Nofuture-Memguard-PQ

Your Answer to ChatControl

ChatControl Is Coming. Are You Ready?

The European Union's ChatControl regulation threatens to mandate backdoors in every messaging platform. WhatsApp, Telegram, Signal, Instagram—all could be forced to scan your private conversations before encryption, turning end-to-end encryption into a hollow promise.

The implications are clear: governments want access to your messages. Platforms will comply. Your privacy on mainstream channels is borrowed time.

But here's the thing: they can only scan what they can read. What if your messages were already encrypted before they ever touched WhatsApp?

The Solution: Encrypt Before They See It

Nofuture-Memguard-PQ is an encryption layer that sits between you and any mainstream chat platform. It encrypts your messages in your browser before they ever reach WhatsApp, Telegram, or Instagram.

ChatControl can mandate all the backdoors it wants. It doesn't matter. By the time your message enters the mainstream platform, it's already unreadable ciphertext. The platform sees gibberish. The scanner sees gibberish. Only your intended recipient—running their own Nofuture session—can decrypt it.

Keep using the apps your contacts already use. Just make your conversations invisible to surveillance.

Try It Now—Or Run It Yourself

🌐 Online Demo

Our hosted version at safecomms.virebent.art provides full protection—identical security to self-hosted installations.

All cryptographic operations happen in your browser. Keys never leave your device. We cannot read your messages even if we wanted to. The architecture makes it impossible.

Your data is safe here. Use it with confidence, even for sensitive communications.

🏠 Self-Hosted (Recommended)

For maximum autonomy, run Nofuture on your own hardware. A single Go binary—no dependencies, no Docker, no complexity.

Why self-host?

  • Zero reliance on any third party
  • Full control over your infrastructure
  • No possibility of service discontinuation
  • Your server, your rules, forever

The bottom line: Whether you use our demo or self-host, your messages are protected by the same military-grade, post-quantum cryptography. The demo exists for those who can't or don't want to self-host—and it's just as secure. But for those who want complete independence from any external service, self-hosting gives you that freedom.

See It in Action

Watch two users establish a secure session and exchange encrypted messages through WhatsApp Web—while WhatsApp sees nothing but ciphertext.

The Core Concept: Detached Architecture

Nofuture-Memguard-PQ acts as an external encryption plugin, completely detached from mainstream chat applications. This architectural isolation is the foundation of its security—and why it defeats ChatControl.

Why detached defeats surveillance:

  • No integration = No backdoors: Unlike "secure" features built into platforms, Nofuture exists outside their control. There's nothing for them to compromise.
  • Mainstream as dumb transport: WhatsApp, Telegram, Instagram become nothing more than delivery channels for ciphertext. They transport encrypted blobs they cannot read.
  • Pre-encryption isolation: Your plaintext never touches the chat app. It's encrypted in a separate browser tab before you paste it.
  • Keys never leave your browser: Cryptographic material exists only in your protected memory space—inaccessible to the platform, to us, to anyone.

ChatControl mandates scanning before encryption. With Nofuture, encryption happens before the message ever reaches the platform. There's nothing to scan.

Multi-Layer Protection: The Memguard Foundation

The security of Nofuture-Memguard-PQ extends beyond cryptographic algorithms. Memguard provides defense-in-depth against local attacks—protecting you even if your device is compromised.

What Memguard Protects:

Cryptographic Material:

  • Kyber1024-90s private keys
  • Shared session secrets
  • XChaCha20-Poly1305 derived keys

User Data:

  • Plaintext before encryption
  • Decrypted messages
  • All sensitive buffers

How Memguard Works:

  • Volatile RAM only: Sensitive data never touches disk—no swap, no cache, no traces.
  • Memory locking (mlock): Prevents the OS from writing protected pages to swap files.
  • In-memory encryption: Even data in RAM is encrypted, defeating memory dumps and malware.
  • Root-proof: Not even a server administrator with root access can extract keys or plaintext.

