# Faction — we can’t read your messages. [Faction Privacy First](/) [Open Faction](https://app.faction.chat) Product · Features # Features Last updated: 2026-05-18 Faction is a privacy-first communication platform: servers, channels, DMs, voice, video, and the collaboration tools a community actually uses — all end-to-end encrypted by default. The list below is what ships in v0.3 alpha. The cryptographic stack is documented in the [whitepaper](/whitepaper); the tier breakdown lives on the [pricing](/#pricing) section of the home page. ## Messaging - Encrypted server channels — group conversations are encrypted with MLS (RFC 9420, openmls). The server stores ciphertext and routing metadata; it cannot read message bodies, mentions, or reactions. - Encrypted direct messages — 1:1 DMs use the Signal Protocol (X3DH + Double Ratchet via vodozemac) with forward secrecy and post-compromise security. - Private group DMs — multi-person direct conversations use the same MLS group machinery as server channels. - Disappearing messages — per-conversation TTL with server-side enforcement of the metadata expiry; ciphertext is purged on the timer. - Drafts, pins, bookmarks — locally synced across devices; pins and bookmarks are stored as encrypted references, never plaintext. - Search — client-side index over decrypted messages. The server never sees the query and has no plaintext to search. ## Voice & video - End-to-end encrypted voice and video — SFrame media encryption keyed from the MLS group exporter. The SFU forwards encrypted frames; it cannot decode audio or video. - Screen sharing — same SFrame envelope as video. Pick a window, monitor, or tab. - Custom Rust media engine — the SFU is built on str0m (in-repo, no third-party media vendor). Voice calls are routed application-level, not behind a UDP load balancer, so latency stays low. - Studio-grade audio DSP — a 10-stage chain runs in the desktop client before the mic ever hits the network: input gain, acoustic echo cancellation, noise suppression, gate, EQ, compressor, leveler, limiter, voice-activity detection, and output gain. ## Community - Servers, channels, categories — organise a community at any size; channel types include text, voice, forum, calendar, kanban, docs, and media gallery. - Roles & permissions — granular per-channel permissions and role hierarchy. - Forum channels — threaded long-form discussion as a first-class channel type. - Calendar channels — scheduled events that members can RSVP to. - Kanban channels — boards with columns and cards, native to the server. - Docs & media gallery — shared documents and image/video galleries as built-in channel types. - Votes (polls) — in-message polls with configurable options. - Custom emoji — upload static and animated emoji per server; tier caps live on the pricing page. - Moderation tools — reports, audit log, and metadata-only automod that cannot read message contents in E2EE channels. ## Privacy & trust - Zero-trust server — the server is treated as hostile. Private keys never leave your device; the server stores public halves only. - OPAQUE password login — your password is never sent to the server, even hashed. Authentication uses OPAQUE PAKE (opaque-ke v3, ristretto255). - No plaintext fallback — if cryptographic initialisation fails, sending is blocked rather than degrading silently. - Honest non-E2EE surfaces — plugin channels and webhook-posted messages are non-E2EE by design and the UI shows a mandatory warning banner at point of use. This is a feature, not a leak. - No tracking, no ads, no data sales — Faction keeps account info and the routing metadata required to deliver a message. Nothing else. - Self-hosting — the repository is source-available under PolyForm Noncommercial 1.0.0, so you can audit the code or run a non-commercial instance yourself. ## Plugins & extensibility - Plugin channels — third-party channels with their own UI hosted in a sandboxed WebView. Explicitly non-E2EE and clearly marked. - Bots & bot commands — first-class bot accounts with slash commands, scoped permissions, and audited mutations. - Webhooks — incoming webhooks for posting to channels (tagged non-E2EE in the UI). - REST API + WebSocket gateway — public API for integrations; the gateway speaks a Discord-style opcode protocol over WebSockets. - OAuth providers — sign in or link accounts with GitHub and Bluesky. - Discord-compatibility surface — a translation layer for bots and migration tooling for importing existing communities. ## Cross-platform - Desktop — native Tauri v2 builds for macOS, Windows, and Linux. Crypto runs in the Rust host process, never in the WebView. - Browser — the same Svelte UI without Tauri; the crypto crates compile to WASM so the trust model matches the desktop client. - Theme — light and dark. ## What's not on this page Tiers, file-upload limits, voice bitrate caps, and emoji counts are listed on the [pricing](/#pricing) section of the home page. The protocols and libraries behind every encryption claim above are documented in the [whitepaper](/whitepaper) with verification pointers into the source.