zkChat
Back to blog

zkChat is Now Open Source

AnnouncementOpen SourcePrivacy

zkChat Goes Open Source

Today marks a significant milestone for zkChat: our entire codebase is now open source and available on GitHub.

You can find the repositories at github.com/zkChatOrg.

Why Open Source?

Privacy tools demand transparency. When you use software that claims to protect your communications, you should be able to verify those claims yourself. Open source is not just a development model it is a commitment to accountability.

By releasing zkChat as open source, we are:

  • Enabling independent security audits: Anyone can review the code, identify vulnerabilities, and verify that our encryption implementation matches our claims.
  • Building trust through transparency: You do not have to take our word for it. The code speaks for itself.
  • Inviting community contributions: Security researchers, developers, and privacy advocates can help improve zkChat.
  • Ensuring longevity: Even if zkChat as a service disappears, the code remains available for anyone to run.

What is Included

The zkChat organization on GitHub includes:

Frontend Application

  • Next.js 16 web application
  • Client-side AES-256-GCM encryption
  • Ephemeral chat rooms with WebSocket communication
  • One-time messages (OTM) with auto-destruction
  • Encrypted file drop with expiration

Relay Server

  • TypeScript WebSocket relay
  • Zero-knowledge message forwarding
  • No message content logging
  • Rate limiting and abuse protection

Documentation

  • Deployment guides
  • Architecture documentation
  • Security considerations

Security Model Remains Unchanged

Open sourcing zkChat does not weaken its security model. In fact, it strengthens it.

The core principles remain:

  • Keys never leave your device: Encryption keys are generated client-side and stored only in URL fragments, which browsers do not send to servers.
  • The relay is blind: The server forwards encrypted blobs without access to plaintext content.
  • No accounts, no metadata: There are no user registrations, no contact graphs, and no message history.
  • Ephemeral by design: When a room closes, data is destroyed. There is nothing to subpoena or breach.

By making the code public, we invite scrutiny. If there is a flaw in our implementation, we want it found and fixed.

How to Contribute

We welcome contributions from the community:

  1. Report security vulnerabilities responsibly via our security contact.
  2. Submit bug reports through GitHub Issues.
  3. Propose features that align with zkChat's zero-knowledge philosophy.
  4. Audit the code and share your findings.
  5. Run your own instance for personal or organizational use.

Self-Hosting

With open source access, you can now run your own zkChat instance:

git clone https://github.com/zkChatOrg/zkChat_frontend.git
cd zkChat_frontend
npm install
npm run dev

Full deployment documentation is available in the repository README.

What This Means for Users

For existing zkChat users, nothing changes in how you use the service. The web application at zkchat.org continues to operate as before.

What changes is the level of trust you can place in zkChat. You no longer need to trust our claims you can verify them.

The Future of zkChat

Open sourcing is not the end of zkChat development. It is an invitation to build together.

We will continue to:

  • Maintain the public zkchat.org service
  • Release security updates and improvements
  • Engage with the community on GitHub
  • Expand documentation and deployment options

Privacy is a collective effort. By open sourcing zkChat, we hope to contribute to a broader ecosystem of tools that respect user autonomy and resist surveillance.

Get Involved

  • GitHub: github.com/zkChatOrg
  • Star the repository to show support
  • Fork and experiment with your own modifications
  • Join the conversation in GitHub Discussions

Thank you to everyone who has used zkChat and supported its development. This release is for you.

Privacy is not a feature. It is a foundation.