> For the complete documentation index, see [llms.txt](https://vector-privacy.gitbook.io/vector-privacy/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://vector-privacy.gitbook.io/vector-privacy/vector-messenger/intro/privacy.md). # Privacy
Privacy Messengers Infographic

Data Accurate as of 11/26/2025 (Last Updated)

## Introduction to Privacy ### What is Privacy? Privacy is the ability to have the choice of what is shared, with who, and how. That is why **privacy is a fundamental human right** in a developed, evolved, and empathetic society. We must respect one's right to privacy, just as we want our own privacy respected. If and when an individual or group chooses to share or disclose informational in public domain, that remains in their power of free will and choice. ### What is Encryption? Encryption is the process of converting readable data into a secret code to prevent unauthorized access, often encoded or encrypted through cryptography. Cryptography is the process of hiding or coding information so that only the person a message was intended for can read it. It is heavily based on mathematics, using principles from number theory, algebra, and other fields to create secure ciphers and algorithms to make the cryptographic code complex and hard to decipher. Learn more on the next page about Vector Privacy's encryption methods. ### Don't Trust. Verify. There are levels or degrees of privacy as there are everything else. Nowadays, you will hear every platform or app is "private and secure", but these are subjective terms and mostly used as buzzwords for marketing and SEO, lacking any integrity to their claims whatsoever. That is why you are constantly reading news articles about new data breaches, hacks, and identity theft. Corporations and organizations have failed to protect their user's data not because it isn't difficult, but because their codebase and core protocol was compromised by a single point of attack. If systems do not have a backdoor or shared keys that anyone can access from a single server or point, it makes it much more difficult to achieve unauthorized access. ### Permissionless Privacy Many people will refer to the term "privacy by design", but unfortunately like most emerging technologies, there will be legitimate concepts and terms that become devalued by the overuse of marketing buzzwords and hype to mislead the public for their own benefit, usually financial. At its core, privacy must be permissionless by design. This means that how it operates it must remain private—unable to hack, manipulate, exploit, or so incredibly difficult it is unfeasible. It sounds nice on paper, but harder to execute. One example to help visualize this is imagining a system with no backdoor for developers and owners. Now developers don't have direct access to your information, nor can they be targeted by hackers or governments to provide backdoor access that was not programmed into the system to begin with. This is where plausible deniability comes into play. Each user must understand their privacy is theirs and theirs alone to do with what they choose, but most importantly understand they have options. By creating a system that uses permissionless privacy, individuals must manage their own private keys and take responsibility for their own data. If you lose it, there is no one to contact, no customer support, but only yourself to blame. It may sound intimidating or risky to your average person, but we have become accustomed to trading convenience for security and look what it has cost us. ***
## Vector's Privacy Protocol *Vector utilizes several protocols simultaneously to provide optimal levels of privacy and security. Along with other open-source technologies, Vector ascribes to a "Privacy by Principle" methodology in every aspect of operations. Privacy is a basic and fundamental human right that should be protected.* *** ### No KYC KYC, known as "Know Your Customer", is a common digital practice for most companies, websites, and applications as a method to collect and store data on their customers. Unfortunately, with poor design and security practices it creates an unnecessary risk for the user's private data to be stolen, hacked, exploited, leaked, and shared. It is the company's responsibility to protect their users and user's confidential data at all costs, but everyday we are hearing new articles and updates on the latest data breaches, identity theft, and hacks. Vector identifies this technology as obsolete in privacy for protection and could more accurately describe KYC as "Know You're Compromised". Users are putting themselves at unnecessary risk to nefarious and malicious actors and organizations on the web by following the naive practices their prompted with when signing up to new platforms or services. KYC is a violation of the human right to privacy and is an absolute flaw in privacy technology. There may be some use cases where KYC makes sense, but there are better security methods available to the public, this is an unnecessary risk that can do more harm than good. It is important to note that once your personal information is shared publicly (without your consent), there is no way to delete or retrieve it. It is on the web forever and that is why Vector chooses to remove this suboptimal procedure from its user experience. There is no need for Vector to have and store information on