Market Research

Ecosystem Survey

This is a non-profit, community-driven project. The goal is not to compete — it's to bring people together in real life using their mobile devices. We actively seek to join existing open-source projects or build upon their work rather than reinvent the wheel. The projects below are potential collaborators, upstream dependencies, or communities to contribute to.

Active Apps

Briar — Offline-first encrypted messenger

Status: Active (latest: v1.5.17, March 2026)
GitHub: briarproject/briar — ~3,200 stars
Downloads: 500K+ on Google Play, also on F-Droid
Platforms: Android, desktop (Linux/Windows via Flatpak). No iOS
License: GPLv3
Security audits: Cure53 audit (Nov 2017) — found 5 vulnerabilities (1 critical, 2 high), all addressed. No public follow-up audit since
Integration: Bramble transport layer is modular (Tor, BLE, WiFi Direct). Java/Kotlin codebase; the bramble-api and bramble-core libraries could be extracted, though they're tightly coupled to Briar's architecture
Overlap: Physical-first trust (QR codes), offline via Bluetooth/WiFi, Tor for online, no servers
Gap: No passive proximity discovery, no social feed, no iOS support
Collaboration potential: Very high — mature codebase, active community. Could contribute proximity discovery and social feed features upstream, or fork the Bramble transport layer

BitChat — BLE mesh + Nostr messaging

Status: Active beta (launched July 2025 by Jack Dorsey)
GitHub: nicobao/bitchat — ~400 stars
Platforms: iOS (TestFlight), Android planned
User base: ~10,000+ beta users
License: MIT
Security audits: None published. Independent researchers found impersonation vulnerabilities in 2025
Overlap: BLE mesh networking, no accounts, E2E encrypted
Gap: Uses Nostr for online (not Tor), security vulnerabilities found (impersonation), no physical-first trust requirement
Note: High-profile backing proves interest in BLE mesh social apps. Security concerns worth studying

Bridgefy — Offline mesh messaging SDK

Status: Active
Platforms: iOS, Android
User base: 12.5 million+ users worldwide
License: Proprietary (closed source)
Security audits: Royal Holloway, University of London (May 2023) — found critical vulnerabilities: message spoofing, user tracking across sessions, no forward secrecy. Researchers recommended against using it for sensitive communications
SDK: Bridgefy SDK available for iOS (Swift) and Android (Kotlin). Free tier allows BLE mesh in third-party apps. However, closed-source nature and audit failures make it unsuitable for privacy-critical applications
Overlap: BLE mesh, works without internet
Gap: Closed source, servers store internet-sent messages, critical security vulnerabilities
Lesson: Demand is proven (Hong Kong 2019 protests), but trust requires open source and real auditing

Berty — P2P messaging over BLE + IPFS

Status: Active development
GitHub: berty/berty — ~7,600 stars
Platforms: Android, iOS, desktop
License: Apache-2.0 / MIT dual-licensed
Security audits: No formal third-party audit published. Internal cryptographic review documented in their protocol specs
Integration: Wesh Network (berty/weshnet) is the standalone protocol library — Go-based, supports BLE, WiFi Direct, NFC, and mDNS. Designed to be embedded via gomobile bindings for iOS/Android. This is the most directly reusable component for our use case
Overlap: BLE and mDNS for local discovery, peer-to-peer, offline capable
Gap: Uses IPFS for relay (centralization risk), still in development
Collaboration potential: Very high — closest existing project to our vision. Contributing to Berty or building on Wesh may be the fastest path forward

Manyverse — SSB client for mobile

Status: Maintenance mode — Andre Staltz (creator) stepped down April 2024 after 7 years. Handed off to Jacob and Mix
GitHub: staltz/manyverse — ~952 stars, 87 forks
GitLab: Primary repo at gitlab.com/staltz/manyverse
Downloads: 10K+ on Google Play, also on F-Droid, iOS App Store, desktop (Win/Mac/Linux)
Latest version: v0.2407.28-beta (August 2024) — no releases since
Platforms: Android, iOS, desktop
License: MPL-2.0
Security audits: None. The SSB protocol itself has never had a published third-party security audit
Integration: Built on the Node.js SSB stack: ssb-db2, ssb-server, ssb-client, ssb-room, ssb-tribes (private groups), ssb-meta-feeds. TypeScript (React Native + Cycle.js frontend, Node.js backend via nodejs-mobile)
Overlap: Local-first, peer-to-peer social networking, data on device, gossip sync
Gap: Feeds not encrypted by default, no proximity discovery, designed for internet gossip. Development slowing significantly
Collaboration potential: Low-moderate — SSB ecosystem is shrinking. The protocol concepts (append-only feeds, gossip replication) remain relevant as design inspiration

