Privacy
A Deep Dive into Privacy—The What & How
Introduction to Privacy
What is Privacy?
Privacy is the ability to have the choice of what is shared, with who, and how. That is why privacy is a fundamental human right in a developed, evolved, and empathetic society. We must respect one's right to privacy, just as we want our own privacy respected. If and when an individual or group chooses to share or disclose informational in public domain, that remains in their power of free will and choice.
What is Encryption?
Encryption is the process of converting readable data into a secret code to prevent unauthorized access, often encoded or encrypted through cryptography. Cryptography is the process of hiding or coding information so that only the person a message was intended for can read it. It is heavily based on mathematics, using principles from number theory, algebra, and other fields to create secure ciphers and algorithms to make the cryptographic code complex and hard to decipher.
Don't Trust. Verify.
There are levels or degrees of privacy as there are everything else. Nowadays, you will hear every platform or app is "private and secure", but these are subjective terms and mostly used as buzzwords for marketing and SEO, lacking any integrity to their claims whatsoever. That is why you are constantly reading news articles about new data breaches, hacks, and identity theft. Corporations and organizations have failed to protect their user's data not because it isn't difficult, but because their codebase and core protocol was compromised by a single point of attack. If systems do not have a backdoor or shared keys that anyone can access from a single server or point, it makes it much more difficult to achieve unauthorized access.
Permissionless Privacy
Many people will refer to the term "privacy by design", but unfortunately like most emerging technologies, there will be legitimate concepts and terms that become devalued by the overuse of marketing buzzwords and hype to mislead the public for their own benefit, usually financial. At its core, privacy must be permissionless by design. This means that how it operates it must remain private—unable to hack, manipulate, exploit, or so incredibly difficult it is unfeasible. It sounds nice on paper, but harder to execute. One example to help visualize this is imagining a system with no backdoor for developers and owners. Now developers don't have direct access to your information, nor can they be targeted by hackers or governments to provide backdoor access that was not programmed into the system to begin with. This is where plausible deniability comes into play. Each user must understand their privacy is theirs and theirs alone to do with what they choose, but most importantly understand they have options. By creating a system that uses permissionless privacy, individuals must manage their own private keys and take responsibility for their own data. If you lose it, there is no one to contact, no customer support, but only yourself to blame. It may sound intimidating or risky to your average person, but we have become accustomed to trading convenience for security and look what it has cost us.
Vector's Privacy Protocol
Vector utilizes several protocols simultaneously to provide optimal levels of privacy and security. Along with other open-source technologies, Vector ascribes to a "Privacy by Principle" methodology in every aspect of operations. Privacy is a basic and fundamental human right that should be protected.
No KYC
KYC, known as "Know Your Customer", is a common digital practice for most companies, websites, and applications as a method to collect and store data on their customers. Unfortunately, with poor design and security practices it creates an unnecessary risk for the user's private data to be stolen, hacked, exploited, leaked, and shared. It is the company's responsibility to protect their users and user's confidential data at all costs, but everyday we are hearing new articles and updates on the latest data breaches, identity theft, and hacks. Vector identifies this technology as obsolete in privacy for protection and could more accurately describe KYC as "Know You're Compromised". Users are putting themselves at unnecessary risk to nefarious and malicious actors and organizations on the web by following the naive practices their prompted with when signing up to new platforms or services. KYC is a violation of the human right to privacy and is an absolute flaw in privacy technology. There may be some use cases where KYC makes sense, but there are better security methods available to the public, this is an unnecessary risk that can do more harm than good. It is important to note that once your personal information is shared publicly (without your consent), there is no way to delete or retrieve it. It is on the web forever and that is why Vector chooses to remove this suboptimal procedure from its user experience. There is no need for Vector to have and store information on its users, therefore it doesn't.
MLS
For end-to-end encryption in group chats, Vector Messenger utilizes Message Layer Security (MLS). MLS is a cryptographic protocol designed to provide end-to-end encryption for secure and private group messaging. It ensures reliable, scalable communication by enabling efficient key management and authentication among multiple participants. MLS protects messages from eavesdropping, tampering, and impersonation, even in dynamic groups where members join or leave. Standardized by the IETF, it’s widely adopted in applications like chat platforms, offering robust security with minimal performance overhead. If you're interested in learning more, watch this video.
Marmot
Marmot Protocol, developed by JeffG, is an open-source messaging protocol that enables efficient end-to-end encrypted group communication on the decentralized Nostr network. It builds as an extension to NIP-EE, the Nostr Improvement Proposal integrating the standardized Messaging Layer Security (MLS) protocol (RFC 9420), combining MLS's robust cryptographic features—like forward secrecy, post-compromise security, and scalable key management—with Nostr's relay-based, censorship-resistant infrastructure. This allows secure, serverless group chats where participants can join or leave dynamically without centralized trust, powering applications like the White Noise messenger. Implemented via the Marmot Development Kit (MDK) in Rust, it separates identities for privacy and ensures tamper-proof messaging, making it ideal for privacy-focused, distributed social platforms.
Nostr
One key factor in Vector's privacy design is utilizing a decentralized relay network (Nostr) to store and share data. With a decentralized network such as Nostr, anyone from around the world can host a node cheaply and easily to help support the integrity of the data. Currently (date last published at bottom), Nostr has over 850 public relays in over 40 countries and growing daily. Its resilience is ensured by these community-run Nostr relays, eliminating downtime, and is a fully open-source codebase. This includes its infrastructure to protocol specs—avoiding proprietary lock-in, making it unkillable, and transparent. Nostr also offers no-compromise encryption with zero metadata leakage and plausible deniability for all content, including texts, media, voice notes, and files, adhering to the NIP-17 standard.
Blossom
The Blossom protocol is a decentralized extension to the Nostr network, specifically designed for efficient storage, upload, and retrieval of media files and binary large objects (blobs) in a censorship-resistant manner. By leveraging Nostr's relay-based infrastructure and cryptographic identifiers like SHA-256 hashes, it enables users to distribute content across multiple servers—ranging from community-hosted nodes to global CDNs—without relying on centralized platforms, ensuring redundancy and tamper-proof access. This makes it ideal for applications like image sharing in chat apps or secure file hosting on Nostr clients such as Amethyst, promoting a more resilient and privacy-focused media ecosystem.
Last updated