Fresh Idea about what should be built on ICP right now

PhantomWire + Sovereign Stack — encrypted calls/SMS over cellular + personal ICP privacy environment.

Not a traditional developer. I’ve never written a line of code by hand in my life. I build with Caffeine, I direct AI, and I’ve shipped three real production apps for actual businesses that use them daily. So take this post in that spirit: someone who understands the ecosystem deeply but approaches it from a different angle than most people here.

I want to share an idea I’ve been developing and get honest feedback from people who know vetKeys and Internet Identity better than I do

The problem I keep thinking about

Signal is great. But Signal dies the moment a government shuts down data services. And governments do this - Iran, Ethiopia, Myanmar, others - precisely during the moments when people most need secure communication. They block data, they leave voice and SMS operational, because they need the cellular network themselves. Every encrypted messaging app goes dark at exactly the wrong time.

The other thing that bothers me: every secure communication tool, no matter how good, has a key server somewhere. Signal has servers. ProtonMail has servers. Even the expensive encrypted phone solutions have servers. A server is a legal target. A court order is a court order. The company either complies or fights and usually loses eventually.

I’ve been thinking about how ICP’s architecture specifically addresses both of these problems in a way nothing else does.

The idea: PhantomWire

Encrypt calls and SMS before they enter the cellular network. Transmit ciphertext over standard voice/SMS infrastructure - the telco hears noise, delivers it, and has no idea what it contains. Decrypt only on the recipient’s device.

The ICP part is the key management layer. Session keys derived via vetKeys - never assembled in one place, never on a single server, legally uncompellable by design. At session close, the canister deletes everything and writes a signed proof of deletion to stable storage. Tamperproof receipt that the content no longer exists anywhere.

For SMS this is relatively straightforward - ciphertext over standard SMS, no data connection needed, works anywhere a text message works. For voice it’s more complex - you need to encode encrypted audio as a signal that survives GSM codec compression without being mangled. This is solved prior art (modem protocols, acoustic communication) but it’s specialist work. More on that below.

The reason SMS matters specifically: it works under internet shutdowns. It rides infrastructure governments can’t block without shutting down their own cellular networks. That’s the use case I care about.

The broader thing: Sovereign Stack

PhantomWire is the communication layer of something bigger I’ve been thinking about.

The full picture: one master canister cluster that replaces every untrustworthy server your phone currently depends on. Google Drive replaced by an encrypted vault canister where vetKeys means the canister holds ciphertext it mathematically cannot read. Samsung Cloud replaced by the same. Authentication replaced by Internet Identity - no email, no password, no company in the middle. An immutable audit log canister recording every sensitive permission access on the companion app, stored somewhere the surveillors can’t delete.

And on top of all of this - eventually - the personal AI layer that Dom has been describing. An AI that lives inside your canister, understands all your data through orthogonal persistence, acts on your behalf, runs whether your phone is on or not. Your personal sovereign AI with no company owning it and no server that can be subpoenaed.

The phone becomes a thin terminal. It holds nothing. Samsung can surveil the terminal all they want - there’s nothing there. Everything that matters lives in canisters.

I’ve been running the spare phone angle too - old Samsung, planning to flash LineageOS, no Google account, F-Droid, Internet Identity as the only authentication. The ICP environment as the actual computing layer, the phone just the client. Whether this is realistic or idealistic I’d genuinely like to hear from people who’ve done de-Googled Android in practice.

Why ICP specifically

I want to address this because it’s the obvious question.

vetKeys is the piece that doesn’t exist anywhere else. Every alternative key management approach has a server that can be compelled. The threshold cryptography means the key is never assembled anywhere - not even briefly during the session. After deletion, there’s nothing to produce under legal process. I’m not aware of any other production system that offers this property for session key management.

SEV Subnets shipping last week adds hardware-level memory encryption on the nodes themselves. So even in-computation data is now encrypted from physical access. Combined with vetKeys for key management and client-side encryption for stored data, I’m struggling to identify a remaining attack surface in the infrastructure layer. The only residual vulnerability is the endpoint - but that’s true of every communication security system ever built.

The reverse gas model matters for the use case too. Privacy infrastructure where users pay per-message creates metadata. Developer-funded cycles with no user transaction costs is the right model for something whose value proposition is invisibility.

What do you guys think?

1 Like