“Privacy by design” in action: the architecture of true confidentiality

In a digital world where our data has become currency, a fundamental question arises: how can we communicate with confidence? The answer lies not in longer privacy policies or marketing promises, but in the very architecture of the applications we use.

It is time to adopt a new paradigm, a “Privacy by Design” model where privacy is not an added feature, but the foundation on which everything is built. Here are the pillars of this architecture of trust.

The charter

1. The absence of a center: decentralized architecture (peer-to-peer)

Most online services operate like a central post office. Every message and every piece of data passes through a company’s servers. This model, although simple, creates a single point of vulnerability: whoever controls the center controls the data.

The new model eliminates this center. It is inspired by the oldest form of communication: direct conversation. Applications built on this principle create peer-to-peer networks, where users’ devices connect as directly as possible.

  • The benefit for the user: There is no longer an intermediary who stores, analyzes, or can be compelled to disclose your communications. By eliminating the central server, we eliminate the possibility of mass surveillance at the source. This is the structural guarantee that no one can come between you and your correspondent.

2. The shared secret: unconditional end-to-end encryption

In a secure architecture, encryption is not an option, it is a rule. Every piece of information, before even leaving your device, is sealed in a cryptographic “envelope.” Only the final recipient has the unique key capable of opening it.

This principle, known as end-to-end encryption, ensures that even if data were intercepted, it would remain a string of characters that no one else could decipher.

  • The benefit for the user: It’s a mathematical certainty. Your conversations, files, and secrets remain private, inaccessible to hackers, Internet service providers, and even the app’s creators.

3. Sovereign identity: you are the key.

Why should we tie our ability to communicate to a phone number, email address, or social media profile? These identifiers anchor us in an ecosystem of surveillance and marketing.

Privacy-respecting architecture separates identity from personal information. Your “account” is no longer an entry in a database, but a unique cryptographic key that only you control, generated and stored on your device. This is the principle of sovereign identity: you own and manage your own digital identity.

  • The benefit for the user: True anonymity and protection against profiling. You can interact freely without every action being linked to your real identity. There is no longer a centralized “user database” to hack or exploit.

4. Data localization: your device, your fortress

The cloud is convenient, but it’s just someone else’s computer. Storing our most intimate conversations there is like handing the keys to our diary to a third party.

The privacy-first model reverses this logic. By default, data remains on your device, encrypted and under your control. If a backup is necessary, it must be encrypted with a key that only you possess, rendering the data unreadable to the storage provider.

  • The benefit for the user: Total sovereignty over your data. You are no longer dependent on the security, policies, or longevity of a third-party company. Your personal archives truly belong to you.

5. Network dynamics: resilience and metadata concealment

Rather than a rigid, centralized structure, the network is formed by the participants themselves, in an organic and dynamic way. Messages do not follow a monitored highway, but intelligent, optimized paths through this decentralized mesh.

This approach not only makes the network extremely resilient (there is no “head” to cut off), but also protects “metadata” — information about who is talking to whom. By routing messages in encrypted form through other participants, it becomes extremely difficult to map social relationships.

  • The benefit for the user: Double protection. Not only is the content of your messages secret, but the context of your conversations (your social circles) is also protected, preventing profiling and analysis of your relationships.

Conclusion: Build trust through code, not words

The future of private communication will not be won with promises, but with proof. The proof lies in the software architecture itself.

By choosing and promoting applications built on these pillars—decentralization, end-to-end encryption, sovereign identity, local data, and dynamic networks—we are moving from a model of granted trust to a model of verifiable trust. We are creating a digital environment where privacy is the norm, not the exception.

“Privacy by Design” Label Charter

Preamble: A trust pact for the digital age

In an era where personal data has become a commodity and surveillance the norm, trust in our digital tools has eroded. Marketing promises and opaque privacy policies are no longer enough. True trust can only be restored through architectural proof, embedded in the very code of the applications we use.

The “Privacy by Design” label is not just a statement of intent. It is a technical and philosophical commitment. It certifies that the application displaying it has been designed, from its very first line of code, around a fundamental principle: the unconditional protection of its users’ privacy.

This charter defines the non-negotiable principles that an application must comply with in order to be eligible for this label. It constitutes a transparency pact between developers and users, guaranteeing that privacy is not an option, but the very foundation of the service.

The five fundamental principles of architecture

Any application bearing the “Privacy by Design” label must implement, without compromise, all of the following architectural principles:

Principle I: Decentralized Architecture without a Central Trusted Third Party The application must not rely on a central server to relay or store user communications. Connections must be established directly (peer-to-peer) as much as possible. The architecture must eliminate any central bottlenecks that could become points of surveillance or censorship.

Principle II: Robust Cryptography and Systematic End-to-End Encryption All communications between users (messages, calls, file transfers) must be end-to-end encrypted by default and without exception. This means that only the people communicating can access the content of their exchanges. Encryption keys must be generated and stored on users’ devices, making them inaccessible to any other party, including the application developers.

Principle III: Sovereign Identity and Anonymity by Default The use of the application should not require any personally identifiable information (such as a phone number, email address, or real name). The user’s identity should be based on cryptographic keys that they generate and control themselves (“Sovereign Identity”). Anonymity should be the norm, and sharing personal information should be an explicit choice made by the user.

Principle IV: User Control and Localization of Data (Local-First) User data, including conversation history and files, should be stored primarily and by default on their own devices. Any form of synchronization or backup to the cloud should be optional and must be end-to-end encrypted with keys controlled exclusively by the user. The user must have the ability to permanently delete their data.

Principle V: Protection of Metadata The architecture should actively seek to minimize the collection and exposure of metadata (who communicates with whom, when, and how often). The use of mesh networks and routing techniques that obscure the origin and destination of messages is encouraged to prevent social graph analysis and mapping of relationships between users.

Commitment to certified applications

Developers of an application wishing to display the “Privacy by Design” label undertake to comply with the following conditions:

  1. Full membership: The application must demonstrably implement all five fundamental principles set out in this charter.
  2. Architectural Transparency: Developers must be able to explain publicly and transparently how their application architecture complies with each principle. The use of open protocols and open-source code is strongly encouraged as proof of this commitment.
  3. Logo Display: The official “Privacy by Design” label logo must be displayed prominently within the application (for example, in an “About” screen, a settings menu, or on the welcome screen).
  4. Link to the Charter: The displayed logo must contain a hyperlink leading directly to this charter page, allowing users to verify the meaning and requirements of the label.

Meaning of the label for users

When you see the “Privacy by Design” logo on an app, it acts as a seal of trust. It guarantees that:

  • Your conversations are unreadable by anyone other than your correspondents.
  • Your identity is not linked to your personal information.
  • You have complete control over your data.
  • The app was designed from the outset to protect you, not to exploit you.

Applications labeled “Privacy by Design”

The list below shows the applications that have demonstrated their adherence to the principles of this charter and that comply with the terms of engagement.

(This list is updated with certified applications.)

iCanText
iCanSend
iCanPhone

This charter represents a commitment to a digital future where privacy is not a luxury, but a fundamental human right built into the core of our technology. We invite developers around the world to adopt these principles and join this movement for a safer and more respectful Internet.

Back to home page