Private by Design • Serverless • Blockchain Integrated

A decentralized messaging system that eliminates metadata exposure entirely. While other secure messengers protect your messages, Secure Legion protects your identity, communication patterns, and social network from surveillance. No servers know who you talk to, when you communicate, or where you are.

The world's first truly metadata-free messaging system. No servers know who you talk to, when you talk, or where you are.

Even the most secure messaging apps today have a dirty secret: they protect your messages but expose your metadata.

What's metadata? It's everything except the content of your messages:

• Who you talk to (your social network)
• When you communicate
• How often you message someone
• Your IP address and location
• Your contact list

Why does this matter?

"We kill people based on metadata." — Former NSA Director Michael Hayden

Governments, corporations, and attackers don't need to read your messages. Knowing who you talk to and when tells them almost everything they need to know.

• Journalists: A reporter's sources can be identified just by seeing who contacts them, even if messages are encrypted
• Activists: Protest organizers can be mapped by their communication patterns
• Whistleblowers: Simply connecting with a journalist can expose your identity
• Anyone: Your relationship network, daily routines, and social circle are exposed to whoever runs the messaging servers

Secure Legion eliminates metadata entirely. Not just encrypts it—eliminates it.

Traditional secure messengers:

You → Signal Server (sees who, when, where) → Recipient

Secure Legion:

You ←→ Recipient (nobody in the middle)

No servers know:

• Who you're messaging
• When you're messaging
• Where you're messaging from
• Who's in your contact list
• Your communication patterns

Messages only deliver when recipient is online AND authenticates. If their phone is seized, your message never arrives.

Perfect for:

• Sensitive sources
• High-risk conversations
• When absolute security matters more than convenience

Messages go through anonymous relays (like Tor) and deliver when recipient is next online. Still fully encrypted, still no metadata.

Perfect for:

• Everyday secure messaging
• When you need reliable delivery
• Normal contacts

You decide per contact. Mark your journalist source as "maximum security" and your friend as "balanced."

Your cryptocurrency wallet isn't just for money—it's your messaging identity.

• One key, two uses: The same key secures your crypto and your messages
• No phone numbers: No email, no username, no personally identifiable information
• Hardware protected: Keys stored in your phone's security chip, never exposed
• Multiple identities: Create disposable identities for different conversations

Duress PIN: Enter your emergency PIN and Secure Legion:

1. Wipes all your keys and messages instantly
2. Notifies all your contacts to delete queued messages for you
3. Appears like a normal authentication failure (can't be detected)
4. Restores from your secret recovery phrase when safe

No evidence left behind. No messages waiting to be delivered. No metadata to analyze.

Pure text. Zero compromise.

Messages are strictly text-based to prevent:

• Malware distribution — No executables, scripts, or file attachments
• Exploit vectors — No image parsing vulnerabilities or media file attacks
• Content-based abuse — Prevents harassment through explicit images
• Phishing — No deceptive links or embedded content

Why text-only matters for security:

Traditional messengers allow images, videos, files, and links—each creating attack surfaces:

• Malicious PDFs with embedded exploits
• Images with hidden payloads (steganography)
• Videos that exploit codec vulnerabilities
• Documents with macro viruses
• Links to phishing sites

Secure Legion eliminates these vectors entirely. Pure text communication means:

• ✓ No file parsing vulnerabilities
• ✓ No media codec exploits
• ✓ Minimal attack surface
• ✓ Predictable, auditable codebase
• ✓ Lower battery consumption
• ✓ Faster message transmission

For file sharing, users can exchange encrypted file hashes and retrieve via separate secure channels—keeping the messaging layer clean and secure.

1. Everyone publishes an encrypted "contact card" on the blockchain
2. Only people who know your handle can find your card
3. Your card is encrypted—even the blockchain can't read it
4. No central directory = no list of all users

Maximum Security Mode:

1. You: "Hey, ready to receive?" (encrypted ping)
2. Them: *unlocks phone, sees notification*
3. Them: "Ready!" (encrypted pong)
4. You: *sends encrypted message directly*
5. Both: *messages deleted after reading*

Nobody in the middle. Messages never sit on a server.

Balanced Mode:

1. You: *sends encrypted message to anonymous relay*
2. Relay: *stores encrypted blob (can't read it)*
3. Them: *retrieves when online*
4. Relay: *deletes message*

Relay can't see who sent it, who receives it, or what it says. Just encrypted data.

• Blockchain: Solana (fast & cheap) + IPFS for decentralized storage
• Encryption: Military-grade XChaCha20 + Ed25519 signatures
• Anonymity: All traffic through Tor network
• Hardware Security: Keys in StrongBox (Android) / Secure Enclave (iOS)

• ✓ End-to-end encryption for all messages
• ✓ Zero metadata exposure — no servers track anything
• ✓ Forward secrecy — past messages safe even if keys compromised
• ✓ No phone numbers or personal identifiers required
• ✓ Decentralized — no company to compel or hack

• ✓ Contact tiers — Set security level per contact
• ✓ Automatic mode switching — Tries direct, falls back to relay
• ✓ Duress protection — Panic PIN wipes everything
• ✓ Blockchain identity — Find contacts without central server
• ✓ Multi-device support — Use same identity on multiple devices
• ✓ Offline messages — Compose while offline, sends when connected

• ✓ Burner identities — Create disposable identities
• ✓ Self-hosted relays — Run your own relay nodes
• ✓ Cross-chain support — Works with multiple blockchains
• ✓ Open source — Fully auditable code
• ✓ No proprietary protocols — Everything is documented
• ✓ Text-only messaging — Pure text communication prevents malware and exploits

