Text, voice, video, files, communities, live streaming, anonymous drops, identity recovery — every feature you'd expect from a polished messenger, end-to-end encrypted by default and peer-to-peer underneath. This is everything OpenDescent does today.
Every message runs through a fresh X25519 key agreement and an AES-256-GCM encryption before it leaves your device. Group chats use a shared symmetric key with automatic rotation when members leave — so past messages stay private even if someone exits the group.
Messages persist locally, encrypted at rest, with a store-and-forward relay path if your recipient is offline — their next peer to see the message will hold it until they come back online. No plaintext ever touches a server.
WebRTC with DTLS-SRTP encryption. Your device connects directly to theirs when possible — TURN relay fallback only when NAT won't allow a direct path. When a TURN relay is used, it only sees encrypted packets passing through; it never has the keys.
Signalling (the handshake that sets up the call) travels over the same libp2p network as your messages, so nobody needs to know your phone number to call you. Usernames are enough.
Every file you send produces a signed manifest — a canonical description of the file's chunks, hashes, and total SHA-256 signed by your Ed25519 key. The recipient verifies the signature before assembling the file, so tampering by anyone in transit is caught.
Large files are split into chunks with XOR-parity sharding, so a missing or corrupt chunk can be reconstructed from the others. Chunks flow through the mesh without assembling anywhere in the middle — only on your device and the recipient's.
A hub is a peer-replicated community space. It has categories, text channels, voice channels, roles and permissions, invite links, and every feature you'd expect from a Discord server — but the hub exists across members' devices rather than on a central server.
Moderation (kicks, bans, mutes) is enforced through signed role changes distributed through the hub. There's no hub owner who can be subpoenaed, and no company that can shut a hub down from outside.
Go live inside a hub and your stream is distributed mesh-pull style — each viewer pulls chunks from a few peers and redistributes to others, the way BitTorrent works for static files, applied to live video. The more people watching, the stronger the distribution gets.
No central streaming server. No rights for a middleman to pull the stream. Viewers join via the hub; the stream is end-to-end encrypted and ends when you do.
A Dead Drop is a post that travels through several layered-encrypted hops before landing in a public space. Each hop only sees the next hop — none of them know both sender and destination. Proof-of-work spam prevention stops floods. A daily rotating network key means yesterday's drops can't be correlated with today's.
No account is attached. No metadata is collected. For journalists and sources, whistleblowers, or anyone whose message needs to exist without an author.
Set up a Dead Man's Switch with a custom timer (1 hour to 30 days) and a list of messages to send to specific people if you don't check in before time runs out. Check in and the clock resets. Miss a check-in and the messages go.
Useful for travel situations, journalists protecting sources, activists preparing for detention, or anyone preparing for the worst. The switch runs on peer-to-peer infrastructure — no company to compel or disable.
Because there's no central registry, anyone can pick any username. The trust web lets your contacts vouch for each other's keys — so when you see a new handle, you can see which of your existing contacts have confirmed that key belongs to who it claims to be.
Combined with Trust-On-First-Use (TOFU) key pinning, this gives you a human-scale alternative to certificate authorities — social-graph verification instead of a single company saying who's real.
The first time you open OpenDescent, it generates an Ed25519 keypair locally. That keypair is your identity. There's no registration server, no database row with your name on it, no email confirmation. You're a public key on a network.
You pick a human-readable username. If someone's already using it, you'll pick a different one. Usernames are local-to-your-invite-graph, not globally registered — so two different groups could have someone called @sam without collision.
The first time you create your identity, the app shows you a 12-word BIP39 mnemonic. Write it down, save it in your password manager — that 12-word phrase is the deterministic seed for your Ed25519 key. Anywhere you enter the same 12 words, you get the same identity back.
This is the only path to recovery. There is no "forgot password" link, because there's no central account to reset. Lose the phrase without a backup and the account is gone — which is the same trade-off as the point of end-to-end encryption in the first place.
OpenDescent is built on libp2p — the same peer-to-peer stack that powers IPFS, Filecoin, and parts of Ethereum. Every device that runs OpenDescent is a full node in the mesh. There's no "OpenDescent server" class of machine; there are just peers.
Peer discovery uses mDNS on local networks and KadDHT across the wider internet. You find the people you want to talk to via their public key; the mesh routes messages between you.
Most home networks are behind NAT, which makes direct peer-to-peer connections surprisingly hard. OpenDescent uses DCUtR (Direct Connection Upgrade through Relay) for hole-punching, attempting a direct connection through a temporary relay-assisted handshake.
When hole-punching fails, traffic falls back to Circuit Relay v2 — a relay node forwards your encrypted packets but never has the keys. The relay sees ciphertext, nothing more.
If your recipient is offline when you send a message, store-and-forward holds the encrypted message at another peer in their trust graph until they come back. The holding peer sees ciphertext only — it can't read what it's holding, only that there's a message for a given key.
Combined with DHT-based peer discovery, this means you can send messages without knowing whether the recipient is online right now. The mesh figures it out.
Free, open source, no account required. The full feature set is in v0.5.4 for Windows.