A modern desktop messenger for private social DMs.
Orbit Chat is built for low-friction conversation with a security-first foundation. It is a focused desktop client for direct messages, where DM text and attachment envelopes are encrypted on-device and decrypted on-device.
What Orbit Chat is
A focused desktop client for direct messages. Built with Electron + React for fast iteration, with encrypted messaging, encrypted media, chat passcode controls, and friend workflows.
Built for social chat
Orbit Chat keeps the experience direct: find a friend, start a DM, and talk. Multiple DMs with one person are supported and distinguished by display naming and chat labels.
Security-first defaults
Message APIs use ciphertext + nonce payloads. Conversation keys are sealed per participant, and DM payload decryption remains client-side.
Desktop production UX
Scroll-safe scenes, passcode context labels, settings-driven chat naming, and hardened endpoint URL handling improve reliability in packaged desktop deployments.
How encryption works
Orbit Chat uses libsodium to encrypt direct messages end-to-end. Conversation keys are created on the client and encrypted to each participant’s public key, so the server stores opaque payloads.
Generate device keys
Each device generates a public/private keypair locally. The public key is registered with your account.
Seal a conversation key
For each DM, the client creates a symmetric conversation key and encrypts it to each participant’s public key (sealed box).
Encrypt messages, decrypt locally
Messages are encrypted client-side using the conversation key (libsodium secretbox). Recipients decrypt locally; the server can’t read message contents.
Encrypted End-to-End
- DM text payloads
- Attachment metadata in encrypted envelopes
- Video links embedded in encrypted envelopes
- Wrapped file keys per attachment
- Attachment blob bytes uploaded as encrypted chunks
Not Encrypted End-to-End
- Conversation membership and who you talk to
- Message timestamps and delivery/seen metadata
- Profile and friendship metadata
- Media reservation routing/storage metadata
- Attachment lifecycle status metadata
Architecture and Runtime
Orbit Chat uses realtime room fanout, encrypted message envelopes, and deterministic local state updates so first-message delivery and unread behavior remain consistent.
Realtime delivery model
Messages are emitted to conversation rooms and user rooms (safety net). Client upsert is id-based to avoid duplicate timeline rows.
Chat identity model
Each DM instance is unique. If no custom chat name exists, the client resolves a fallback label format: @username#chatId.
Passcode and lock context
Passcode prompts include chat labels to reduce unlock mistakes across multiple DMs with the same person.
Client Trusted For
- Plaintext handling
- Key generation and local decryption
- Attachment encryption/decryption
Server Trusted For
- Auth and membership checks
- Storage durability and routing
- Signed media URL issuance and lifecycle cleanup
Server Not Trusted For
- Reading plaintext DM content
- Decrypting participant message envelopes
Current Limits
Honest status of today’s model and roadmap-adjacent constraints.