Introduction
trueseal is end-to-end encrypted sync you can drop into a project without standing up an account system, picking a vendor, or asking your users to trust your server.
The gap
Sync infrastructure isn’t the missing piece. iCloud, Firebase, Dropbox and friends all solve the moving-bytes-around problem fine. The catch is that they’re sitting in the middle of the conversation reading everything.
The privacy-respecting alternatives are mostly closed systems. I like what Anytype and Signal have built, but their sync engines are internal plumbing wired tightly to their own data models. You can’t really pull them out and use them somewhere else. The sync engine is the product.
Nostr is composable but solves a different problem. Every event is signed by a stable public key and every relay sees who said what to whom. That’s intentional — Nostr is a public identity protocol. trueseal is the opposite: no stable sender on the wire, no human identity, no communication graph an operator can reconstruct from their logs.
So if you want private-by-default sync today, you either build the whole stack yourself or you give up and use a platform that owns the data. trueseal exists so you don’t have to do either.
The core guarantee
The server can’t read your data. Not “shouldn’t”, not “promises not to” — can’t. Compromise the relay completely and an attacker walks away with ciphertext and some recipient public keys. That’s it.
What’s in the box
Three independent components, plus a spec that ties them together.
trueseal-noise is a Rust implementation of the Noise Protocol Framework, the same handshake foundation behind WireGuard and Signal. It gives you authenticated, forward-secret channels between devices, and it doesn’t depend on anything else in the trueseal stack — you can use it on its own.
trueseal-sync is the actual sync engine. Device identity, pairing, group membership, encrypted delivery to every member of a group, and an outbox that replays on reconnect. This is the part most apps integrate.
trueseal-relay is a small Go binary you deploy somewhere. It routes encrypted blobs between devices and holds them for offline recipients. It has no idea who its users are, what groups exist, or what any blob contains. Run your own, use a public one, point at someone else’s — the security story doesn’t change.
Above all three sits trueseal-protocol, the wire spec they all speak. Any client implementing the spec works with any relay implementing it. Swap pieces out, keep the rest.
What’s not in the box
trueseal is a transport, not a framework. It’s deliberately uninterested in:
- The shape of your data. Payloads are opaque bytes; bring your own format.
- Conflict resolution. Delivery and ordering are guaranteed; divergence is yours to handle.
- History replay for new devices. Pairing adds a member to the group, not the group’s past. If a joiner needs catch-up, your app sends it.
- Users. A device is a keypair. Mapping devices to humans is a layer above this one.
- Permissions. There is no admin and no hierarchy — if you’re in the group, you can do anything any other member can do.
Every one of those is a conscious omission. They’re the things that turn a primitive into someone else’s framework, and we’d rather you write them than inherit them.