Planetary — SSB client for iOS

Status: Effectively abandoned — team pivoted to Nostr in 2023
GitHub: planetary-social/planetary-ios — ~203 stars, 18 forks
Latest version: v2.1.2 (June 2024, maintenance release)
Platforms: iOS
License: MPL-2.0
Security audits: None
Successor: Team built Nos (nos.social) on Nostr — 144 stars, actively maintained
Why they left SSB: Nostr delivers updates faster; SSB's append-only log signing made everything harder; offline-first was "cool but rarely used"; Nostr gives users more control over data hosting
Overlap: Decentralized social, data on device
Gap: Same SSB limitations, now abandoned
Note: The SSB→Nostr pivot is an important data point about SSB's viability for mobile apps

Cwtch — Metadata-resistant messaging

Status: Active (Open Privacy Research Society, Canadian non-profit)
Git: git.openprivacy.ca/cwtch.im — not on GitHub (self-hosted Gitea)
Downloads: ~1,000+ on Google Play; also on F-Droid and direct APK
Latest version: v1.14.1 (stable, 2024); nightly builds ongoing
Platforms: Android, Linux, Windows, macOS. No iOS
License: MIT
Security audits: No formal third-party audit published. The Tapir and Cwtch protocols have academic-style specifications with formal threat modeling. Open Privacy has published detailed protocol documentation
Integration: Written in Go (core library) with Flutter frontend. The libcwtch-go library is the protocol core and could theoretically be used standalone, though documentation for third-party integration is minimal. Tor is a hard dependency
Overlap: Tor-based, metadata resistant, decentralized, multi-party encrypted groups
Gap: Internet-dependent (Tor), no offline/proximity mode
Collaboration potential: Moderate — strong on metadata protection. Could inform our online-mode design or share research on structural privacy

Status: Active
Platforms: iOS, Android
Overlap: Bluetooth proximity detection, NFC smart cards for contact sharing
Gap: Not privacy-focused, not offline-first, likely centralized backend
Note: Validates the "meet nearby people" UX

Offline (University of Toronto) — BLE proximity matching

Status: Active/beta (student project)
Platforms: iOS, Android
Overlap: BLE proximity without GPS or WiFi, no location sharing
Gap: Likely centralized matching, not designed for ongoing social relationships
Note: Academic validation of privacy-preserving proximity discovery

Genie Connections — Bluetooth dating

Status: Active
Platforms: iOS, Android
Overlap: Bluetooth-only proximity, no GPS
Gap: Dating-specific, likely centralized
Note: Proves Bluetooth-only social UX works for consumer apps

Happn — Proximity dating

Status: Active, millions of users
Platforms: iOS, Android
Overlap: Proximity-based social discovery
Gap: GPS-based (not Bluetooth), centralized, not privacy-focused
Note: Proves massive demand for proximity-based social discovery

Privacy-Focused Messengers (from awesome-privacy research)

SimpleX Chat — No-identity encrypted messaging

Status: Active (v5.x, 2026). Actively maintained by a small company (SimpleX Chat Ltd, UK)
GitHub: simplex-chat/simplex-chat — ~8,000+ stars
Platforms: Android, iOS, desktop (Linux, macOS, Windows)
License: AGPLv3
Security audits: Trail of Bits audit (October 2022) — found 9 findings, all addressed. The queue-based protocol design received strong praise from auditors
What it is: The only production messenger with no user identifiers — no account, no phone number, no keypair identity visible across contacts. Uses anonymous message queues with regular rotation. Full details at simplex.chat/privacy
Overlap: No-identity design directly addresses our anonymity requirement. In-person invitation QR code. Open source. Strong E2E encryption (Double Ratchet)
Gap: Internet-dependent (requires relay servers). No BLE/offline transport. The queue model is internet-centric
Collaboration potential: High as design inspiration. The SimpleX queue model for per-contact anonymity should be adapted for our offline contact establishment protocol

Session — Decentralized, no phone number required

Status: Active (Oxen Foundation, Singapore non-profit)
GitHub: oxen-io org — session-android ~1,300 stars
Platforms: Android, iOS, desktop
License: GPLv3
Security audits: Quarkslab audit (November 2021) — found 23 findings (4 critical), many related to the custom onion routing implementation. Some addressed, some acknowledged as known tradeoffs
What it is: Decentralized messenger using the Oxen Service Node network (similar to Tor) for onion routing. No phone number or email required — identity is just an Ed25519 public key
Overlap: No-phone-number registration, onion routing for metadata protection, open source
Gap: Tied to Oxen cryptocurrency ecosystem for network incentives (sustainability risk for non-profit). No offline capability. Quarkslab audit revealed protocol weaknesses in closed groups
Collaboration potential: Low-moderate — the onion routing model for our internet relay mode is relevant, but the cryptocurrency dependency and audit findings are concerns

