It looks like Australian government agencies have compromised Ghosh Chat, an anonymous & encrypted messaging service.
Context: Ghosh Chat was an anonymous messaging platform where you could send messages without requiring an email or phone number. It was partially open-source but controlled by a single company. In terms of user experience, company structure, and governance, it was very similar to Threema and Session.
But like any company, they had a headquarters. Ghosh Chat’s HQ was based in Sydney. Until yesterday, it was generally trusted for anonymity and encryption. It was used daily by many criminals across the world and had been battle-tested, although it also had plenty of regular users.
The Scary Part: It turns out Ghosh Chat had been compromised for quite some time. Today, police started making arrests across Australia. Authorities have all the chat logs and are now using them to incriminate users.
The site is still live, but it’s compromised.
So, what went wrong? Ghosh Chat wasn’t just any app—it was OG, battle-tested, and encrypted. But it had the same fundamental problem as Session and Threema—and it’s a dangerous one.
The issue is the single point of failure. When one company has full control over the underlying protocol, the app/website, and the encryption implementations, it becomes incredibly easy to introduce backdoors, compromise the entire network, or even take it down altogether.
Nostr now has a huge opportunity to solve the private communication problem once and for all. It’s the only decentralized, permissionless, and anonymous communication protocol that exists right now.
