Zeq Message
Real-time chat that keeps nothing. The relay fans every message out to connected peers over WebSocket and persists no message bodies — the only durable trace is a hash-only transit receipt stamped with the Zeqond it was relayed at.
- Live app →
/apps/message/ - Source →
shared/api-core/src/routes/messageRelay.ts+shared/api-core/src/lib/msgWs.ts - Construction → WebSocket fanout · member-gated REST relays · hash-only transit receipts
- Privacy pin → no message bodies are ever stored server-side
What it actually does
Zeq Message is a privacy-preserving relay, not a cipher: a transport that forwards messages and forgets them. There is no message store, so there is nothing to encrypt at rest and nothing to breach.
The privacy guarantee is store-nothing: because the server never persists message bodies, there is no plaintext database to breach. The only durable artifact is a SHA-256 transit receipt (no content) appended to the sender's own machine's entangled state, so a conversation is provably-relayed without the platform retaining what was said. Transport confidentiality is ordinary TLS on the WebSocket connection.
The construction, step by step
| Stage | Mechanism |
|---|---|
| Transport | WebSocket to /ws/msg (presence, typing, calls, message fanout), over TLS |
| Relay | send / edit / delete / react are member-gated REST fanout relays — forward and forget |
| Receipt | hash-only transit row on the sender's machine, Zeqond-stamped (no body) |
| Storage | none — message bodies are never persisted server-side |
How it works — a store-nothing relay
Zeq Message is a realtime relay, not a mailbox. Members connect to the relay hub at /ws/msg; the server fans messages out to connected peers over WebSocket and stores nothing — no message bodies are ever persisted. The only durable trace is a hash-only transit receipt appended to the sender's own machine entangled state, so a conversation is provably-relayed without the platform retaining its content.
- Transport — WebSocket to
/ws/msg(presence, typing, calls, message fanout). - REST relays — send / edit / delete / react are member-gated fanout relays; the server forwards and forgets.
- Receipt — each relayed message lands a hash-only row on the sender's machine, stamped with the
zeqondit was relayed at.
Because nothing is stored server-side, the runnable path is the live app: open Zeq Message from the App Store, start a conversation, and watch the realtime fanout. The privacy contract — relay, receipt, no body storage — is the point.
Extend it
- Group fanout: the relay already multiplexes to every connected member of a channel — group chat is the same member-gated fanout, no extra primitive.
- Calls: presence, typing, and call signalling ride the same
/ws/msghub. - Receipt audit: the per-send hash-only transit receipts prove a message was relayed at a given Zeqond without ever exposing its content.
Seeds
- End-to-end encryption: layer a client-side E2E scheme (e.g. a double-ratchet library) on top of the relay — the store-nothing transport is agnostic to the payload it forwards.
- Anonymous broadcast — drop peer identity and keep only the relayed stream.
- Receipt-only audit — because only hashes are stored, the audit trail proves sequence and timing without reconstructing message content.
Papers
- Zeq framework paper — DOI 10.5281/zenodo.15825138
- Zeq paper — DOI 10.5281/zenodo.18158152
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.