Mission
Built for the hunted, not the hunters
Commercial spyware vendors sell governments the tools to break into the phones of journalists and activists. GuardTalk exists to make that materially harder — openly, and for the people targeted.
The threat landscape
The mercenary surveillance industry is real.
A commercial market sells governments the ability to remotely compromise a phone. Two families are well documented by independent researchers; we state them factually, not luridly.
Pegasus
NSO Group's tooling, documented by Citizen Lab and Amnesty International on the devices of journalists, lawyers, and activists — including through zero-click delivery.
Predator
The Intellexa alliance's spyware, traced to the phones of opposition figures and reporters across several jurisdictions.
These are examples from public reporting, not an exhaustive list. The point is the category, not any single vendor.
Who this is for
The people surveillance vendors hunt.
GuardTalk is built for those targeted by capable, resourced adversaries — and honest that capable is not omnipotent.
Journalists
Reporters and source protectors who carry information that powerful actors want, and who need to know exactly what protects a source.
Human-rights defenders
Organisers in hostile jurisdictions who expect raids and seizures, and need capture of one device not to unravel a network.
Activists
People whose work draws targeted attention, who need strong protection without a research project.
NGOs & newsrooms
Security leads deploying to field staff, who need fleet operation and a procurement story they can defend.
At-risk individuals
Dissidents, lawyers, and others who value ownership of the hardware and a private path to acquire it.
The community that vets us
Trainers and security researchers whose recommendation reaches hundreds of at-risk users — and who will not stake a reputation on overclaiming.
Who this is not for
The opposite of the honeypot phone.
A category of vendors sold closed, "untraceable" black boxes through mystique — routed through vendor-controlled servers, sometimes with vendor kill-switches, and in the Anom case an outright law-enforcement backdoor. They marketed to secrecy and were repeatedly broken or run by police.
GuardTalk is not for that use, and is not built like it. We occupy the opposite white space on every axis: open instead of closed, keys you hold instead of a server we read, mechanisms and limits instead of slogans.
Read the limits →| Axis | Honeypot vendors | GuardTalk |
|---|---|---|
| Who it's for | Marketed to crime | Civil-society defenders |
| Source | Closed, unverifiable | Open, auditable |
| Server trust | Vendor-readable | You hold the keys |
| Backdoor | Present / unknowable | None — shown in source |
| Claims | "Untraceable" | Mechanisms + limits |
| Alignment | None / criminal | Security community |
Alignment with the security community
We stand on shared work, and credit it.
GuardTalk depends on the open security ecosystem and names its debts. We never imply these projects endorse us, and we never claim their protections are absolute.
GrapheneOS
GuardTalkOS is built on the GrapheneOS hardening work, a technical dependency at grapheneos.org. We credit and depend on it; the project does not endorse us.
Tor
Traffic routes through Tor and distribution is Tor-based, a technical dependency at torproject.org. We credit the Tor Project, and we cite the correlation-attack limit on the threat model rather than overstate it.
We are aligned with the civil-society security community, and we name no specific organisation as an endorser. The upstreams above are credited as technical dependencies, not endorsers.
The open-source commitment
Trust offered as something you can check.
Our components are open source, auditable, and built to be reproduced. The mechanism is published source and reproducible builds; the limit is that this asks something of you — to verify rather than to feel reassured — and we think that is the honest trade.
Check the source →Honesty pledge
If we can't link a protection to a mechanism and a limit, we don't claim it.