P · 01
Registered
A SIM is a registered identity. In much of the world, buying a SIM means showing ID, and carriers answer to governments. An account anchored to your number is anchored to you.
01 — NoidChat / No Phone Number
Nearly every mainstream private messenger starts the same way: hand over your phone number. NoidChat never asks. Pick a username and you're in. Everything after is end-to-end encrypted, post-quantum ML-KEM on messages and calls by default.
02 — The Problem
It is the most heavily regulated identifier you own. Key a messaging account to it and three things follow, none in your favor.
P · 01
A SIM is a registered identity. In much of the world, buying a SIM means showing ID, and carriers answer to governments. An account anchored to your number is anchored to you.
P · 02
SIM-swap attacks work at the carrier, not on you. Talk a support rep into porting a number, and the attacker receives the victim's verification SMS. Any app that treats a number as proof of identity inherits every weakness of the phone network.
P · 03
Contact discovery leaks your social graph. Phone-number apps scan your address book to "find your friends". That scan maps who knows whom before a single message is sent. Encryption never protects this; the graph was never message content.
None of this is a bug. It is a design decision: the number makes onboarding frictionless, the contact graph makes growth automatic, and the cost is your anonymity, paid at signup.
03 — Registration
Open chat.noid.gg. Choose a username. Set a password. That is registration, in full. Browser first, Android APK if you want it. No SIM required at any step.
Your username is the only handle on the account. The consequence is underrated: NoidChat cannot hand over, leak, or lose a number it never collected. The full model is covered in the NoidChat security deep-dive.
04 — The Tradeoff
The honest part: NoidChat holds no numbers, so it cannot scan your address book and tell you which friends are already here. That scan is the leak we refuse to build, so connecting works differently.
C · 01
Exchange usernames. Share your handle like any other contact detail. Nobody can look you up by a number you never gave.
C · 02
Scan a rotating QR code. One scan in person adds a friend. Codes rotate every 60 seconds and are HMAC-signed, so an old screenshot cannot be forged or replayed.
Slower than automatic discovery, and that is the point. Nobody can enumerate a database of numbers to find you, and no server ever learns who is in your phone book.
05 — Beyond Signup
Registering without an identity only matters if the rest of the app holds the same line. It does.
S · 01
Post-quantum encryption by default. Direct messages, files, and voice notes are encrypted with ML-KEM-768 wrapped around AES-256-GCM, no toggle required. One tap upgrades a conversation to ML-KEM-1024, NIST Category 5. Calls run a post-quantum handshake, then encrypt every frame with AES-256-GCM.
S · 02
Biometric lock. Lock the app with fingerprint or face recognition using real WebAuthn cryptographic verification, not a cosmetic screen overlay.
S · 03
Hyper Protect. Set a deactivation PIN. If it is ever entered, all your data is permanently destroyed and the account ceases to exist.
New to ML-KEM? Read the post-quantum encryption explainer.
06 — Compare
Registration requirements as of July 2026.
07 — FAQ
No. Registration is a username and a password. There is no phone field, no email field, and no SMS verification anywhere in NoidChat signup at chat.noid.gg — distinct from the optional noid.gg website account.
They don't, unless you want them to. Share your username, or add each other in person with a rotating QR code that changes every 60 seconds and can't be replayed.
No phone number or email — those were never collected. What the server does see: your username, who you exchange messages with (it has to route the ciphertext), message timing, and the IP you connect from. Message, file, and voice-note content is end-to-end encrypted with post-quantum ML-KEM before it leaves your device and is unreadable to us.
No. Selected components of NoidChat's encryption layer are public for transparency; the rest is proprietary. Signal, by contrast, is fully open source.
The web app runs on iOS via Safari today. A native iOS build is in development.
08 — Get NoidChat
No download. No phone. No email. Runs in your browser. NoidChat — because privacy isn't optional.