Matrix / Element — Federated open communication

Status: Active (Element Ltd, UK company + Matrix.org Foundation)
GitHub: element-hq/element-android — ~3,000 stars
Platforms: Android, iOS, web, desktop
License: Apache-2.0 (protocol + server), AGPLv3 (Element clients post-2023)
Security audits: NCC Group audit of E2E encryption implementation (November 2016); multiple subsequent audits of specific components
What it is: An open federated communication protocol with rich room-based messaging. The Matrix event graph (append-only DAG with cryptographic links) is the most mature open specification for persistent, decentralized message history
Overlap: Open protocol, federated, E2E encryption (Megolm), room event model directly applicable to our feed design
Gap: Federated servers required (internet). Server operators see metadata. Not offline-capable. Account required (homeserver registration)
Collaboration potential: High for protocol learning — the Matrix room event DAG is a direct reference for our social feed architecture. Megolm (group ratchet encryption) is worth studying alongside MLS as a group encryption candidate

GrapheneOS — Hardened Android OS

Status: Active (GrapheneOS project, non-profit)
GitHub: GrapheneOS org — ~4,000+ stars across repos
Platforms: Google Pixel phones (6, 7, 8, 9 series)
License: Various open-source licenses (AOSP base + custom hardening patches)
Security audits: No single audit; security claims are well-documented and regularly verified by the community. Daniel Micay (founder) is a respected security researcher
What it is: The gold-standard Android privacy/security distribution. Removes all Google tracking while maintaining full app compatibility (sandboxed Google Play available). Adds memory safety improvements, exploit mitigations, and privacy controls far beyond stock Android
Relevance: All Android prototypes for this project should be developed and tested on GrapheneOS. It eliminates the Google Play Services tracking layer that our app is designed to avoid, making it the reference deployment platform
For testing: CalyxOS (with microG) is an alternative for users who need broader hardware support or more familiar UX

New Entries: P2P Frameworks & Tools

p2panda — Modular p2p protocol framework

Status: Active development (pre-1.0)
GitHub: p2panda org — main repos: p2panda-rs (~270 stars), aquadoggo (node implementation ~130 stars)
Platforms: Cross-platform (Rust core, WebAssembly support)
License: AGPL-3.0 (aquadoggo), MIT (client libraries)
Security audits: None published
What it is: A modular framework for building local-first, peer-to-peer applications. Provides signed append-only logs (similar to SSB), schema-based data types, and a gossip-based sync protocol. Built in Rust with WASM bindings
Integration: Rust core library (p2panda-rs) handles data types, signing, and validation. aquadoggo is the reference node. Client SDKs exist for TypeScript/JavaScript. GraphQL API for queries
Overlap: Local-first, append-only logs, peer-to-peer sync, no central server
Gap: No built-in proximity discovery or BLE transport. Focused on data layer, not messaging
Collaboration potential: High — the modular data layer could serve as our social graph / feed backend. Could pair with Berty/Wesh for transport

Quiet — P2P team chat over Tor (Slack/Discord alternative)

Status: Active development
GitHub: TryQuietly/quiet — ~2,000 stars
Platforms: Desktop (Windows, macOS, Linux), mobile in development
License: GPL-3.0
Security audits: None published
What it is: A peer-to-peer alternative to Slack/Discord. Uses Tor onion services for connectivity and OrbitDB/IPFS for data sync. Each "community" is a self-contained network with no central server
Tech stack: Electron + React (desktop), libp2p + Tor + OrbitDB
Overlap: No central server, E2E encrypted group communication, open source
Gap: Internet-dependent (Tor), no offline/proximity mode, desktop-first
Collaboration potential: Moderate — proves the model of serverless group communication. Their Tor integration patterns could inform our online relay mode

Cabal — Offline-first group chat

Status: Low activity / experimental
GitHub: cabal-club org — cabal-core ~200 stars, cabal-desktop ~850 stars
Platforms: Desktop (Electron), terminal client
License: AGPL-3.0
Security audits: None
What it is: An experimental p2p group chat protocol (Cable) designed for offline-first use. Uses append-only logs with cryptographic links. Supports LAN discovery and sync without internet
Tech stack: Node.js (original), Rust rewrite in progress (cable.rs/cable-handshake.rs)
Overlap: Offline-first, no servers, LAN discovery, append-only log architecture
Gap: No mobile apps, small community, no proximity discovery, limited encryption (no per-message E2E)
Collaboration potential: Low-moderate — the Cable protocol design is interesting for offline sync patterns, but the project lacks momentum and mobile support

Meshtastic — LoRa mesh communication

Status: Active, growing community
GitHub: meshtastic org — firmware repo ~4,500 stars
Platforms: ESP32/nRF52 hardware + companion apps (Android, iOS, web)
User base: Large hobbyist community; 370K+ devices estimated
License: GPL-3.0
Security audits: No formal audit. Community-identified vulnerabilities in earlier versions. AES-256 encryption added but key management is basic (single channel key shared among all participants)
What it is: Open-source LoRa mesh networking for long-range (km-scale), low-bandwidth communication without cellular or WiFi infrastructure. Requires dedicated hardware (~$30 ESP32 + LoRa radio)
Overlap: Fully decentralized mesh, works without any infrastructure, encrypted
Gap: Requires dedicated hardware (not phone-only), very low bandwidth (text only), basic encryption model, not designed for social networking
Collaboration potential: Low for our core use case (requires hardware), but interesting as an optional "extreme offline" transport layer. The community proves demand for infrastructure-independent communication

Failed / Discontinued Apps

Peak: Valued at $400M (2014). 9th most downloaded social app in US. 1.8M downloads/month
What went wrong:
- Hyper-local anonymity led to cyberbullying and targeted harassment
- Hoax threats on college campuses triggered school bans and geo-fencing
- User base shrank 75% from 2015 to 2016
- Adding required handles (removing anonymity) alienated remaining users
- Sold for $1M (0.25% of peak valuation)
Lesson: Anonymity + proximity + public posting = moderation nightmare. Our design mitigates this: messages are private (not broadcast), contacts require physical meeting (accountability through proximity), and there's no public feed visible to strangers

What it did: Multipeer Connectivity mesh chat, huge adoption during Hong Kong protests
What went wrong: No encryption, no sustainable business model, overshadowed by alternatives
Lesson: Crisis adoption is real but hard to retain. Security must be built in from day one

What happened: Too early — smartphones weren't ubiquitous, BLE didn't exist yet
Lesson: Timing matters. BLE is now universal, making this viable in 2026

These don't target proximity but represent the broader movement away from centralized platforms:

Bluesky / AT Protocol

User base: 43 million (March 2026)
Funding: $100M Series B (March 2026, Bain Capital Crypto)
AT Protocol: Being standardized in IETF. 1,000+ third-party apps
Relevance: Proves mainstream appetite for decentralized social. Their "algorithm choice" and account portability concepts are relevant

Mastodon / Fediverse (ActivityPub)

User base: ~1.75 million monthly active users, 10-15M accounts
Growth: 50%+ year-over-year in niche communities
Relevance: Federated model shows how decentralization works at scale. Our app could optionally interoperate with ActivityPub for the online mode

Research Projects

Amigo — Secure group mesh messaging (2025)

Origin: City College NY, Harvard, Johns Hopkins (ACM SIGSAC 2025)
Focus: Secure group messaging for protest scenarios with ad-hoc mesh
Notable: Addresses vulnerabilities found in Bridgefy and similar apps (message ordering, user tracing)
Relevance: Directly applicable research for our mesh sync layer

Rumble — Delay-tolerant microblogging

Model: Messages spread via "store-carry-forward" through ad-hoc networks
Relevance: SSB-like epidemic spreading, but designed for mobile ad-hoc networks

