Privacy-focused secure messaging platform with end-to-end encryption
Бояться - это нормально...
F.E.A.R. (Fully Encrypted Anonymous Routing) is an open-source, cross-platform secure messaging system with end-to-end encrypted text, voice, and video communication. The server operates in zero-knowledge mode — it relays encrypted data without access to keys or plaintext.
Available as a desktop application (Linux/Windows) with GUI and CLI, and as a mobile app for Android.
- End-to-end encrypted messaging — AES-256-GCM with libsodium; server never sees plaintext
- Encrypted voice calls — Opus codec, AES-256-GCM over UDP, low-latency P2P
- Encrypted video calls — VP8 (libvpx), AES-256-GCM per fragment, SDL3 hardware-accelerated display, adaptive bitrate (LOW/MEDIUM/HIGH)
- ECDH key exchange — Create rooms with auto-generated keys or join via X25519 exchange; no pre-shared secrets needed
- Identity verification — Ed25519 keypairs with Trust On First Use (TOFU) model
- File transfer — Encrypted file sharing with CRC32 integrity verification
- GUI and CLI — Qt6 graphical interface and lightweight console client/server
- Auto-updater — Built-in update manager with version checks
- Cross-platform — Linux and Windows with static linking support
Linux (Ubuntu/Debian):
./build.sh depsWindows:
- MinGW-w64, CMake 3.12+, Qt6 6.2+
- External libraries in
lib/directory — see Build Instructions
# Linux
./build.sh
# Windows
build.batGUI (recommended):
cd build && ./fear_guiThe GUI provides three connection modes:
- Create Room — auto-generates an encryption key and starts a new room
- Join Room — performs ECDH key exchange with the room creator
- Connect — connects with a known key (manual entry)
Console — Create a room:
cd build/bin
./fear server --port 7777
./fear client --host IP --port 7777 \
--room myroom --name Alice --createConsole — Join a room (ECDH):
./fear client --host IP --port 7777 \
--room myroom --name Bob --joinConsole — Connect with known key:
echo "KEY" | ./fear client --host IP --port 7777 \
--room myroom --name CharlieFor detailed usage see Quick Start Guide and User Manual.
[Client A] <——encrypted——> [Server] <——encrypted——> [Client B]
|
(zero-knowledge relay)
| Channel | Format |
|---|---|
| TCP chat | [2 room_len][room][2 name_len][name][2 nonce_len][nonce][1 type][4 clen][cipher] (LE) |
| UDP audio | [0x01][seq(8 BE)][AES-GCM(opus) + 16-byte tag] |
| UDP video | [0x02][seq(8 BE)][AES-GCM(vp8_fragment) + 16-byte tag] |
| HELLO | [0x7F][prefix(4)][flags(1)][width(2 BE)][height(2 BE)][fps(1)] |
| Primitive | Algorithm | Usage |
|---|---|---|
| Symmetric encryption | AES-256-GCM | Messages, audio, video |
| Key exchange | X25519 + XSalsa20-Poly1305 | ECDH room key transport |
| Identity | Ed25519 | Peer authentication (TOFU) |
| Key derivation | BLAKE2b | Audio/video subkeys from master key |
| Integrity | CRC32 | File transfer verification |
Server is zero-knowledge:
- Cannot read messages (encrypted with room key)
- Cannot decrypt media (derived keys never leave clients)
- Cannot forge identities (Ed25519 signed)
ECDH key exchange flow:
- Room creator generates a key and starts the room (
--create) - Joiner connects and initiates ECDH exchange (
--join) - Ephemeral X25519 keypairs are exchanged; responder signs with Ed25519
- Room key is transported via
crypto_box(X25519 + XSalsa20-Poly1305) - Both parties derive the same room key without pre-shared secrets
fear-main/
├── client-console/ # Console client/server (C11)
├── gui/ # Qt6 GUI application (C++17)
├── audio_call/ # Encrypted voice calls (C11)
├── video_call/ # Encrypted video calls (C11)
├── key-exchange/ # Key exchange utility (C11)
├── updater/ # Auto-update manager (C11)
├── lib/ # External libraries (Windows)
├── doc/ # Documentation
├── build.sh # Linux build script
├── build.bat # Windows build script
└── CMakeLists.txt # CMake configuration
Build output:
build/
├── fear_gui # GUI application
└── bin/
├── fear # Console client/server
├── audio_call # Voice call utility
├── video_call # Video call utility
├── key-exchange # Key exchange utility
└── updater # Update manager
| Component | Technology | Purpose |
|---|---|---|
| Core language | C11, C++17 | Performance and portability |
| GUI | Qt 6.2+ | Cross-platform desktop UI |
| Build system | CMake 3.12+ | Multi-platform builds |
| Cryptography | libsodium | AES-GCM, Ed25519, X25519, BLAKE2b |
| Audio codec | Opus + PortAudio | High-quality low-latency voice |
| Video codec | VP8 (libvpx via FFmpeg) | Real-time video encoding |
| Video capture | FFmpeg (libavdevice) | Camera capture (dshow/V4L2) |
| Video display | SDL3 | Hardware-accelerated YUV rendering |
| HTTP client | libcurl | Update downloads |
Protected against:
- Network eavesdropping (end-to-end encryption)
- Server compromise (zero-knowledge architecture)
- Message tampering (authenticated encryption)
- MITM on key exchange (Ed25519 signed ECDH)
Not protected against:
- Endpoint compromise (malware on user device)
- Traffic analysis (metadata visible to server/network)
- Use
--create/--joinfor automatic key exchange instead of manual key sharing - Pass keys via stdin or
--key-file, never as CLI arguments (visible in process lists) - Run your own server for full infrastructure control
- Verify peer identity fingerprints on first connection
An Android client is available at fear-mobile.
Fully compatible with the desktop server — supports encrypted text, audio calls, video calls, ECDH key exchange, identity verification, file transfer, light/dark themes, and push notifications.
- Fork the repository
- Create a feature branch:
git checkout -b feature/name - Make changes and test on your target platform(s)
- Open a Pull Request with a description of your changes
Report bugs and security vulnerabilities via GitHub Issues. Security issues should be reported privately.
This project is licensed under the MIT License — see LICENSE for details.
- libsodium — Daniel J. Bernstein and contributors
- Opus — Xiph.Org Foundation
- PortAudio — PortAudio community
- FFmpeg — FFmpeg developers
- SDL3 — SDL contributors
- libvpx — WebM Project
Stay Anonymous. Stay Secure.
Made by Shchuchkin E. Yu. and the F.E.A.R. Project community