I built LastSignal because I was uncomfortable trusting a third party with extremely sensitive information (final messages, recovery instructions, etc.).
LastSignal is a self-hosted dead man's switch: you prepare encrypted messages that are automatically delivered to chosen recipients if you stop responding to periodic check-ins.
Security-wise, the server is treated as untrusted by design:
- messages are encrypted client-side
- the server never sees plaintext
- the operator cannot decrypt stored data
I've documented the security model, threat assumptions, and known limitations here:
https://lastsignal.app/security/
Source code:
https://github.com/giovantenne/lastsignal
This is an early but usable version. I'm especially interested in feedback on the threat model, edge cases, and assumptions around liveness and delivery.
Happy to answer questions.