Bit of an odd intro: I’m a carpenter, 42 years at the bench. I’m the type who can’t stand making the same thing everyone else makes, so I’ve always chased the technical side too - CNC, laser cutting, and lately building software to run my machines.
At some point I wanted to send my own designs to people without them leaking anywhere, and I went down the rabbit hole of how messaging actually works. What got me was realising how much of the “free” stuff is paid for with our privacy. That annoyed me enough that I decided to build my own messenger, mostly to learn. It grew from something simple into a real thing. I called it Sherlock.
Two things I cared about: proper encryption, and NOT tying it to a phone number - I built a different system for that.
I’m not going to pretend I reinvented cryptography. I’m a woodworker who got obsessed. So I’d rather hear it straight from people who actually know this stuff:
- How much does the “no phone number” approach really buy you if I get the rest wrong?
- For a small independent project, what’s the bar before any of you would even consider trusting it - open source, audit, something else?
Genuinely here for the criticism, not the pats on the back.
Yeah, I have looked at them, and you’re right - I should be careful not to describe this as solving an unsolved problem, because it isn’t one. DeltaChat, SimpleX, Session and Jami all exist and several go further than I do on PII. Session and Jami in particular don’t need an email, which is more than I can say - I traded that bit of privacy for account recovery, deliberately, but it does mean they’re ahead of me on pure “zero identifiers.”
So I won’t pretend I filled a gap nobody else had. Honest version: I went down the rabbit hole, didn’t love how the free mainstream options handle data, and built my own partly to learn and partly because I wanted it to exist. Where I’d say it differs is the no-install browser/PWA approach and post-quantum from the start - not “nobody else does private messaging.”
The “scratch your own itch even if it’s been done” point is basically how I’d defend it too. I’d rather be honest that it’s one more option in a crowded field than oversell it as something new. Appreciate you listing those - genuinely useful for me to study how they each handle the no-PII side.
If you just did it to scratch your own itch, then shove it up your ass and delete this post. No one wants your slop and I pity your lack of common sense.