About Private Pigeon
A private, letter-first communication platform for small trust networks.
What it is
Private Pigeon lets you send and receive end-to-end encrypted “letters”—long-form messages that are encrypted on your device and only decrypted on the recipient’s. The server never has the keys to read your content. It only routes ciphertext and stores minimal metadata for delivery.
How it works
The system has three parts:
- Server — A backend API (REST over HTTPS) that handles user/device registration, sessions, and letter delivery. It stores encrypted blobs and envelope metadata only.
- Client Core — A local service on your machine that does all encryption/decryption and talks to the server. It exposes an API over a Unix socket.
- Client TUI — A terminal interface (Bubbletea) that you use to compose and read letters. It talks only to the local Core, never directly to the internet.
Data flow: TUI → Core (Unix socket) → Server (HTTPS). Plaintext never leaves your device.
Design choices
- No user search — To limit abuse and metadata, there is no directory or search. You send to a known identifier or a verified email address.
- Single active device (MVP) — One device per user for v1. Multi-device and recovery are out of scope for the initial release.
- Attachments via presigned URLs — Files are uploaded and downloaded directly to object storage via time-limited URLs, so large data doesn’t flow through the API server.
Open and auditable
Private Pigeon is built to be inspectable. The architecture and design are documented; the client and server can be built and run from source. We don’t collect analytics or use your data for advertising.