Server-blind relay architecture for private coordination.

What Server-Blind Means

The relay is not trusted with plaintext message content, plaintext media, private keys, hosted recovery authority, or a readable production contact graph.

• - messages are encrypted before relay transit
• - call signals use the encrypted message path
• - plaintext message type is not exposed as a relay-readable header
• - relay-side contact graph hosting is avoided in production

Why It Matters

Communication systems leak through structure, not just content. Xentrop reduces the amount of sensitive coordination structure available to relay authority where practical.

• - less relay knowledge about the conversation surface
• - clearer breach boundary for relay compromise
• - more precise buyer review than generic secure-messaging claims

What Still Exists

Server-blind does not mean metadata-free. Xentrop states residual boundaries plainly so security teams can reason about real risk.

• - IP connection timing can remain visible
• - opaque mailbox access and blob size can remain visible
• - traffic volume and push timing can remain visible
• - call transport timing and packet cadence can remain visible

Relay Breach Boundary

A relay breach should not become a conversation breach. Relay compromise is still operationally serious, but the relay is not designed to hold plaintext messages, hosted recovery capsules, private keys, or a production contact graph.