Why We Built This
Privacy tools are powerful. They can protect journalists and activists — or be misused by bad actors. Here's how we think about this responsibility.
"Privacy is a human right, not a privilege."
We believe everyone deserves the ability to communicate privately. This right doesn't disappear because some people misuse it — just as the right to close your curtains doesn't disappear because some people have something to hide.
Who ASH Is For
ASH is designed for people who need real privacy — not because they're doing something wrong, but because the consequences of exposure are severe.
Journalists & Sources
A reporter's source might lose their job, their freedom, or their life if identified. Traditional encryption is "probably safe" — ASH is mathematically guaranteed.
Real example: Journalists communicating with sources in authoritarian regimes, corporate whistleblowers, or anyone whose exposure would have severe consequences.
Human Rights Workers
Activists, lawyers, and advocates operating in hostile environments face surveillance that can be life-threatening. They need guarantees, not promises.
Real example: NGO workers documenting abuses, lawyers defending political prisoners, activists organizing in repressive states.
Personal Safety
Some people face threats from stalkers, abusers, or others who would harm them if they could track their communications.
Real example: Domestic abuse survivors coordinating with support networks, witnesses in protection programs, anyone fleeing a dangerous situation.
Legitimate Business
M&A negotiations, strategic planning, intellectual property — some business communications are genuinely sensitive and the cost of leaks is catastrophic.
Real example: Executives discussing confidential deals, lawyers handling sensitive cases, researchers protecting proprietary work.
These use cases share something: communication is infrequent, the parties can meet in person, and the stakes are high enough to justify the extra effort ASH requires.
The Hard Truth About Privacy Tools
Any tool that protects good people can also protect bad people. We acknowledge this reality honestly.
Strong encryption is a dual-use technology. The same properties that protect a journalist's source from an authoritarian government can also shield criminals from law enforcement. We don't pretend otherwise.
Some people argue that privacy tools shouldn't exist because they can be misused. We disagree. By that logic:
- Curtains shouldn't exist because criminals use them
- Envelopes shouldn't exist because they hide illegal mail
- Locks shouldn't exist because they keep out police
Privacy is a normal human need. The existence of misuse doesn't eliminate the legitimate need — it just means we have to be thoughtful about how we build these tools.
How We Limit Misuse Potential
We can't prevent all misuse, but we've made deliberate design choices that reduce ASH's appeal for harmful purposes while preserving its value for legitimate use:
| Design Choice | Why It Matters |
|---|---|
| Physical meeting required | You can't set up ASH with strangers on the internet. Both parties must meet face-to-face, which limits use by people who want to remain anonymous to each other. |
| One-to-one only | No group chats, no channels, no way to broadcast to many people. ASH can't be used to coordinate large groups or spread content virally. |
| Limited capacity | You can only send a fixed number of messages before meeting again. This limits the volume of any single conversation. |
| Text only | No photos, no videos, no files. You can't use ASH to share illegal images or distribute harmful content. |
| No anonymity | ASH doesn't hide that you're using it. An observer can see that communication is happening, even if they can't read the content. |
| Visible when running | No stealth mode, no hidden operation. ASH is visibly installed and running — it's not designed to evade detection. |
These constraints make ASH less useful for large-scale criminal operations, anonymous abuse, or mass coordination — while keeping it useful for the one-on-one, high-stakes communications it's designed for.
What ASH Will Never Do
We commit to these principles regardless of user demand, business pressure, or technical possibility:
Add features designed to evade law enforcement
We protect content, not behavior. ASH is not designed to help you avoid being caught doing something wrong.
Market as "untraceable" or "anonymous"
ASH provides confidentiality, not anonymity. We're honest about what it does and doesn't protect.
Optimize for growth or virality
ASH is deliberately designed for small-scale, intentional use. We will never add features that encourage rapid spread.
Build backdoors or master keys
The math doesn't allow backdoors, and we wouldn't build them if it did. There's no way for us or anyone else to decrypt your messages.
Accept funding that compromises these principles
We won't take money that comes with strings attached to our ethical position.
Shared Responsibility
Ethical use of ASH is a shared responsibility between us (the developers) and you (the users):
Our Responsibility
- Build with ethical constraints from the start
- Be honest about what ASH does and doesn't do
- Refuse features that increase harm potential
- Make our code open source for verification
Your Responsibility
- Use ASH lawfully and ethically
- Understand what you're doing and why
- Take responsibility for your choice of partner
- Not use ASH to facilitate harm
Our Position
"ASH exists to make careful communication possible, not effortless secrecy."
We believe privacy is a human right. We also believe that tool designers bear responsibility for how their tools are used.
We've chosen to discharge that responsibility through thoughtful design constraints rather than surveillance, backdoors, or refusing to build privacy tools at all.
If at any point ASH's direction conflicts with these ethical principles, we will stop, reconsider, and if necessary, not proceed. Ethics are not a feature — they're a constraint on what we will build.
For security details, see Security. For technical specifications, see the Whitepaper.