NullTrace

Encrypted rooms for free speech. No accounts, no usernames, no telemetry, no permanent chat history.

What it does

NullTrace is not a feed with privacy bolted on. It is infrastructure for people who need to speak freely and leave no platform-owned trail behind.

01

Protects free speech

Talk in a room built for the conversation itself, not for distribution, engagement, profiling, or later inspection.

02

Controls who enters

Entry happens through a temporary invite capsule. You approve participants instead of publishing to an audience you do not control.

03

Encrypts before transport

Messages are encrypted in your browser before they move. The server passes encrypted traffic; it is not a place where readable conversations live.

04

Leaves less behind

No permanent chat archive, no ad profile, no account timeline. NullTrace is built for conversations that happen, serve their purpose, and disappear.

Why it works

Free speech needs more than a policy promise. NullTrace makes the room technically hard to abuse: approve entry, encrypt locally, rotate keys, store no readable history.

Encrypt first. End-to-end encryption starts locally, before a message leaves your device.

Hybrid keys. X25519 and ML-KEM combine classical speed with post-quantum resilience.

Short-lived entry. Invite capsules are signed, time-limited, and useless once they expire.

Approved members. Participants enter through verified handshakes and fresh room keying.

Less traffic leakage. Padding and encrypted chaff reduce what packet size alone can reveal.

One active session. Access is limited so quiet account sharing and invisible parallel use get harder.

Signal Comparison

In modern life, Signal should be the baseline for normal conversations with friends and family. Technology is too advanced, too connected, and too observable for ordinary messaging to be casual anymore. But when something must not become identity, notification, backup, device history, or future evidence, it belongs in NullTrace.

Area Signal limit NullTrace advantage In practice
Identity Starts from a phone-number account, with usernames added as a contact layer. No phone number, no username, no profile, no account identity. Access is controlled by keypairs. A conversation is not attached to a public handle, SIM card, address book, or reusable social identity.
Room control Groups live inside a persistent messenger account and contact graph. Rooms are created on demand with signed, temporary invite capsules and explicit approval. A conversation is a controlled event, not another permanent channel attached to your identity.
Encryption model Classical messaging encryption built for broad consumer chat. Hybrid X25519 + ML-KEM handshakes, signed transcripts, epochs, and sealed group-key distribution. NullTrace pushes harder than standard messaging: it protects the room now and reduces future cryptographic regret.
Message isolation Built as a persistent messenger where conversation state lives around long-running chats. Every message is its own sealed AEAD packet with sender, sequence, epoch, nonce, and authenticated metadata. A previous message cannot be reused to read, replay, or predict the next one.
Membership secrecy Group history belongs to the device history and group conversation model. Room keys rotate by epoch when membership changes, and new members only receive the current room key. Someone approved later does not get the old room key and cannot decrypt earlier messages.
Anti-forensics Device message history, app state, and notifications can leave OS-level residue depending on settings. No push notifications, no inbox archive, no platform notification previews, burn timers, deadman, one-tap wipe. There is far less for a phone extraction, notification log, backup, or casual inspection to recover.
Server breach A messenger service still has account, device, delivery, and abuse-prevention structure around users. NullTrace never receives message keys and stores no readable chat history. Relay memory is encrypted and short-lived. A breached server sees encrypted room traffic and noise, not plaintext or key material that can regenerate messages.
Server visibility A delivery service for known accounts, devices, and contactable identities. A pass-through for encrypted room traffic with no readable room archive and no account graph. The server has less useful structure to preserve, analyze, or hand over.
Free speech fit The minimum responsible choice for everyday private messaging. The correct place for conversations that must not leak through accounts, metadata, notifications, or retained history. For absolute free speech, NullTrace is the stronger and cleaner threat model.

FAQ

Do I need an account?

No. NullTrace does not need usernames, phone numbers, email addresses, or a public profile. Access is controlled by your user key and restore key, so the product can stay focused on rooms and encryption instead of identity collection.

Can NullTrace read my messages?

No readable chat history is stored for NullTrace to browse later. Message content is encrypted before transport, sent as protected room traffic, and only the approved participants in that room are meant to decrypt it.

What happens if I lose my keys?

You can lose access. Save both keys somewhere offline before continuing. If it happens, contact us and we can look at what is still possible, but the system is intentionally designed so keys matter.

How many people can be in a group conversation?

Invite as many people as the room needs. Every approved participant is brought into the encrypted session through the room flow, with membership changes driving fresh key material instead of turning the conversation into a public channel.

NullTrace 2026

Choose access

Payment

Plan

Exact SOL amount

Deposit address

Waiting for payment...

Save your access keys

Anyone with these keys can access or reset your NullTrace access. Store them offline. If your restore key is exposed, someone can revoke your current session.

User key
Restore key

Sign In

Private rooms. Disposable identities.

Start a secure channel, invite with a one-time capsule, let messages auto-burn.

  • Post-quantum hybrid keying
  • Traffic shaping with chaff & padding
  • Burn timer · Deadman · One-tap wipe

Pending approvals

    Security Engine

    PQ-Hybrid from day one

    X25519 + ML-KEM-512 for long-term secrecy and post-quantum resilience.

    Identity-bound pairing

    Signed handshake transcript + short SAS check to block invisible MITM.

    Replay-proof AEAD

    XChaCha20-Poly1305 with per-sender sequence & epochs. Strict AAD binds sender/seq/epoch.

    Smart rekey

    Initiator-driven on join/leave. Per-peer sealed GK distribution.

    Access capsules

    NT-C1 invites: signed, TTL-locked, size-padded. One-time room tokens at the WS edge.

    Traffic shaping

    Uniform 3–5 KB frames; encrypted chaff; server sinks noise.

    Soft rate limits

    Per-class quotas (chat / control / bulk). Back-pressure without drops.

    RAM-only

    No persistence. No telemetry. Hardened headers & strict CSP.

    Safety UX

    Approvals, SAS verify, burn timer, deadman switch, one-tap wipe.

    How it works

    1. Host starts a room. Fresh keys; disposable room ID.
    2. Share an invite capsule. Signed NT-C1, TTL-bound, size-padded (no token inside).
    3. Guest pastes & confirms. Room + short SAS fingerprints for a quick human check.
    4. Hybrid handshake. X25519 + ML-KEM derive a shared secret; initiator signs the transcript.
    5. Host approves. Sends one-shot ct; rekeys and distributes sealed GK.
    6. Chat. AEAD with deterministic nonces; AAD over {type,cid,seq,epoch}.
    7. Membership change → new keys. Debounced rekey; guests can gk_req to resync.
    8. Traffic blended. Frames padded; encrypted chaff runs; server sinks noise.
    9. Clean exit. Burn timer, deadman, wipe. Nothing at rest.

    Share capsule

    Expires in 02:00

    Paste capsule

    Confirm Join

    Room:

    Host ID:

    Your ID: