Source Code Open: Mold, a Secure Messaging App, Now Lives on GitHub

Today Mold took an important step toward full openness: a public repository has been launched on GitHub at github.com/WissCore/moldchat. From now on, anyone — from a
security researcher to a regular user — can read the code, check that we deliver what we promise, and see for themselves that there is nothing suspicious hidden inside
an encrypted messaging app that takes privacy seriously.

The first commit lays the foundation: a server skeleton, a set of security policies, and around ten automated checks that fire on every code change. The first signed
release of the server — version v0.1.0 — has been published. It is still a skeleton, with no working message delivery yet, but the foundation is in place. Every commit
is cryptographically signed, and every binary passes through a chain of Sigstore signatures, so the version we ship cannot be silently swapped on the way from GitHub
to your device.

Mold is a secure messaging app for people to whom anonymity matters. We are building it as one of the messaging apps without phone number: your communication is not
tied to a SIM card, never exposes your identity to a mobile carrier, and leaves no traces in public directories.

What comes next: the upcoming commits will add a full queue API for messages, then the cryptographic layer on top of libsignal — the same library that powers Signal
and WhatsApp. Every step will be public and auditable. Contributors are welcome — the repository contains a detailed guide for anyone who wants to help.

Open source is not a marketing move and not a gesture. An end to end encryption messenger that hides its inner workings raises questions by default. We chose the path
of full transparency: AGPL-3.0 license, every dependency tracked, every change independently reviewed.

Drop by, take a look, download the first build, or just star the repository: github.com/WissCore/moldchat.