ekko
Get Ekko

A privacy layer for the internet you already use

Say it like
no one is listening.

Ekko seals your messages with post-quantum encryption before they leave your device, then sends them through the apps you already use. The platform delivers a sealed envelope. Only the person you wrote to holds the key.

V0.3 · CHROME · INSTAGRAM DMS TODAY · OPEN PROTOCOL SPEC


01 — WHAT HAPPENED

The platforms stopped pretending.

On May 8, 2026, Meta removed end-to-end encryption from Instagram DMs. Conversations that used to be sealed between two people became readable — by the platform, by whoever it answers to, by whoever breaches it next.

It isn't one company's lapse. It's the direction: encryption gets framed as something suspicious to want, and "private" gets redefined as private, except from us.

You shouldn't need a corporation's permission to speak privately. And you shouldn't have to move everyone you know to a new app to get it.


02 — THE LAYER

Encryption that rides on top.

Ekko is a browser extension that adds an independent end-to-end layer over the messengers you already use. You type normally. Ekko encrypts in place as you send, the platform carries ciphertext it cannot read, and your contact's Ekko quietly decrypts it back — right in the page.

1

Create your identity

Keys are generated on your device and sealed in a vault only your passphrase opens. No account. No sign-up. Nothing leaves your hands.

2

Trade invites

Show a QR code or paste an invite once. Then read the safety number out loud to each other — now you know it's them, not a machine in the middle.

3

Type normally

Outgoing messages encrypt on send. Incoming ones decrypt in place, marked with a small lock. The person you're writing to just… reads you.


— TRY IT HERE

Watch a message seal itself.

The platform would carry
ciphertext appears as you type

This is real XChaCha20-Poly1305, running in your tab, under a throwaway key that never leaves it. The shipped protocol adds a hybrid post-quantum key exchange (ML-KEM-768 + X25519) so only your contact can derive the key. Nothing you type here is sent anywhere — this page makes no network requests.


03 — PROOF, NOT PROMISES

Trust no one. Verify us.

Your keys never leave your device

Generated locally, stored in an encrypted vault, unlocked only by your passphrase. There is no server copy. There is nothing to subpoena.

Post-quantum, today

A hybrid of X25519 and ML-KEM-768 with XChaCha20-Poly1305. Traffic recorded now can't be decrypted later by a quantum computer — “harvest now, decrypt later” comes up empty.

No account required

The core is peer-to-peer: invites and QR codes. The optional directory does one thing — map a username to a public key — and never touches a private one.

Verifiable, not vibes

Signal-style safety numbers confirm who you're talking to. The protocol spec and threat model are published — including what Ekko cannot protect you from.

No telemetry

The extension reports to no one. This website sets no cookies, runs no analytics, and makes zero third-party requests. There is nothing to opt out of.

Honest scope

Automatic encryption works on Instagram DMs today, one-to-one. Manual tools cover WhatsApp, Telegram, and X. We say exactly what works — and what doesn't yet.


04 — GET EKKO

Early access is opening.

Ekko is in private beta: a Chrome extension, Instagram DMs first, more platforms as adapters mature. Leave an address and we'll send your install link when a spot opens — if you want to break it and tell us how, even better.

One address, one purpose. No newsletter, no sharing — deleted once invites go out.