// Encrypted messenger · Variant C — zero hint

Everything else
is redacted.

No phone number. No email. No accounts. Your key is any file, password or link — and it never leaves your device. The server only ever sees noise.

Get it on Android How it works
NO IP · NO LOCATION NO REGISTRATION OFFLINE KEY EXCHANGE AES-256-GCM SHAMIR QUORUM
// What makes it different

Cryptographic access control.
No server-side permissions.

Who reads what is decided entirely by who holds the key — never by an account, a role, or a list on our side. We couldn't hand over your conversations if we tried.

Your key is anything

A password, any file (PDF, photo, MP3), a URL — or a Shamir split across several files. It's hashed locally and never transmitted.

No accounts, ever

No phone number, no email, no username. Your identity is a keypair that lives only on your device — never on our servers — and you share it with a contact only when you choose, by scanning in person.

Per-message encryption

Every message can use a different key. The same room looks different to each person — some lines are text, others are just .

The server is deaf

It stores opaque blocks and timestamps — nothing else. No senders, no key hints, no "who talks to whom". Seized, it reveals noise.

Quorum decryption

Lock a message so it only opens when K of N people combine their keys. One infiltrator with one share is useless.

Offline key exchange

By default, keys are exchanged offline — in person, by file, or by QR scan — never negotiated over the network. That eliminates an entire class of man-in-the-middle attacks.

// How it works

Three steps. Zero trust in us.

01

Generate locally

Your identity and keys are created on-device and stored encrypted behind your app-lock — a password, a file, a quorum, biometrics, or a YubiKey (NFC). Nothing leaves without a deliberate decision.

02

Share a key offline

Agree on a key with the people who matter — a file you both have, a password, a QR scanned in person. Never through the server.

03

Everything else is redacted

Anyone without the key sees a locked block — or, in stealth rooms, nothing at all. No error, no hint, no oracle.

Choose how each conversation is protected — three levels, no default →

// Defense in depth

Layers, not promises.

Security that survives a bad day is layered — and honest about where each layer ends. Here's ours, and what each one does (and doesn't) do for you.

Tor, bridges, or clearnet — you choose

Reach the network over Tor v3 (the server never learns your IP or where you are), over Tor bridges where Tor itself is blocked, or over a standard connection when hiding your location isn't the point. The app states plainly what each mode reveals — the choice, and the trade-off, are always yours.

Trust you can verify

A key you swap face-to-face can't be tampered with — you watched it happen. Set one up remotely when you can't meet, and the app marks it as such, with a fingerprint to verify later. Trust is shown, never assumed.

You're never both online at once

Messages wait, encrypted, until you reconnect — even across a dropping Tor circuit. Neither of you has to be online at the same moment for a message to land.

Metadata shaped, not just hidden

Beyond Tor, every block is padded to a fixed size and the conversation address rotates per-conversation — and a high-risk mode adds cover traffic. The relay sees uniform, rotating traffic, not your patterns.

A decoy for coercion

Set a second password that opens a fake, empty profile to show under pressure — your real one stays hidden in the same store, indistinguishable on disk. A panic lock disarms biometrics so a forced finger opens nothing.

Nothing to grab off the screen

Screenshots, screen recording, and the "recent apps" thumbnail are blocked — the chat can't be captured from outside the app, even on a seized phone.

ygoow — what we don't pretend.txt
Encryption protects what you write.
Tor hides where you are.
Quorum splits the power to unlock.

// But no messenger — none — survives a compromised device.
// A phone with spyware, or one taken while unlocked,
// reads your screen no matter the cryptography.

$ we tell you this — because the ones who don't are the ones you shouldn't trust

Read the full trust model — what we protect, and where it ends →

When they couldn't break the cipher: how EncroChat and Ricochet actually fell →

// Since 2004

Some philosophies don't age.

YGOOW began two decades ago with one idea: sharing data freely, anonymously, without surveillance. The world finally caught up.

ygoow — manifesto.txt
YGOOW 2004: peer-to-mail. No accounts. No registration.
YGOOW 2026: a messenger. No accounts. No registration.

// "The French faked CAs — ANSSI, 2013.
// The Americans forced backdoors — Apple, 2016.
// The Germans trojaned Skype itself — 2011, so sloppily the CCC laid it bare.
// Encrypt it yourself, and there's nothing to seize — only what you choose to share."

// And when the ciphers finally held, they went around them —
// the central servers (EncroChat, 2020), the standing onion service (Ricochet, 2024).
// so we removed those: no centre to seize, no service to trace — and we mark where it still ends.

// refs — FR: mozilla.org · theregister.com
// US: epic.org · bbc.com · order (archived)
// DE: ccc.de · report (archived)
// EncroChat: CJEU C-670/22 · bverfg.de · judgment (archived) · summary (archived)
// Ricochet: torproject.org · tagesschau.de · response (archived) · report (archived)

$ your key · your rules · everything else is redacted
// Straight talk

The same coaching the app gives you.

Ygoow speaks up at the moments that matter — cheeky, but honest. These are the in-app cards, verbatim. Swipe through.

No default. You choose.

Every other messenger picks your security for you. Ygoow makes you choose how each conversation is protected — or it won't let you chat at all.

Your key is anything — but anything isn't a key.

A password, a file, a link, a quorum of people. Just remember: a public file or a guessable link is not a secret. The app shows you the real strength of what you pick.

Met in person? Trusted. Added remotely? Verify.

A key you swap face-to-face can't be tampered with — you watched it happen. Add one over a channel and the app marks it unverified until you compare fingerprints on a channel you trust.

Tor is on. Leaving it mails your address.

By default the relay never sees your IP. Turn Tor off only on purpose — clearnet hands your address to the server. Your IP literally is an address.

Tor hides WHERE. We also blur WHEN and HOW MUCH.

Message size is the strongest fingerprint a relay has — so every block is padded to a fixed size and your conversation address rotates (default: every 15 min). High-risk mode adds cover traffic.

We can't read you. We can't be forced to.

Keys are agreed between people, offline. Our relay only ever holds ciphertext — there is nothing on our side to hand over, even under a court order.

A password can be compelled. A key in your pocket can't.

Turn on YubiKey 2FA and unlocking needs your secret AND a tap of your hardware key over NFC. Knowing — or extracting — your password is no longer enough. Opt-in; the choice is yours.

A stolen, unlocked phone beats any crypto.

No messenger survives a phone taken while unlocked, or carrying spyware — it reads your screen directly. We tell you this, because the ones who don't are the ones to distrust.

Forced to open it? Hand them a decoy.

Set a second password that opens a fake, empty profile — your real one stays hidden in the same store. A panic lock disarms your fingerprint, so a compelled finger opens nothing.

swipe · drag · scroll

No phone number. No email. No trace.

YGOOW for Android is on its way. Your key, your rules — everything else is redacted.

Get it on Android — soon