• Protect source anonymity absolutely
• No server logs to subpoena
• Duress PIN if source is compromised

• Coordinate without revealing your network
• No metadata for surveillance
• Works in censored networks (via Tor)

• Attorney-client privilege with technical safeguards
• No server to compromise
• Demonstrable security for compliance

• Already understand wallet concepts
• Unified identity for finance + messaging
• Privacy-first mindset aligned

• Maximum security for those who need it
• Open source and auditable
• No compromises on privacy

Current Phase: Architecture & Design ✓
Next Phase: MVP Development ▸

• [✓] Complete architecture design
• [✓] Security model documentation
• [✓] Technical feasibility analysis
• Core cryptographic library
• Blockchain integration (Solana + IPFS)
• Relay protocol implementation
• Android app (relay mode)
• iOS app (relay mode)
• Ping-Pong Wake System
• Security audit
• Public beta launch

Trust through transparency.

Security products that ask for your trust need to prove they deserve it. Secure Legion is open source so:

• ◆ Anyone can audit the code for backdoors or vulnerabilities
• ◇ Security researchers can verify our claims
• ◈ Community contributions make it better
• ○ Educational resource for learning secure system design
• ▸ Freedom to run your own infrastructure

"Don't trust, verify." — Cryptocurrency saying that applies to secure messaging too

We believe in honest communication about security limitations:

✗ Compromised devices: If your phone has malware, no app can protect you
✗ Physical access: Someone with your unlocked phone can see your messages
✗ Screenshots: We can't prevent someone from photographing the screen
✗ Endpoint attacks: Attacks on your device itself are outside our threat model
✗ Social engineering: Technology can't fix human vulnerabilities

What we DO protect: ✓ Network surveillance and metadata collection
✓ Server compromises (because there are no servers with your data)
✓ Traffic analysis
✓ Social graph exposure
✓ Location tracking through messaging activity

Know your threat model. Use the right tool for your situation.

Want the technical details? Check out our documentation:

• ▸ Architecture Documentation — Complete technical specification
• ◈ Security Model — Threat model and security guarantees
• ○ Ping-Pong Protocol — How our novel wake system works
• ◇ Blockchain Integration — Decentralized identity design
• ▣ Developer Guide — Contributing to Secure Legion

Signal is excellent for message content encryption, but it runs centralized servers that see metadata. Secure Legion eliminates the servers entirely.

Session is decentralized but all messages route through service nodes that can see timing patterns. Secure Legion's Ping-Pong mode has zero intermediaries for maximum security conversations.

The wallet key serves as your messaging identity. This means:

1. No registration with personal info
2. Unforgeable identity (cryptographic proof)
3. Cross-chain support (use same identity on different blockchains)
4. Self-sovereign identity (you control it, not a company)

Basic usage costs fractions of a cent (for blockchain directory updates). Optional: pay relays for priority delivery, but community relays are free.

Coming in future version. We're focusing on perfect 1-on-1 messaging first.

The code is open source. Get a security audit from a firm you trust. Run your own relays. Verify the cryptography. Don't trust—verify.

You shouldn't if [X] meets your threat model! Secure Legion is for people who need absolutely no metadata leakage. That's not everyone. Use the right tool for your needs.

• ◆ Star this repo if you support privacy technology
• ◇ Share with journalists, activists, and privacy advocates
• ○ Suggest features that would help your use case
• ▸ Report issues if you find problems

• ◈ Contribute code (see CONTRIBUTING.md)
• ◆ Security review — help us find vulnerabilities
• ◇ Documentation — help make this accessible
• ○ Testing — ensure reliability across platforms

• ▸ Bug bounty program (coming with public beta)
• ◈ Academic research — publish papers on the protocol
• ◆ Cryptographic review — verify our crypto implementation
• ◇ Penetration testing — help us harden the system

• ○ Spread awareness of metadata privacy issues
• ▸ Policy advocacy — support strong encryption
• ◈ Donations — support development (details coming soon)
• ◆ Partnerships — connect us with organizations that need this

• Website: [Coming Soon]
• Email: [Coming Soon]
• Twitter/X: [Coming Soon]
• Discord: [Coming Soon]
• GitHub Issues: Right Here

Security Disclosures: Please report vulnerabilities responsibly via SECURITY.md

[License will be determined — likely AGPL-3.0 or similar copyleft license to ensure derivatives remain open source]

Secure Legion builds on the shoulders of giants:

• Signal Protocol — Pioneering end-to-end encryption
• Tor Project — Anonymous communication infrastructure
• Solana Foundation — Fast, affordable blockchain
• IPFS — Decentralized storage
• All privacy researchers — Whose work makes this possible

Special thanks to the journalists, activists, and whistleblowers who inspired this project by risking everything to expose truth.

"Privacy is not about having something to hide. Privacy is about protecting everything you are."

Secure Legion exists because privacy is a human right, not a luxury. We believe:

• ○ Everyone deserves private communication
• ◆ Security tools should be open and auditable
• ◇ Different threats need different tools
• ◈ Users should understand their security, not just trust it
• ▸ Privacy technology should empower, not exploit

We're building the messenger we wish existed when we needed it most.

Secure Legion — Private by Design
No servers. No metadata. No compromises.

◆ Star this repo if you believe in privacy ◆

CA: GFJbQ7WDQry73iTaGkJcXKjvi1ViFTFmHSENgz92jFPP