Secure Legion Launches First Metadata-Free Messenger with Zero Servers

Digital privacy is a hot topic in the emerging Web3 world. As governments worldwide demand more backdoors to encrypted messengers, users seek refuge in new apps that respect their right to a private digital footprint. Secure Legion is one such app aiming to become the world's first completely metadata-free messaging application.

Globally popular messengers like WhatsApp, Telegram, and Signal have been shown to hand over users' data to authorities when required. Session is another messenger with an established user base. Still, its community is increasingly antagonistic and skeptical of the app's true purpose.

In this bleak scenario, Secure Legion provides a secure communication channel, prioritizing the user's privacy at every step. The Secure Legion Android App is already available in Public Beta v0.2.x. It is being used by journalists, activists, and crypto communities in censorship-heavy regions.

How Private Is Your Favorite Messaging App?

Most messaging apps have appealing, user-friendly interfaces and easy navigation. They're fast, resourceful, and nearly globally available. Hundreds of millions of people use them daily without knowing what goes on behind the scenes.

Under the hood, most messengers are harvesting data, building user profiles, and adapting to fit consumer behavior. They claim to use encryption, but still transmit sensitive data to servers that know everything about users' contact lists and communication patterns. They also use timestamps to determine when users communicate the most, exposing daily routines, sleep patterns, and activity levels.

Governments and other state authorities have often subpoenaed the companies that own messenger apps, legally ordering them to appear in court or produce documents. These events proved that authorities or other third parties can easily access a user's messaging history or track their movements by tracking their IP addresses.

Even apps that claim the highest encryption standards can leak metadata that may expose a user's entire livelihood. The solution to this increasingly critical issue could be a zero-metadata messaging app.

Secure Legion - A Messaging App Designed for Maximum Security

Secure Legion is the world's first completely metadata-free messaging application. Recently, the app launched its public beta version for Android. It is open source and licensed under the PolyForm Noncommercial License, confirming the project's commitment to providing a user-centric product.

Secure Legion stands out from other messenger apps that only encrypt message content while exposing social graphs and communication patterns to servers. Instead, this app has a unique, serverless architecture that eliminates all intermediaries. Here are its main features:

A Zero Metadata Architecture

Secure Legion does not have any servers. Therefore, it not only encrypts all metadata, but it also eliminates it completely, since there's nowhere to store it in the first place. Without metadata, servers don't have a single hint about the user's communications or social network.

Wallet-as-Identity

This feature is another innovation that sets Secure Legion apart from other messaging apps. With Wallet-as-Identity, Secure Legion allows users to connect with their Solana wallet keypairs as identity. The app doesn't require any personal information for registration, including phone numbers, emails, or other ID details.

TAP (Tor Authentication Ping) & Ping-Pong Wake Protocol

Secure Legion eliminates the traditional "inbox" model that plagues other encrypted messengers. Instead, it uses a dual-layer authentication system combining TAP (Tor Authentication Ping) and Ping-Pong Wake.

TAP establishes a cryptographically verified, direct connection between sender and recipient over Tor. Before any message is transmitted, both parties must authenticate each other's identity using their blockchain keypairs. This happens entirely peer-to-peer - no servers sit between users logging connection attempts.

The Ping-Pong Wake protocol ensures messages are only delivered when the recipient is actively online and responds to the authentication challenge. This is fundamentally different from apps like Signal or WhatsApp, which store messages in server-side queues until delivery. Those queues create metadata trails showing who you communicate with, when, and how often - even if the message content is encrypted.

With Secure Legion's approach, if a recipient is offline, the message stays on the sender's device until the recipient comes online. No third-party server ever touches it. No metadata exists to subpoena. The message only leaves the sender's device when the recipient wakes their connection and proves they're ready to receive - hence

"Ping-Pong Wake."  This architecture makes mass surveillance of communication patterns impossible, because there's nothing to surveil.

Decentralized Hardware Security

Secure Legion uses genuine peer-to-peer communication in a fully decentralized system. The lack of centralized servers means there’s nothing to hack. Additionally, the app uses Android StrongBox to safely store keys in the phone’s security chip.

Backup Features

Secure Legion lets users avoid potential surveillance with a couple of backup features. For example, users can hit a Panic Button to instantly wipe all data and notify contacts that their communication channel has been compromised.

Another interesting feature is the One-Click Identity Reset. Users can instantly generate a new identity with a single click. The app automatically records all identities in its encrypted blockchain directory, ensuring they cannot be reused or revealed.

How Secure Legion Compares to Other Messaging Apps

Secure Legion stands in a league of its own as the first serverless messaging app. However, it still faces stiff competition from long-established messaging apps like Signal, Session, and Briar. Let's see how it compares to these apps and explore its strengths.

Secure Legion vs. Signal

Signal is a messaging app launched over a decade ago, promising a secure, free, and open-source messaging application that uses end-to-end encryption. In this regard, Signal and Secure Legion are identical, with the latter also offering a safe, cost-free, and open-source messenger with end-to-end encryption.

However, as we go into more detail, the two apps could not be further apart. Signal uses servers to store users' metadata and requires sensitive personal data, such as a phone number, for registration. On the other hand, Secure Legion only requires the user's blockchain identity to create an account and has no servers for storing metadata.

Unlike Secure Legion, Signal does not offer dual security modes, hardware wallet integration, or duress protection.

Secure Legion vs. Session

The Session encrypted messenger app was first released in February 2020. Similar to Secure Legion, it provides end-to-end encryption and does not ask users to provide phone numbers for registration. Session also relies on users to provide their blockchain identities. But the similarities with SecureLegion end here.

Session uses 1,500 service nodes on the Oxen blockchain to store and forward the users' messages. The protocol requires messages to be stored for up to 2 weeks before being permanently deleted.

Secure Legion users can safely use the app knowing that their messages will never leave their phones. No third-party servers store, manage, or delete them.

Secure Legion vs. Briar

Briar is another open-source messaging app that promises a highly secure, end-to-end encrypted communication experience. The app was launched in 2018, despite being in development since 2014.

Briar delivered on its promise for a long while after its launch. After all, the app cannot reveal the users' messages even when subpoenaed. However, Briar still leaks significant amounts of metadata, including the user's online/offline status, message timing, sync patterns and peer graphs, Bluetooth & WIFI Direct fingerprints, mailbox traffic and relay patterns, and group membership visibility.

This metadata is enough to identify users, build user profiles, and map out entire social networks and connections.

Secure Legion eliminates all this metadata by design. The app doesn't have servers to store any user data, including status, messaging profile, or social network details. Moreover, Secure Legion can work off-grid. For example, Bluetooth can be used only locally to connect the user's phone to the LoRa device and transmit messages as a hidden, secure overlay network.

Final Thoughts on Secure Legion

Secure Legion launches amid global crackdowns on encrypted messaging. Governments everywhere are passing or attempting to pass new laws that restrict people's rights to privacy and anonymity. The app empowers users to reclaim their privacy and fight the growing wave of censorship.

Secure Legion is an open-source, fully auditable solution with complete cryptographic transparency. It doesn't involve telemetry, analytics, or tracking, which puts its serverless architecture in users' hands.

Secure Legion is developed by privacy engineers frustrated with metadata leakage in traditional messengers that claim to be secure. The app's serverless design stemmed from the idea that "you can't subpoena a server that doesn't exist."

Access the Secure Legion app on its official website and learn more about the project on its social media channels, including X and GitHub.

:::info This story was authored under HackerNoon’s Business Blogging Program.

:::

\