisdiction, registration, and a real charter. Until then: solo, MIT, in public.