👻 GhostTalk

Privacy First.
Zero Knowledge.
Zero Logs.

E2EE messaging platform with ruthless transparency. No IP logging (except flagged users), client-side encryption, RAM-only architecture for premium chats.

🚀 Explore the App

Core Values: Ruthless Truth

🕵️

Privacy First

Zero-Log Policy is mandatory. All server logs mask IP addresses as 0.0.0.0.

⚠️ CRITICAL EXCEPTION:

Only users with is_under_investigation: TRUE flag have their last_known_ip temporarily logged (legal compliance).

-- PostgreSQL Schema
users.last_known_ip: VARCHAR(45) | NULL
users.is_under_investigation: BOOLEAN
Default: FALSE (No IP logging)
🔐

Zero Knowledge

The server NEVER sees plaintext messages. All encryption/decryption happens client-side in CryptoService.ts.

📱 Mobile App
RSA-2048 OAEP Encryption
🌐 Fastify Server (Ciphertext Only)
💾 PostgreSQL (Encrypted at Rest)

🔑 Key Storage:

Private key stored in MMKV (encrypted). NEVER uploaded to server.

💾

Data Isolation

Message storage is transparently separated based on chat type.

Type Storage TTL
Premium P2P Redis (RAM) 30 seconds
Group/Standard PostgreSQL (DISK) 7 days
// Redis TTL (Premium)
SETEX msg:premium:abc123 30 {encrypted}

// PostgreSQL (Standard)
DELETE FROM messages
WHERE created_at < NOW() - INTERVAL '7 days'

Security Mechanisms

��

E2EE Encryption

The app encrypts messages using the recipient's public_key (from database). Your privateKey is stored in MMKV and NEVER uploaded.

// CryptoService.ts (Client-Side)
const encrypted = await RSA.encrypt(
  plaintext,
  recipientPublicKey, // From DB
  'RSA-OAEP'
);

// Private key NEVER leaves device
await MMKV.set('privateKey', encryptedKey);

⚠️ Algorithm:

RSA-2048 OAEP for key exchange. AES-256-GCM for message content.

🚨

Panic Button Protocol

This is an IRREVERSIBLE action. When triggered:

🔴 Server-Side:

  • • POST /auth/panic API triggered
  • • All JWT tokens → Redis Blacklist
  • • DELETE FROM messages WHERE user_id = X
  • • DELETE FROM users WHERE id = X

🔴 Client-Side:

  • • MMKV.clearAll()
  • • AsyncStorage.clear()
  • • Delete app cache
// PanicButton.tsx
const executePanic = async () => {
  await api.post('/auth/panic');
  await MMKV.clearAll();
  // NO RECOVERY POSSIBLE
};
🛡️

Survival Mechanism (Store Ban)

If the app is banned from app stores, the backend can enable store_banned_mode: true via GET /api/v1/system/status.

1. User opens app
2. GET /api/v1/system/status
3. Response: {"store_banned_mode": true, "alternative_url": "ghosttalk.app/apk"}
4. Show UNCLOSABLE modal → Redirect to APK
// App.tsx
if (systemStatus.store_banned_mode) {
  showModal({
    title: 'App Store Banned',
    closable: false, // Cannot dismiss
    redirect: systemStatus.alternative_url
  });
}

About GhostTalk

Our Mission

To provide a privacy-first, zero-knowledge messaging platform where users have full sovereignty over their data. We believe privacy is a fundamental human right, not a luxury feature.

Our Vision

A world where digital freedom is not compromised by surveillance capitalism. GhostTalk is built on three pillars:

  • User Sovereignty: You own your data. We cannot read it, sell it, or share it.
  • Radical Transparency: Our code, protocols, and limitations are 100% documented.
  • Digital Resistance: We refuse to compromise on privacy, even if banned from app stores.

Ready to Reclaim Your Privacy?

Download GhostTalk now and experience true encrypted communication.

📱 Download for Android 💻 View on GitHub

Open source. Auditable. Transparent.