The Year Encrypted Messaging Came to Nostr
In an era of increasing surveillance and data commodification, the need for sovereign encrypted messaging has never been more urgent. Nostr offered a promising foundation: a decentralized protocol that lets users own their identity and broadcast messages across a network of relays without requiring permission. But it had a gap. While public notes could flow freely, private communication remained an unsolved problem. NIP-04, Nostr's original encrypted messaging spec, had critical cryptographic vulnerabilities. NIP-17 improved on this but still leaks metadata and offers no forward secrecy or post-compromise security.
The existing solutions each carried compromises. Centralized encrypted messengers required phone numbers, stored metadata, and could be shut down by corporate decisions or government mandates. Decentralized alternatives, meanwhile, often sacrificed usability or security. What Nostr needed was a messaging system that matched its ethos: permissionless, censorship-resistant, and cryptographically sound!
Finding the Right Protocol
Encrypted messaging was a known gap in Nostr, and several people were researching solutions. Among them: Jeff Gardner was investigating OTR (Off-the-Record Messaging), exploring whether its forward secrecy and deniability properties could be adapted for Nostr's relay architecture. Max Hillebrand was looking at the Signal protocol. As a contributor to Wasabi Wallet, whose Wabisabi protocol had used some of Signal's cryptographic primitives, Max was familiar with the Double Ratchet algorithm.
Max presented his Signal research at SEC-01 (Sovereign Engineering Cohort #1) in Madeira, which ran from January 8 through March 1, 2024. The Double Ratchet showed promise for 1:1 messaging, but questions remained about group messaging and async operation.
Jeff and Max first discussed encrypted Nostr messaging at Bitcoin Atlantis in early March 2024, right after SEC-01 ended. They met again at the CheatCode Conference in Bedford, UK (April 11-13, 2024), where they compared notes on OTR and Signal. Both protocols had trade-offs: OTR was designed for synchronous communication, Signal's Double Ratchet had limitations for group messaging. By the time they left Bedford, they had decided to work together on a solution.
In April 2024, Jeff drafted NIP-104, a proposal for implementing Double Ratchet encryption on Nostr. The problem: Double Ratchet works well for two-person chats, but group messaging becomes difficult without a central server. Community feedback was clear: any solution needed to handle groups properly from the start, not as an afterthought.
While researching alternatives, Jeff found MLS. It offered forward secrecy, post-compromise security, and efficient key management for groups of any size, all without requiring a central server. By June, Jeff closed NIP-104 and pivoted to MLS. Max would later present the MLS approach at SEC-03 in Madeira.
Building the Foundation
August 2024 saw the introduction of NIP-EE, a barebones specification for encrypted messaging on Nostr using MLS principles. The "EE" stood for end-to-end, a reminder of what they were building toward. The spec was intentionally minimal, a starting point rather than a finished product.
Later that month, Max and Jeff reunited in Riga, Latvia, for Baltic Honeybadger and the Nostriga conference (August 22-27). Both gave talks on privacy and Nostr, sharing their research with the community. It was here, surrounded by the Bitcoin and Nostr communities, that they made a pivotal decision: this would not remain a research project or proof of concept. They committed to pushing White Noise forward as a production-ready application that people could actually use.
Development on the White Noise client began in earnest. The initial architecture paired a Rust backend with a TypeScript frontend using the Tauri framework. This approach promised native performance with web-friendly development. The team could move fast, iterate on the UI, and use the Rust cryptographic libraries directly.
On September 9, 2024, the Rust code was spun out into its own repository, whitenoise-rs. What had started as part of the main whitenoise codebase now lived separately, allowing the cryptographic core to be developed and versioned independently. The Rust layer would handle encryption, key management, and protocol logic, while the frontend could evolve on its own timeline.
That same month brought validation from unexpected sources. OpenSats announced a grant to support the project, and the Human Rights Foundation provided funding to Jeff directly. Both organizations recognized the importance of encrypted Nostr messaging. The grants provided runway and credibility, a signal that the broader community believed in what White Noise was building.
Hackathon Victory
February 2025 brought Jeff to Florianopolis, Brazil, to present White Noise at BTC++. After his presentation, he was invited to join the hackathon and help participants build on the project. Running from February 19-22, the event drew developers from across Latin America and beyond, all building on Bitcoin and related protocols.
At that point, Jeff was the only developer on White Noise. But hackathons have a way of bringing people together. Josefina Alliende, J.G. Montoya, Maurice Poirrier, and Fernando Ledesma Perez joined forces with Jeff at Floripa, becoming the project's first contributors. Together, they decided to integrate Nostr Wallet Connect (NWC) to enable Bitcoin payments within encrypted conversations. They coded through the nights, debugging integration issues, refining the user experience, and preparing their demo.
When the results were announced, White Noise had claimed two prizes: second place overall (earning 3 million sats) and Best NWC Third-Party Integration (adding another 333,000 sats). The recognition was more than financial. It demonstrated that White Noise could compete with the best builders in the space and that the project was solving real problems people cared about.