This is why the online demo is safe: even we cannot access your data. The memguard architecture makes it technically impossible.

Defense Against Local Attacks

Nofuture includes an optional virtual keyboard with randomized layout to protect against keyloggers on your local machine:

  • No physical key events generated
  • Layout randomized each session
  • Defeats spyware monitoring keyboard input
  • Protection even on potentially compromised devices

The Complete Workflow

Phase 1 — Key Generation

User 1 opens Nofuture and generates a Kyber1024-90s key pair. A unique Session ID is created. Everything happens locally; memguard protection is immediate.

Phase 2 — Session ID Exchange

User 1 copies the Session ID, switches to the mainstream chat (WhatsApp, Telegram, etc.), and sends it to their contact. The Session ID contains only public information—no secrets.

Phase 3 — Synchronization

User 2 receives the Session ID, pastes it into their Nofuture instance. Key agreement completes. Both sessions are now cryptographically linked.

Phase 4 — Encrypted Communication

  • Type your message in Nofuture (optionally using the virtual keyboard)
  • Plaintext is protected by memguard, then encrypted with XChaCha20-Poly1305
  • Copy the ciphertext, paste into the mainstream chat
  • Recipient pastes ciphertext into their Nofuture instance
  • Decryption happens locally; decrypted text is memguard-protected

The mainstream platform only ever sees ciphertext. ChatControl scanners see ciphertext. Your ISP sees ciphertext. Only you and your recipient see the actual message.

Total Destruction: When the Session Ends

When you close your Nofuture session, everything is wiped:

  • Secure key erasure via memguard.Purge()
  • Complete sanitization of all session memory
  • Irreversible destruction—no forensic recovery possible

What remains:

  • The ciphertext in your WhatsApp/Telegram history
  • But the keys to decrypt it? Gone forever.
  • The plaintext? Gone forever.

One conversation. One key. One chance to read. No future access.

Post-Quantum Ready

Today's encrypted messages can be harvested and stored. When quantum computers arrive, traditional encryption will be broken retroactively. Your old conversations will be readable.

Nofuture uses Kyber1024-90s for key encapsulation and Dilithium5-AES for signatures—algorithms designed to resist quantum attacks. Your messages are protected not just from today's surveillance, but from tomorrow's quantum decryption.

But with Nofuture's ephemeral design, there's nothing to harvest. Keys are destroyed after each session. Even if quantum computers break Kyber in 20 years, your conversations no longer exist to be decrypted.

Complete Protection Stack

  1. Detached Architecture → ChatControl sees only ciphertext
  2. Memguard Protection → Defeats memory dumps, root access, malware
  3. Post-Quantum Cryptography → Future-proof against quantum attacks
  4. Virtual Keyboard → Defeats local keyloggers
  5. Ephemeral Sessions → Nothing to forensically recover
  6. Self-Hostable → Complete independence, zero trust required

Key Features

🛡️ Anti-ChatControl: Encryption happens before your message touches the platform. Scanners see only ciphertext.

🏠 Self-Hostable: Single Go binary, no dependencies. Run it on your PC, your server, your Raspberry Pi.

🌐 Secure Online Demo: Full protection even on our hosted version—your data is safe, guaranteed by architecture.

🔒 Memguard Protected: Keys and plaintext secured against root, malware, and memory dumps.

🚀 Post-Quantum Ready: Kyber1024-90s + Dilithium5-AES protect against future quantum attacks.

⌨️ Anti-Keylogger: Optional virtual keyboard with randomized layout.

🔥 Ephemeral: Keys and messages exist only during the session, then are cryptographically destroyed.

⚡ Zero Registration: No accounts, no email, no phone number. Just open and use.

Reclaim Your Privacy

ChatControl assumes you'll use the encryption they provide—encryption they can bypass. Nofuture breaks that assumption. You bring your own encryption. You control the keys. They see nothing.

Privacy isn't a feature—it's a human right. Built with love and defiance.

🚀 Launch Online Demo 📦 Self-Host (GitHub)