# πŸ” NoFuture-Memguard-PQ **Ephemeral Post-Quantum Text Encryption Plugin for Mainstream Chats** Version 0.5.0 | Built with love and defiance | Privacy is a human right, not a feature ## 🎯 What is it? NoFuture-Memguard-PQ is a **detached external encryption plugin** for any instant messaging platform. Use it in one browser tab while your mainstream chat (WhatsApp Web, Telegram, Signal, etc.) runs in another. **Key features:** - πŸ›‘οΈ **Memguard-protected memory** - Keys and plaintext secured against root access and memory dumps - πŸ”’ **Detached architecture** - Completely isolated from mainstream chat platforms (no backdoors possible) - πŸ”₯ **Ephemeral by design** - Total key destruction on session end (no future access) - ⚑ **Post-quantum ready** - Roadmap includes Kyber1024-90s and Dilithium5-AES - πŸ–±οΈ **Anti-keylogger keyboard** - Virtual keyboard with randomized layout ## πŸš€ Quick Start ```bash # Install git clone cd nofuture-memguard-pq go mod download go build -o nofuture main.go # Run ./nofuture # Open http://localhost:8080 ``` ## πŸ“– Documentation For complete documentation, open `https://safecomms.virebent.art/README.html` in your browser. ## ⚠️ Production Deployment **NEVER expose the Go server directly to the internet without HTTPS.** Use a reverse proxy (nginx, Caddy) with TLS certificates: ```nginx server { listen 443 ssl http2; server_name safecomms.yourdomain.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/key.pem; location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } ``` ## πŸ” Security Model 1. **Memguard** (PRIMARY) - Protects keys + plaintext in RAM against dumps, swap, debuggers 2. **Detached Architecture** - Mainstream platforms never see keys or plaintext 3. **AEAD Encryption** - XChaCha20-Poly1305 prevents tampering 4. **Total Destruction** - Keys irreversibly wiped on session end ## πŸ“Š What's Fixed in v0.5.0 βœ… Plaintext now protected by memguard (was vulnerable) βœ… Real encryption (XChaCha20-Poly1305 AEAD) instead of XOR βœ… Real key exchange (NaCl box) instead of XOR βœ… HTTPS enforcement (reverse proxy required) βœ… CORS restrictions (no wildcard) βœ… Rate limiting (60 req/min per IP) βœ… Request size limits (1MB max) βœ… Session timeouts (24h max) βœ… Authenticated encryption (prevents bit-flipping) βœ… Session isolation (no cross-contamination) βœ… Secure cleanup on exit ## πŸ—ΊοΈ Roadmap - βœ… v0.5.0: Memguard + XChaCha20-Poly1305 - πŸ”„ v1.0.0: Kyber1024-90s + Dilithium5-AES (true post-quantum) - πŸ”„ v1.1.0: Per-message ratcheting (forward secrecy) - πŸ”„ v2.0.0: Browser extension ## πŸ“œ License MIT License ## πŸ’¬ Support Report security issues privately. For other questions, open an issue. --- **One conversation. One key. One chance to read. No future access.**