Most “privacy-focused” messaging apps still collect metadata.
Even if messages are encrypted, servers often know:
who you talk to
when you talk
how often
That’s still surveillance.
So while building EchoId, I focused on reducing what the system can know.
Core Approach
Instead of building a “smart” backend, I kept the server dumb.
It only acts as a relay.
No storage. No analytics. No logging of messages.
If there’s nothing stored, there’s nothing to leak.
Encryption
Messages are encrypted using AES before being sent.
This means:
Server never sees plaintext
Messages are unreadable in transit
Even if intercepted, they’re useless without the key
Server Design
The backend does only 3 things:
Accept message payload
Forward it to recipient
Drop it
No database for messages. No history.
What This Solves
No message analysis
No stored conversations
Reduced metadata exposure
No user profiling
What’s Still Hard
This doesn’t magically solve everything.
Challenges I’m still working on:
Key exchange (secure + simple)
Preventing abuse without tracking users
Handling offline delivery without storage
Scaling relay without introducing logs
Philosophy
Privacy isn’t about adding encryption.
It’s about removing the ability to collect data at all.
EchoId is still early, but the direction is clear:
Less data > more protection
Repo
https://github.com/fabulousman12/echoid-open_source
Top comments (0)