(no title)

I built LastSignal because I was uncomfortable trusting a third party with extremely sensitive information (final messages, recovery instructions, etc.).

LastSignal is a self-hosted dead man's switch: you prepare encrypted messages that are automatically delivered to chosen recipients if you stop responding to periodic check-ins.

Security-wise, the server is treated as untrusted by design:

- messages are encrypted client-side

- the server never sees plaintext

- the operator cannot decrypt stored data

I've documented the security model, threat assumptions, and known limitations here:

https://lastsignal.app/security/

Source code:

https://github.com/giovantenne/lastsignal

This is an early but usable version. I'm especially interested in feedback on the threat model, edge cases, and assumptions around liveness and delivery.

Happy to answer questions.