I got tired of every messenger asking for a phone number before letting you talk to anyone. Most privacy-focused messengers make you choose between convenience and privacy — either you get a polished experience with questionable data practices, or you get strong privacy with a painful setup. I tried to find the balance between the two. The result is ONYX. I want to be upfront about what it does and doesn't do privacy-wise — because "private messenger" is a claim that deserves scrutiny.
What the server actually knows about you
- Your username (not tied to phone, email, or anything real-world)
- That your devices exist (but not their private keys)
- Your IP address when connected (unavoidable)
- Message content in groups and channels — these are not E2EE encrypted, that's a real limitation
What it doesn't know:
- Your phone number or email — never collected
- Content of private chats — server only sees ciphertext
- Your favorites — stored locally only, server has no knowledge of them
How the E2EE actually works
Private chats use X25519 ECDH for key exchange (ephemeral per session) and HKDF-SHA256 for key derivation. I chose XChaCha20-Poly1305 over AES-GCM because it runs in constant time without AES-NI hardware acceleration — relevant for mobile devices — and has a 192-bit nonce vs 96-bit in GCM, which reduces collision risk in long sessions. LAN mode uses AES-GCM-256 — sessions are short-lived and never leave the local network.
Packet format (internet):
E2EEv1:[base64 JSON envelope: {eph pubkey 32B, nonce 24B, ciphertext, mac 16B}]
Packet format (LAN):
[pubkey 32B] [nonce 12B] [ciphertext] [mac 16B]
Multi-device works without the server touching your keys — new device sends an auth request to an existing trusted device, which must explicitly approve it before any key exchange happens.
The honest limitations
- Groups and channels have no E2EE — the only way to get full control over group communication is to self-host your own instance, so at least no third party has access to the data.
- Only incoming messages sync across devices — outgoing stay on the sending device only
- The server knows your IP when you're connected
LAN mode
There's a mode that works with no server and no internet at all — devices discover each other via UDP broadcast on the local network, exchange X25519 public keys in the broadcast packet itself, and communicate directly encrypted. Just hold the "Send" button in a private chat to choose this mode. Useful if you don't want any data leaving your network.
Self-hosted groups and channels
If you don't want to rely on the central ONYX server at all, you can run your own. There's a separate server software written in Rust — you download it, run it, and host your own groups or channels for your community or just a small group of friends. No web interface, runs entirely from the command line. Available for both Windows and Linux.
https://github.com/wardcore-dev/onyx-server/releases
Registration and account deletion
Username and password only. No phone, no email. Accounts can be deleted at any time and take all server-side data and media with them.
The project is still in early beta — rough edges are expected. If you run into any bugs or weird behavior, feel free to reach out directly to @support in ONYX. Just write your issue there and I'll look into it.
Available for Windows, Linux, macOS, and Android: https://github.com/wardcore-dev/onyx/releases
