1.2. Core principles

There are a few ideas that drive almost every design choice in Obscura.

The first is that the server should not be trusted with message content. All meaningful work with messages happens on the client. Encryption and decryption are done locally. The backend is deliberately kept blind and only handles encrypted payloads plus the minimum metadata needed for the current version of the product.

The second is that privacy should come from the architecture, not from a promise. Obscura aims for a situation where the service operator does not have the ability to read messages, rather than a situation where it simply chooses not to. Because there are no decryption keys on the server, even a full database dump does not reveal what users said to each other.

The third is that identity should be portable and pseudonymous by default. A wallet can represent a person, a role, a bot, or an organization. Obscura does not care which one it is. It only cares that the wallet is able to prove control of its key and that this key is stable enough to attach a messaging identity to it.

Finally, Obscura tries to avoid unnecessary complexity at the product layer. From the user’s point of view, it should feel like: open the app, connect Phantom, see an inbox, type a message, hit send. The cryptography, key handling and storage details are there, but they are background concerns rather than something the user has to constantly manage.