OSL Privacy

How OSL works

The cryptography behind OSL, explained without needing a crypto background.

The basic idea #

OSL encrypts your messages before Discord ever sees them. When you type a message and hit send, OSL transforms it into ciphertext — random-looking bytes — and only then hands it to Discord to deliver. Discord routes the ciphertext to your recipient. Their copy of OSL transforms it back into the original message.

Think of it like sending a sealed letter through the mail. The postal service handles delivery but can't read the contents. Discord plays the postal service role here — they route the envelope, but the inside is just bytes to them.

The cryptography #

OSL uses end-to-end encryption with a post-quantum hybrid. The building blocks:

  • X25519 — a modern elliptic-curve key-exchange algorithm. Battle-tested, used by Signal, WireGuard, and most contemporary secure-messaging systems.
  • ML-KEM-768 — a post-quantum key-encapsulation mechanism standardized by NIST in 2024. Designed to resist attacks from quantum computers that don't exist yet but might.
  • Per-message hybrid sealing — direct messages are sealed to the recipient's published X25519 and ML-KEM-768 keys with a fresh ephemeral key for every message, so each message stands on its own.
  • Sender Keys — for group chats and server channels. One ciphertext is delivered to every member efficiently, and the group key rotates as membership changes.

X25519 and ML-KEM-768 are combined in a "hybrid" mode — both have to be broken for an attacker to recover your keys. If quantum computers turn out to break X25519 some day, ML-KEM-768 still holds. If a flaw is found in ML-KEM-768, X25519 still holds. You get the benefits of both algorithms and the failure mode of neither.

Where your keys live #

Everything cryptographic happens on your computer. Your encryption keys are generated locally and stored locally. They're encrypted at rest with your password — even someone with full access to your filesystem can't read them without it.

We never see your keys. We have no copy of them. We can't recover them if you lose them. This is the trade-off for end-to-end encryption: nobody else can read your data, and that includes us.

What Discord sees #

Discord still routes messages between you and your friends. From their perspective:

  • They can see: timestamps, who you're talking to, message sizes, when you're online, which servers you're in.
  • They cannot see: the contents of your messages, your encryption keys, your OSL whitelist, or the relationships between OSL users.

This is the meaningful limit of OSL. We protect content, not metadata. If you need both, look at Signal or Session — they were designed for that threat model from day one. See our threat model for a deeper discussion of what's and isn't covered.

Audit the crypto #

OSL is fully open source — the entire client is on GitHub under Apache-2.0, and the Audit page points you straight at the crypto. Reading the code lets you verify how messages are encrypted; it isn't a guarantee that the code is bug-free, it's a guarantee that you can check.