Market Size Data

2025: $18.5 billion
2035 projected: $141.6 billion
CAGR: 22.6%

Messaging Security

2025: $11.1 billion
2030 projected: $30.7 billion
CAGR: 22.4%

End-to-End Encrypted Communication

2025: $7.4 billion
2032 projected: $20.0 billion
CAGR: 21.7%

Encrypted Messaging Apps

2025: $357 million
2033 projected: ~$830 million
CAGR: 11.4%

Key Insights

Real demand exists: Bridgefy's 12.5M users and BitChat's instant 10K beta waitlist prove people want offline/mesh messaging
Crisis-driven spikes: Protest movements and internet shutdowns drive massive adoption bursts (FireChat, Bridgefy). Design for sustained use, but be ready for crisis onboarding
Cold start problem: Every proximity app struggles with "who's nearby when nobody uses it yet?" — mitigate by ensuring the app is useful for existing contacts (messenger) even before discovering strangers
Privacy claims vs. reality: Bridgefy's audit failures show that marketing privacy is easy, delivering it is hard. Open source + independent audits are essential for credibility
Timing is right: BLE is universal, post-quantum crypto is available, decentralized social is mainstream (Bluesky at 43M users), and trust in centralized platforms is at historic lows
Yik Yak warning: Anonymous + local + public = disaster. Our design avoids this: communication is private, contacts are intentional, and there's no public broadcast
Build with, not against: Berty/Wesh, Briar, and p2panda are open-source projects with overlapping goals. Contributing to or building on these communities is preferred over starting from scratch
Non-profit alignment: Several of these projects (Briar, Cwtch/Open Privacy, p2panda) are run by non-profits or research groups with similar values — natural allies
SSB ecosystem is declining: Both Manyverse (creator left) and Planetary (pivoted to Nostr) signal that SSB may not be the right foundation for new projects. The concepts are sound, but the ecosystem lacks momentum
Security audits are rare: Only Briar (Cure53, 2017) and Bridgefy (Royal Holloway, 2023) have published third-party audits. This is a gap across the entire ecosystem — and an opportunity to differentiate by commissioning early audits

Updates (2025–2026)

Briar — Steady Releases, v1.5.17 Confirmed

Briar maintained a steady release cadence: v1.5.14 (February 2025), v1.5.15 (December 2025), and v1.5.17 (March 2026), confirming the version and date already listed on this page. Briar Mailbox reached v1.0.9 in August 2025. Desktop work continues with v0.5.0-beta adding private group support. No new public security audit has been announced since the 2017 Cure53 review. Source: Briar Project website.

SimpleX Chat — v6.x Growth

SimpleX Chat shipped a steady stream of v6.x releases throughout 2025, reaching v6.4.11 (March 2025) on the stable channel and opening a v6.5 beta series (January–April 2025) that introduced public channels backed by user-run chat relays, ~30% memory reduction, voice messages on desktop, and a "knocking" flow for group admins to vet new members. The repository reached approximately 10,900 GitHub stars by April 2026, up from ~8,000 cited on this page. Source: simplex-chat/simplex-chat releases.

BitChat — Security Concerns Remain Unresolved

No independent security audit of BitChat has been published as of April 2026. Dorsey added a disclaimer to the GitHub repository shortly after launch: "Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed." Researcher Alex Radocea publicly disclosed a broken identity authentication system allowing attacker-controlled devices to impersonate users. The app moved to the Apple App Store in late July 2025 despite these open issues. Sources: TechCrunch, permissionlesstech/bitchat — reinforces that BitChat should not be treated as a production-safe upstream dependency.

p2panda — v0.2.0 and Local-First Group Encryption

p2panda shipped v0.2.0 (January 2025) with improved offline-first sync behaviour — bidirectional log-sync, graceful live-mode reset after connectivity loss, and dynamic mDNS rebinding. In February 2025 the team published design documentation for p2panda-encryption, a standalone Rust crate implementing local-first group encryption using the DCGKA protocol and a CRDT membership layer. A security audit by Radically Open Security was underway with NLNet funding. Sources: p2panda v0.2.0 release, group encryption announcement.

Bluesky — Growth Moderating

⚠ Note on existing content: The page states 43 million users as of March 2026. Multiple independent trackers place the figure closer to 40–42 million at that date — the 43M figure may be slightly optimistic. Bluesky entered 2025 with roughly 30 million registered users and daily active users stabilised around 3.5 million as of November 2025. Sources: Skyscraper growth statistics, BluePilot 2026 outlook.

Nostr — Activity Levelling Off

As of late 2025, Nostr's growth had stalled after a period of rapid expansion. The ecosystem counts over 140 client applications but daily active user figures remain modest (roughly 3,600–4,000 DAU). Lightning Network address adoption within Nostr profiles grew 82.5%, indicating the protocol is consolidating around a Bitcoin-payments niche. Source: Glukhov.org — Nostr overview and statistics, October 2025.

New Entrant — Offline (University of Toronto)

A University of Toronto student team launched Offline in September 2025, a proximity-matching social app using BLE to surface nearby users based on shared interests without GPS location sharing. While a research project rather than a production tool, it demonstrates ongoing independent interest in the BLE-proximity social pattern central to our vision. Source: The Varsity.

Market Size — Methodology Note

Independent research firms continue to publish widely divergent estimates for the decentralised social network market, reflecting differing scopes. The figure cited on this page ($18.5B in 2025) aligns with Future Market Insights; other firms place the 2025 baseline between $2.9B and $9.4B with CAGRs of 20–23% through 2034–2035. The spread reflects methodology differences rather than factual contradiction. Sources: market.us, Future Market Insights.