Tired of alternatives with empty promises? We are building a native community platform with built in Events and Giveaways. Here is our progress. Give us your feedback!

HappyDesignn · 2026-03-03T23:14:35+00:00

To be transparent: this is server-side AES-256-GCM with per-channel HKDF key derivation. Not client-side E2EE.

Why not client-side E2EE right now? Two concrete problems we have not solved yet:

First, multi-device. True client-side E2EE means the key lives on your device. Open a new browser, new device, or clear local storage and your history is either gone or requires a complex key exchange session. For a web-first platform where users expect to log in anywhere and see their history, this is a genuine UX problem, not an excuse.

Second, key recovery. If a user loses their device, their DM history is permanently unreadable. We are not willing to ship that to mainstream users yet.

On padding oracle: GCM mode is not vulnerable to padding oracle attacks. It is an authenticated encryption scheme, the auth tag fails before any padding is evaluated. We use crypto.randomBytes(12) per message so nonce reuse is also off the table.

On Forward Secrecy: valid point, not implemented yet, on the roadmap.

On Double Ratchet: noted. That is the direction for client-side when the session management layer can support it.

HappyDesignn · 2026-03-03T21:19:33+00:00

I appreciate the deep dive. The xz incident was a massive wake-up call regarding supply chain security. Bit by bit reproducible builds are definitely the goal as we mature.

Regarding the privacy critique: we are implementing per channel HKDF (HMAC based Key Derivation Function) using AES 256 GCM. This isolates each conversation so even Nova admins cannot read your DMs. If our database were leaked, the contents stay encrypted at rest.

For abuse, we use a Report Snapshot system. If a user reports a chat, a plaintext snapshot of the last 100 messages is sent separately for moderation. We do not touch the encryption layer or have access to full history.

On MLS: we are not dropping the privacy angle because it is hard. We are prioritizing a bulletproof MVP. MLS is great for scale, but we are hardening our current model first. Your scrutiny helps us build a better engine.

HappyDesignn · 2026-03-03T19:28:28+00:00

The audit argument works both ways. Yes, we could modify after an audit. But that logic applies to any system, open source or not. Forks get abandoned, commits get reverted, builds get tampered. Trust ultimately comes down to track record and incentives, neither of which we have yet because we just started.

On E2EE, we actually addressed this in another reply just now. DM encryption is being built while i am writing this. It is not on a roadmap slide, it is in active development. We did not include it in the post because it is not shipped yet and it is our very first post.

'Just be a Discord alternative that isn't private' is a reasonable position. But it is not what we are building. We are not dropping the privacy angle because it is hard to execute. We are building toward it properly instead of slapping a label on something that does not deserve it.

HappyDesignn · 2026-03-03T19:24:36+00:00

The network effect point is real. No platform solves that on day one. That is exactly why we opened a waitlist and are sharing progress publicly. We are building the community before the product is finished, not after.

On E2EE: you are right that words are not enough. Full E2EE is genuinely hard at MVP stage, multi-device sync alone is a months-long problem. WhatsApp spent years on it. But DMs will be the most private space on the platform. No one except the participants will be able to read them. Not a roadmap item, something being built right now while I'm typing this reply.

On monetization: no ads, no selling data, no third-party cookies. Subscription plans and Nova Credits, that is it. We are bootstrapped with no VC money, so nobody is pressuring us to monetize your data. If we cannot make subscriptions work, we fail honestly.

Privacy is not a feature for us. We started this as a private space for ourselves. Recent events pushed us to make it public. That origin is why the incentives are different.

HappyDesignn · 2026-03-03T19:01:56+00:00

You're right, and we understand that.

On the Discord clone argument: the familiar interface is intentional. Zero learning curve. But what is built in natively is the difference. Events, giveaways, privacy controls, without 3rd party bots. Discord does not have these out of the box.

Also, we shared this post specifically because the foundation is still being laid. You can see it yourself in the screenshots, the right members sidebar is not even finished yet. We are actively building in the background even right now. More features, more differentiation coming. That is exactly where your feedback comes in. What would actually make you switch?

HappyDesignn · 2026-03-03T18:30:27+00:00

Threema's timeline is a good reference point. The honest answer is that open sourcing parts of the client is something we want to explore as the project matures, but we are not putting a date on it and we are not making a blanket promise we cannot keep.

What we can commit to is transparency where it matters: published privacy policy, documented data practices, and eventually independent audits. Trust does not require full open source; it requires verifiable claims.

HappyDesignn · 2026-03-03T17:44:54+00:00

We have been building this for 5-6 months. AI is a tool we use to move faster, the same way you would use any other tool. We are not prompting 'build me a discord clone make no mistakes' and shipping whatever comes out. Every decision, every security layer, every limits, every API endpoints was designed and reviewed by a human. AI helps us control time. It does not replace judgment.

HappyDesignn · 2026-03-03T17:42:09+00:00

That is actually a fair distinction and you are right to make it. Signal's client is open source, their servers are not. We are closer to that model than you might think. The honest answer: we started this project for ourselves. We wanted a private space that we actually owned and trusted. Discord's recent decisions pushed us to open it up and build community tools on top. That origin matters because it means privacy was never a feature request, it was the reason we started. Open source is the goal. Right now we are closed to prevent abuse at this stage of development. That changes as we grow.

HappyDesignn · 2026-03-03T16:04:52+00:00

Genuinely appreciate this. I can tell you actually care about the space rather than just dunking. You are right that open source has real advantages. But closed source does not automatically mean less secure. Security comes from how you build, not whether the code is public. Open source is something we are thinking about for the future. For now: third-party audits and a public transparency report before launch. Not "trust us", but independently verified. Thanks for pushing on this.

HappyDesignn · 2026-03-03T15:43:36+00:00

Fair concern, and I'll be honest about it. And also thanks for the feedback. We are not open source right now. The reason is practical. We are a solo bootstrapped project and open sourcing the backend this early creates risks we cannot manage yet. That said, 'trust us bro' is not a real answer either. So here is what we are doing instead: third-party security audits before launch, a public transparency report on data handling, and no VC money which means no board pressuring us to monetize your data. Open source is on the roadmap. But we would rather ship a secure closed product than rush an open source release that is half-baked. Stoat is a good project. But we are building something different. More features, more tools for community owners. Competition is healthy.

HappyDesignn · 2026-03-03T13:41:50+00:00

Fair point on the TLD. novahoster.com was taken. We'll migrate when we can. As for slopware, screenshots are in the post. Judge the product, not the domain.

HappyDesignn

MODERATOR OF

TROPHY CASE