The Great Pivot
Spring 2025 brought a difficult decision. The Tauri architecture had served the project well during early development, but cracks were showing. Mobile support, critical for a messaging application, remained challenging. The web-based frontend created friction on resource-constrained devices. Cross-platform consistency proved harder to maintain than anticipated.
The team made the call: it was time for a major architecture shift.
The new design kept Rust at the core. Its performance and safety guarantees for cryptographic operations were non-negotiable. But the frontend would be rebuilt in Flutter. Flutter offered native compilation for iOS and Android, consistent behavior across platforms, and mature mobile tooling.
On May 12, 2025, the new whitenoise repository went live. It was a big bet: months of frontend work would need to be reimplemented, and the team would need to develop expertise in a new framework. But the alternative, shipping a desktop-first application in a mobile-first world, was worse.
The pivot would prove prescient. By year's end, Flutter had enabled exactly the mobile-native experience the team envisioned.
And Other Stuff
In May 2025, a new organization emerged to support the growing Nostr ecosystem: And Other Stuff (andotherstuff.org).
The name is an homage to Nostr itself, "Notes and Other Stuff Transmitted by Relays," and reflects a belief that the magic of open protocols lives in the unexpected tools and communities that emerge when technology is permissionless.
The founding team brought together builders from across the ecosystem: Jack Dorsey, Rabble, Calle (creator of Cashu), Alex Gleason, and Jeff Gardner. White Noise became one of the collective's core projects alongside Divine (short video clips), +chorus (social communities), and Shakespeare (AI tooling for Nostr).
In July 2025, Jack Dorsey committed $10 million to And Other Stuff, building on his earlier $5 million donation to Nostr development in May 2024. The funding would support the collective's mission: helping Nostr transition from an experimental protocol to a widely adopted, sustainable ecosystem.
For White Noise, the backing provided more than financial runway. It signaled that the project was part of something larger, a coordinated effort to build freedom technology that could stand alongside centralized alternatives.
Real Users, Real Feedback
The Oslo Freedom Forum, running May 26-28, 2025, is not a typical technology conference. Attendees include human rights defenders, journalists operating under authoritarian regimes, and activists whose lives depend on secure communication. When White Noise was invited to conduct user testing at the forum, the team recognized both the opportunity and the responsibility.
In the weeks leading up to Oslo, the team closed 38 issues: bugs, usability problems, and rough edges that would frustrate users. They wanted to put their best work in front of people who needed it most.
The feedback changed the roadmap. These were not Nostr natives or Bitcoin developers. They were non-technical users who needed encrypted messaging to protect themselves and their sources. Their questions revealed assumptions the team had made: onboarding flows that presumed familiarity with key management, terminology that meant nothing to users outside the ecosystem, workflows optimized for developers rather than activists.
The Oslo sessions shaped the product roadmap for months to come. More importantly, they reminded the team why they were building. White Noise was not an academic exercise in cryptographic protocols. It was a tool that real people in dangerous situations would depend on.
Launch Day
July 9, 2025. Version 0.1.0 of White Noise went live on TestFlight and Zapstore.
The team gathered virtually to watch the release go out, a mix of excitement and anxiety. The application was functional but far from polished. Missing features were documented in long issue lists. Edge cases remained unhandled. The UI needed work.
Jeff channeled the wisdom that had guided countless startups before: "If your first release doesn't embarrass you, you've shipped too late."
The point was not to ship perfect software. The point was to ship software that real users could test, break, and provide feedback on. Perfection in isolation was worthless compared to iteration in the wild.
The release marked a transition. White Noise was no longer a research project or a hackathon demo. It was a product, with users who would file bugs, request features, and push the team to improve. The real work was just beginning.
One month later, Max and Jeff returned to Riga for Baltic Honeybadger 2025 (August 9-10). A year earlier, they had spoken about privacy and Nostr in general terms. Now they took the stage to present White Noise itself, a working application that users could download and test. The contrast marked how far the project had come.
Protocol Maturity
As development progressed through summer 2025, a tension emerged. NIP-EE had served its purpose as a starting point, but the team was building something more ambitious than the spec described. The barebones document could not capture the full complexity of what White Noise required: key server interactions, group state management, device synchronization, and dozens of other considerations.
The solution was a standalone protocol specification.
Marmot Protocol was born.
Named for the alpine rodents known for their complex social structures and communication systems, Marmot is best understood as a glue protocol. It brings together three existing protocols: Nostr for identity, event structure, and relay transport; MLS for group encryption; and Blossom for encrypted file uploads. Marmot specifies how these pieces fit together, covering key rotation schedules, group management semantics, and security properties. It was designed so that multiple implementations could interoperate while remaining accessible enough that new developers could understand and contribute.
The Marmot Protocol repository was created on September 19, 2025, and the protocol was publicly announced on October 15. NIP-EE had already merged into the nostr-protocol/nips repository on August 27, 2025, but was subsequently marked as deprecated in favor of Marmot Protocol.
Moving to a standalone protocol specification gave the project room to grow without being constrained by the NIP process.