its users, therefore it doesn't. ### **Concord Protocol** [Concord](https://github.com/VectorPrivacy/Vector/blob/master/docs/concord/README.md) is a from-scratch end-to-end encryption protocol built by [Formless Labs](https://www.formlesslabs.net/) & Vector Privacy to power communities, large group spaces with channels, roles, admins, and invites, running entirely over the open Nostr network with no central server in the middle. It works by replacing the things a typical chat server normally controls with things anyone can independently verify: membership is simply holding a shared community key, so being able to decrypt a room is what it means to be in it, and authority (who's the owner, who's an admin) is recorded in a signed roster that every member's app re-derives and checks for itself rather than something a company's database grants. Relays only ever see encrypted, unlabeled blobs and are fully interchangeable, so no single relay can read a community's contents, track who's talking to whom, or cut anyone off. This makes removing a member a real cryptographic act rather than a cosmetic one, since banning someone re-keys the room and locks them out of everything that follows, and it lets Concord support full Discord, Matrix, and Slack-like functionality, roles, channels, bans that stick, multi-device sync, all while keeping every message, name, and member list unreadable to anyone outside the community. Concord plays the same role for Vector Communities that the Signal Protocol plays for Signal: the underlying machinery that makes secure, scalable group messaging both possible and trustworthy, minus any party other than the community's own members who can ever switch it off. [Learn more](https://vectorapp.io/blog/v0.4.0/) ### Nostr One key factor in Vector's privacy design is utilizing a decentralized relay network ([Nostr](https://nostr.org/)) to store and share data. With a decentralized network such as Nostr, anyone from around the world can host a node cheaply and easily to help support the integrity of the data. Currently (*date last published at bottom*), Nostr has over 850 public relays in over 40 countries and growing daily. Its resilience is ensured by these community-run Nostr relays, eliminating downtime, and is a fully open-source codebase. This includes its infrastructure to protocol specs: it avoids proprietary lock-in, making it unkillable and transparent. Nostr also offers no-compromise encryption with zero metadata leakage and plausible deniability for all content, including texts, media, voice notes, and files, adhering to the [NIP-17](https://github.com/nostr-protocol/nips/blob/master/17.md) standard. [Learn more](https://github.com/nostr-protocol/nostr/) ### Tor Vector integrates Tor through an embedded Arti client, routing all outbound traffic including Nostr relay connections, Blossom uploads, link previews, and media fetches through the Tor network by default when enabled. Where most apps treat anonymity as an afterthought, Vector treats it as infrastructure: rather than relying on a system-level proxy or requiring a separate Tor Browser installation, the Arti client runs entirely within Vector, meaning no traffic leaves the app through clearnet by accident. Every relay connection becomes an onion-routed circuit, hiding your IP address from relay operators, media servers, and any observer watching the network between you and them. This matters because even perfectly encrypted messages leak metadata if the connection itself is visible: who you talk to, when, and from where. Tor severs that link entirely. The tradeoff is latency, onion routing adds overhead, but for users operating under genuine threat models, journalists, activists, or anyone who needs their identity and location decoupled from their communications, that tradeoff is not a tradeoff at all. [Learn more](https://www.torproject.org/) ### Blossom The Blossom protocol is a decentralized extension to the Nostr network, specifically designed for efficient storage, upload, and retrieval of media files and binary large objects (blobs) in a censorship-resistant manner. By leveraging Nostr's relay-based infrastructure and cryptographic identifiers like SHA-256 hashes, it enables users to distribute content across multiple servers, ranging from community-hosted nodes to global CDNs, without relying on centralized platforms, ensuring redundancy and tamper-proof access. This makes it ideal for applications like image sharing in chat apps or secure file hosting on Nostr clients such as Amethyst, promoting a more resilient and privacy-focused media ecosystem. [Learn more](https://github.com/hzrd149/blossom) ### Memory Hardening In Vector, your private key never exists as one thing. It's split into four shares, hidden among hundreds of thousands of indistinguishable decoys, and only assembled on your device for microseconds during a signing operation, then wiped with volatile writes. When a forensic tool dumps your phone's memory, it doesn't find a key. It finds a sea of 32-byte blobs that all look exactly like one, and none of them are. Your messages stay yours, even after your phone leaves your hands. [Learn more](https://vectorapp.io/blog/memory-hardening/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://vector-privacy.gitbook.io/vector-privacy/vector-messenger/intro/privacy.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.