Star Get Early Access

Why We Built Static

By Static Team 10 min read
engineering privacy

On January 14, 2026, Discord confidentially filed for an IPO with Goldman Sachs and JPMorgan Chase as lead underwriters. Two months later, they announced mandatory age verification requiring either a government-issued photo ID or a real-time facial scan. Somewhere between those two events, we stopped waiting for someone else to build what we needed and started building it ourselves.

This is the story of why.

The Problem

Discord has 200 million monthly active users. It is the operating system for online communities --- gaming clans, open source projects, study groups, art collectives, hobbyist clubs, entire subcultures. For many people, their Discord server is more important than their group chat, their email list, or their neighborhood.

And now it belongs to Wall Street.

An IPO is not inherently a betrayal. But it changes the incentive structure permanently. A private company can optimize for user experience. A public company must optimize for quarterly revenue. Discord’s $600 million in annual revenue is impressive, but public markets will want growth, which means more data collection, more advertising surface area, more reasons to keep you engaged longer.

We have seen this movie before. Facebook went public in 2012. By 2018, Cambridge Analytica. By 2023, a $1.3 billion EU privacy fine. The trajectory is predictable because the incentives are predictable.

Discord’s trajectory is already visible. In 2024, they updated their privacy policy to allow training AI models on user messages. In early 2025, they expanded data sharing with “trusted partners.” And in March 2026, mandatory facial scans.

The Urgency

Let’s talk about the facial scans.

Discord’s “age verification” system, announced March 2026, requires users to either upload a government-issued photo ID or submit to a real-time facial scan using their device camera. Discord says a third-party vendor processes the biometric data and deletes it within 72 hours. They do not name the vendor. The process is mandatory for accessing any server marked as age-restricted, which server owners can now be required to enable.

This is not about protecting children. There are well-established approaches to age-gating that do not require handing biometric data to an unnamed third party. This is about building an identity graph.

The timing matters. In late 2025, a data breach at one of Discord’s age verification vendors exposed government IDs and selfie data for an estimated 3.2 million users. Discord’s response was to switch vendors, not to question whether they should be collecting this data at all.

The community reaction was immediate. Google Trends showed “Discord alternatives” searches spiking 10,000% overnight on February 9, 2026, when the full scope of the age verification mandate became clear. On the same day, a tweet reading “it’s been 10 years and there’s still zero discord alternative” accumulated 4,242 likes. Another, “startup idea: a good open source discord alternative,” reached 7,971 likes. Valve posted a single tweet about Steam Chat improvements that earned 192,850 likes --- not because Steam Chat is good, but because people were desperate for any alternative.

The frustration is real. The gap is real. And it has been real for a long time.

The Gap

If the gap is so obvious, why hasn’t it been filled? It is not for lack of trying.

Matrix/Element is the most technically mature alternative. It is an open standard, federated, and supports end-to-end encryption via the Olm/Megolm protocol. But Matrix was built for interoperability, not for privacy. Homeserver operators can see metadata --- who talks to whom, when, how often. The protocol leaks room membership across federation. And the user experience, after years of effort, still feels like IRC with a fresh coat of paint. Matrix is what you run when you have a sysadmin on staff.

Signal solves a different problem. It is the gold standard for private 1:1 and small group messaging. But Signal deliberately does not support communities, servers, channels, roles, threads, or voice chat for large groups. They made a principled decision to stay small and focused. We respect that, but it means Signal is not a Discord replacement.

Telegram is large and full-featured but not end-to-end encrypted by default. “Secret chats” are E2EE but limited to 1:1 conversations --- group chats use server-side encryption, meaning Telegram can read every group message. Telegram is a Discord alternative the way a motorcycle is a bus alternative. It gets you somewhere, but not with your community.

Revolt is a promising open source Discord clone with a familiar UI. But Revolt uses server-side architecture without end-to-end encryption. Messages are stored in plaintext on the server. It solves the “open source” part of the equation but not the “private” part.

Guilded was acquired by Roblox in 2021. It is proprietary, centralized, and optimized for gaming. Not an alternative --- a different flavor of the same problem.

None of these projects solve the full problem: a community platform with Discord’s feature set (servers, channels, voice, roles, DMs, threads), Discord’s ease of use, end-to-end encryption for all communication, no identity requirements, and the ability for community operators to run their own infrastructure.

That is what we are building.

What We Built

Static is a community platform with end-to-end encryption for every message, every voice call, and every video stream. No account required. No email. No phone number. No face.

The technical foundation:

End-to-end encryption via MLS (RFC 9420). The Messaging Layer Security protocol is an IETF standard designed for group encryption at scale. Every channel in Static is its own MLS group. When you send a message, it is encrypted on your device and can only be decrypted by the other members of that channel. Not by us. Not by the server operator. Not by anyone who intercepts the traffic.

Peer-to-peer networking via Iroh QUIC. Static uses Iroh, a QUIC-based peer-to-peer networking library, for all communication. For small groups (under 20 people), messages flow directly between devices. For larger communities, an operator-run “supernode” relays encrypted messages. The supernode cannot read message content --- it is a dumb pipe that forwards ciphertext.

No identity required. You do not need an email address, phone number, or government ID to use Static. You generate a local keypair on your device. That is your identity. If you want a display name, you pick one. If you want to be anonymous, you can be.