Growing the Team
With the protocol stabilizing and the application in users' hands, the project attracted new contributors. Developers joined on both the Rust and Flutter sides, bringing fresh perspectives and accelerating development velocity.
One critical addition was marmot-ts, a TypeScript SDK for the Marmot Protocol. Development began on August 5, 2025, led by contributors who recognized that not every project would want to integrate Rust. JavaScript and TypeScript remained the lingua franca of web development, and a native SDK would lower the barrier for other teams to build Marmot-compatible applications.
The ecosystem continued to expand. On December 9, 2025, the MDK (Marmot Development Kit) language bindings were published, bringing native support to Kotlin, Python, Swift, and Ruby. The marmot-protocol organization on GitHub grew to house 27 repositories: SDKs, documentation, reference implementations, and tooling.
In December came Tubestr, the first non-chat Marmot client. Tubestr is a private video sharing app designed for kids to share their creations with a trusted circle only, demonstrating that Marmot's encryption could serve use cases beyond messaging.
By year's end, the contributor count had grown to over 14 active developers. The whitenoise-rs repository accumulated more than 535 commits; the whitenoise Flutter app surpassed 424. What started as a two-person project had become an open-source community.
The Gathering Points
Building distributed software requires distributed teams, but sometimes there is no substitute for getting everyone in the same room.
In Lugano, Switzerland, both Max and Jeff gave talks on Marmot Protocol. The Swiss city, known for its embrace of Bitcoin, provided a fitting backdrop. They also used the time to map out the architecture decisions that would shape 2026, debate trade-offs, and align on priorities.
Costa Rica gathered the team before the Nostr XXX hackathon and unconference. The informal setting allowed for the kind of spontaneous collaboration that video calls cannot replicate: whiteboard sessions, late-night debugging, and the relationship building that turns colleagues into collaborators. It was here that the team designed MIP-5, the specification for a private notification server that would later be presented at BTrust Dev Day.
In late November, the team reconvened in Mauritius ahead of the Africa Bitcoin Conference (December 3-5, 2025). The conference itself marked a milestone: Josefina and Javier presented MIP-5 at BTrust Dev Day on December 2, covering the specification for a private notification server. Max introduced Marmot Protocol to the African Bitcoin community, and Jeff ran a two-hour hands-on workshop on building with Nostr and Marmot.
These gatherings in Lugano, Costa Rica, and Mauritius were investments in the team's cohesion and the project's long-term health. They would pay dividends in the year to come.
Security and Trust
Cryptographic software is only as trustworthy as its scrutiny. The White Noise team committed to having their work examined by the best.
A security audit is currently in progress with Least Authority, the firm that has audited Zcash, Ethereum, and other major cryptographic projects. The audit has already uncovered critical issues that the team is actively addressing. This is exactly why you do audits: to find problems before attackers do.
Based on the findings so far, many fixes have landed. MDK now uses a v2 group image format with separate upload seed derivation, ensuring uploaded images use a derived keypair rather than the encryption key directly. Migration tooling handles the transition from v1 to v2 automatically while maintaining backward compatibility. Other fixes address key handling, message validation, and edge cases in the MLS implementation.
The audit continues into 2026. More issues will likely surface, and more fixes will follow. The goal is not to ship software that passes an audit once, but to build a security-conscious development culture that catches problems early and fixes them properly.
Looking Forward
As 2025 drew to a close, the team had shipped seven releases:
But the work was not slowing down.
A major rearchitecture is underway, preparing the codebase for the scale and features planned for 2026. The team learned hard lessons about what worked and what didn't, and they're applying those lessons to a stronger foundation.
Real-time messaging is coming. Until now, White Noise polled for new messages every 2 seconds in the foreground. The streaming architecture work now underway will change this: messages will arrive the moment they're sent.
Contributors
Thanks to everyone who contributed in 2024-2025:
Founders: erskingardner (Jeff Gardner), Max Hillebrand
Contributors: josefinalliende, hzrd149, gzuuus, untreu2, jgmontoya, codeswot, Quwaysim, ayushsaksena30, AbdulbasitSaid, mubarakcoded, dannym-arx, kuba-04, and many others.
The Road Ahead
Two years ago, encrypted messaging on Nostr was an unsolved problem. Today, it has a protocol (Marmot), an application (White Noise), SDKs in five languages, and a growing community of contributors and users.
The work is far from finished. Cryptographic protocols require constant vigilance, user experience demands continuous refinement, and threats evolve daily. But the foundation is solid, the team is capable, and the mission is clear.
Without private communication, there is no freedom. White Noise and Marmot Protocol exist to keep that option open.
Here's to 2026.
Resources
-
White Noise App: whitenoise.chat
-
Marmot Protocol: github.com/marmot-protocol/marmot
-
White Noise (Rust): github.com/marmot-protocol/whitenoise-rs
-
White Noise (Flutter): github.com/marmot-protocol/whitenoise
-
marmot-ts SDK: github.com/marmot-protocol/marmot-ts
-
And Other Stuff: andotherstuff.org
For questions or to contribute, join the conversation on Nostr or open an issue on GitHub.