Work in progress — proof of concept verified. The v1 specification and reference apps are being prepared.

Priver for journalists

Protect your sources. Protect yourself.

Every major messenger has a server. Every server has an owner. Every owner can be subpoenaed, hacked, or compelled. Priver has none of these — because there is no one in between.

Get PriverRead the threat model
Servers
0
Nothing to subpoena
Phone numbers
None
Nothing to leak
Transport
Tor
Nothing to trace
Metadata stored
Zero
Nothing to seize
The problem

The tools you trust are already compromised.

You use Signal because it's "the gold standard." But Signal still requires a phone number — a number tied to your identity, your carrier, your location history. Signal still runs on centralized servers. Those servers can be subpoenaed. And the EU's proposed Chat Control regulation would force every platform operating in Europe to scan private messages before encryption.

  • Signal requires your phone number. That number links to your carrier, your billing address, and your call history.

  • WhatsApp hands over metadata in near real time — who you talk to, when, and how often. A leaked FBI document confirmed this in 2021.

  • Telegram is not end-to-end encrypted by default. After the CEO's arrest in France, it now hands IP addresses and phone numbers to law enforcement.

A journalist's right to protect their sources means nothing if the messenger itself is the evidence.

Real-world scenarios

What happens when someone comes looking.

These aren't hypotheticals. They're the situations investigative journalists face every year.

A court orders your messaging provider to hand over records.

Without Priver

The provider complies. Even if message bodies are encrypted, metadata reveals who your source is, when you talked, and how often. That pattern alone is enough to identify a whistleblower.

With Priver

There is no provider. There is no server. There are no records. The court order has no one to serve it to.

A government agency surveils your communication patterns.

Without Priver

Your IP address connects to Signal's or WhatsApp's servers. Your phone number is registered. Metadata flows through infrastructure that can be tapped, logged, and analyzed.

With Priver

Messages travel through Tor — your IP is hidden, your location is masked, and the fact that you're communicating at all is concealed. No central infrastructure to tap.

Your phone is seized at a border crossing.

Without Priver

If your cloud backups are on, your full chat history is accessible. Even without backups, your contact list reveals your network. Your phone number ties to your real identity.

With Priver

Your identity is a cryptographic key, not a phone number. There's no cloud backup to subpoena. Even if the device is compromised, past messages can't be decrypted — every message uses a unique key that's destroyed after use.

The EU Chat Control regulation passes.

Without Priver

Every messenger operating in Europe — Signal, WhatsApp, iMessage, Telegram — must scan messages before encryption. End-to-end encryption is broken by law. Signal has said it will leave the EU entirely.

With Priver

There is no company to regulate. There is no server in any jurisdiction. There is no point where scanning can be injected. The protocol cannot comply — not because it refuses to, but because it can't.

How it works

Built for the people who need privacy most.

Priver isn't a company making promises. It's a protocol making promises impossible to break.

  • No phone number, no account. Your identity is a key pair generated on your device. Share it via QR code or link. Nobody issues it. Nobody can revoke it.

  • Messages travel through Tor. No IP address exposed. No location metadata. No way to prove two devices communicated.

  • Signal Protocol encryption — without Signal's servers. The same Double Ratchet algorithm, with forward secrecy. Each message gets a unique key. Past messages stay safe even if your device is compromised today.

  • Decentralized discovery. Find other Priver users through a distributed hash table — no central directory that can be seized or shut down.

Signal proved that end-to-end encryption could be easy. Priver takes the next step: removing the servers, the phone numbers, and the single organization that could be forced to comply.

What this means for your work

The freedoms that matter to journalists.

Source protection by architecture.

There is no metadata trail. No contact list on a server. No record that you and your source ever communicated. Protection isn't a policy — it's a mathematical guarantee.

Works across borders.

No region blocks. No carrier dependencies. No government can shut down a server that doesn't exist. File from anywhere, communicate from anywhere.

Can't be banned or restricted.

Your identity is a key on your device. No platform can suspend your account, delete your history, or decide you violated terms of service.

You control your data.

Chat history lives on your device. No cloud backup you didn't choose. No terms of service that grant a company rights to your content.

Fully open source.

Every line of code is public. Your publication's security team can audit exactly what Priver does. No black boxes. No trust required.

By design, not by promise.

Not "we promise we don't look." Not "trust us." Not "we're a nonprofit." There is nothing to look at, nothing to trust, and no one who could change that.

Go deeper

Read the full threat model.

A side-by-side comparison of every major messenger — what they log, what they hand over, and why Chat Control breaks them all. Every claim sourced.

Get Priver

Protect the conversation. Protect the source.

Get Priver for iOS, Android, or desktop. Or read the protocol specification.

Download for iOS Download for Android Download for Desktop Read the Protocol

Developed by Jetlio. Owned by no one.