Full community features. Servers with channels. Text, voice, and video. Roles and permissions. DMs and group DMs. Message history with full-text search (local, encrypted). Invite codes. Everything you expect from Discord, built on a foundation that cannot spy on you.

Custom privacy layer. Beyond encryption, Static implements traffic analysis resistance. All messages are padded to fixed bucket sizes (256, 1024, 4096, or 16,384 bytes) so an observer cannot distinguish a short “lol” from a long paragraph. Cover traffic fills gaps between real messages. Batch shuffling at the supernode prevents timing correlation. The result: our wire traffic is statistically indistinguishable from random noise, with a Shannon entropy of 7.999996 out of a maximum 8.0 bits per byte.

We have stress-tested this system with 1,000 concurrent connections to a single supernode, 100-member MLS groups, and sustained throughput of 1,586 messages per second with 100% delivery. It works.

What We Believe

Building Static forced us to articulate what we actually believe about community software. We arrived at four convictions.

1. Community software should not require you to prove who you are.

The value you bring to a community is what you say and what you do, not your legal name, your face, or your government-issued number. Anonymous and pseudonymous participation is not a bug to be engineered away --- it is a feature that enables honest conversation, whistleblowing, support for sensitive topics, and freedom from social coercion. Any system that requires identity verification as a precondition for participation has made a choice about who gets to speak. We refuse to make that choice.

2. The people who run the servers should decide the rules.

Discord moderates communities from above. Their Trust and Safety team can ban servers, delete content, and suspend accounts based on their interpretation of their terms of service. Sometimes this is welcome. Often it is arbitrary. Always it is someone else’s decision about your community.

In Static, community operators run their own supernodes. They set the rules. They moderate. They decide what is allowed. There is no central authority that can delete your community overnight. If you run the server, you make the rules. That is not a bug --- it is the point.

3. Privacy is not a feature toggle --- it must be the architecture.

You cannot bolt privacy onto a system designed for surveillance. Discord’s architecture fundamentally requires that their servers can read every message, see every connection, and log every action. No amount of privacy settings can change that. The data exists, so it can be subpoenaed, breached, sold, or used for training AI models.

Static’s architecture makes surveillance impossible, not just disabled. End-to-end encryption means we cannot read your messages even if we wanted to. Ephemeral session keys mean we cannot correlate your sessions even if we tried. Relay routing means we cannot see your IP address even if we were compelled. Privacy is not a setting in Static. It is a mathematical guarantee.

4. Open source is not optional for trust.

You should not have to trust our promises. You should be able to read our code. Every line of Static is open source under the AGPL-3.0 license. The Rust core library, the networking layer, the encryption layer, the storage layer, the supernode, the Flutter client --- all of it. If we ever compromise on privacy, you will be able to see it in the diff.

Open source also means that Static cannot be killed. Even if our team disappears tomorrow, the code exists. Anyone can fork it, run it, modify it. Communities built on Static are dependent on mathematics and published source code --- not on our continued existence.

How We Pay for This

We get asked this question, and we think you deserve a straight answer.

Static follows the same model as Rocket.Chat and Element (EMS): the software is free and open source under AGPL-3.0, and we sell hosted infrastructure for people who don’t want to run their own servers. You can self-host a supernode on your own hardware at zero cost. If you’d rather not manage a server, we offer hosted supernodes starting at $5/month.

The pricing is per-community, not per-user. Three tiers: Spark ($5/month, 50 members), Signal ($15/month, 500 members), and Broadcast ($40/month, 5,000 members). The full breakdown is on our pricing page.

What we do not charge for: encryption. E2EE, traffic padding, cover traffic, batch shuffling, ephemeral identities --- every privacy feature described in this post is free at every tier, including self-hosted. You pay for the convenience of managed infrastructure, not for privacy.

This is not a charity model. Hosted infrastructure is a real service with real costs. We think it is also an honest model --- you can see exactly what you are paying for, and the thing you are paying for is not your own data.

What’s Next

We are honest about where we are. Static is in Phase 0 --- a proof of concept validating our three hardest technical unknowns:

  1. Can MLS messages be reliably delivered over Iroh QUIC streams with our privacy layer? (Target: >95% delivery, <5 second latency.)
  2. Can single-committer MLS ordering work for 20-member groups without epoch forks over 24 hours?
  3. Can LiveKit E2EE voice work with MLS-derived keys with less than 500ms key rotation gap?

Our privacy audit passes all 7 tests. Our stress tests show the system handles 1,000 connections and 100-member groups. Our wire traffic analysis shows statistical indistinguishability from random noise.

But we have not shipped a public release yet. The Flutter client is functional but rough. Voice and video are in progress. The onboarding experience needs work. We are engineers, and it shows.

If you want to follow along, the code is at github.com/nicholasraimbault/static. If you want to help, open an issue or a pull request. If you want to wait for something polished, we understand --- check back in a few months.

We built Static because we believe communities deserve better than a platform that is preparing to monetize them. We built it because the tools exist --- MLS is an IETF standard, Iroh is production-quality, Flutter runs everywhere --- and someone just needed to put them together with the right priorities.

Privacy first. Open source always. No identity required.

That is Static.

For a detailed privacy comparison with Discord, read Static vs Discord: A Privacy Comparison. For the technical deep dive on our wire traffic analysis resistance, read The Math Behind Your Privacy.