TMMAC — Tell Me More About Core
Browse the archive

Op-ed

Sold, hyped, dependent: Why Threema & X Chat won’t save your sovereignty – but Heyo & CorePass can

6 min · 3 Feb 2026 · via XTMMAC
identityidentitycorepasssovereigntycodetech
Originally published on X

X Chat, a sold secure messenger, and Wsocial connected to a central control switch — Heyo, CorePass, Luna Mesh labeled "Don't trust, verify — infrastructure first"

Threema has long been seen as the “Swiss bank” of messengers: end‑to‑end encrypted, data‑minimal, independent. With the sale, many users suddenly realised that even the “safest” centralised service can change owners, priorities and boundaries – and you have practically no influence over that.

In parallel, X is hyping “X Chat”: fully encrypted communication, no phone number requirement, no third‑party trackers, no ad‑based content analysis. On paper, this sounds like the solution to all our privacy problems – but it does not change a fundamental power imbalance: as long as identity, infrastructure and protocol belong to a central entity, you are a tenant, not the owner of your communication.

On top of that comes the Wsocial debate: creators and communities are realising how brutally dependent they are on platform strategy, product shifts, ToS changes and monetisation pivots. Three examples, one pattern:

Everyone promises security. But almost no one talks about who will have their hand on the switch tomorrow.

Cracked smartphone showing privacy features above, CorePass and Luna Mesh sovereign infrastructure layer below

“Secure” in the old model: cryptography yes, power balance no

The mainstream model of “secure messengers” is built on a misunderstanding: technical security is confused with structural sovereignty.

In reality, for Threema, X Chat & Co it looks like this:

  • Even if the cryptography stack is clean, the company can be sold, the jurisdiction can change, and the business model can pivot (ads, data monetisation, AI training, premium privacy tiers).
  • Central servers, central app updates and central policy decisions create a single point of failure – technically, economically and politically.
  • Regulatory pressure always hits the companies in the centre: “lawful access”, logging obligations, data‑retention rules, new compliance requirements.

The message is uncomfortable but honest: Trust in a company is always borrowed. Users have no structural safeguards when ownership, politics or economic pressure change.

You have to believe that the client code does what it claims, that the servers are not secretly logging more, that no backdoors have been added and that the company will still hold the same values tomorrow as it does today. In this model, “secure” effectively means: “Secure – as long as we want to and are allowed to.”

Wsocial & Co: Your community does (not yet) belong to you

What holds for messengers applies almost one‑to‑one in the social space.

Your accounts, followers, groups, reach – all of this depends on the goodwill of a central platform. Changes to terms, moderation rules, algorithms or monetisation can hit communities overnight.

For creators, businesses and communities this means, very concretely:

  • Uncertainty: “Will this still work the way I use it today?”
  • Risk: “Will I lose my connections and relationships if something changes?”
  • Dependency: “What if I suddenly become a ‘policy problem’ overnight?”

The common denominator: As long as your digital identity and your social graph are bound to a platform, you are structurally blackmailable – no matter how friendly the UI is and how often “privacy” appears in the marketing.

This is exactly the point where the Core/CoDeTech ecosystem comes in: identity, infrastructure and data are taken out of the company layer and moved into a neutral, decentralised layer.

Social graph locked inside a platform cage contrasted with CorePass ID connecting freely to multiple apps and DApps

Real sovereignty: identity + transport layer + data control

If you follow the problem through to the end, end‑to‑end encryption alone is not enough.

Real sovereignty means:

  • You control your identity.
  • You are not dependent on a centralised transport infrastructure.
  • Your data is not collected centrally but only processed where you explicitly allow it.

CorePass: identity in your own hands

CorePass is built exactly for this problem: a decentralised digital identity where personal data remains encrypted and is only shared on a permissioned, peer‑to‑peer basis – fully GDPR‑compliant.

At the same time, regulatory requirements like KYC, AML or PEP checks can be fulfilled without any central platform “owning” your identity. For communication, this means:

  • You can reliably know who is on the other end (Core ID, verified attributes).
  • You do not have to hand that identity permanently over to X, Wsocial or any messenger operator.

The difference to Threema, X Chat & Co is fundamental: The messenger does not define your identity – your identity exists independently of any messenger. The messenger becomes just a client to your already existing rights and attributes.

Or, as CoDeTech puts it: “We do not want to build the next ‘secure messenger’, but the infrastructure on which any app can enable truly sovereign communication.”

Heyo + Lunaº Mesh: communication without central servers

Heyo goes beyond the classic messenger paradigm: the app is designed so that it can work even without a SIM card and without a traditional internet connection, by using secure peer‑to‑peer connections and the Lunaº Mesh topology.

Lunaº Mesh builds multiple redundant connections and uses epidemic routing to relay data from node to node – even in regions without established infrastructure. Communication becomes base‑layer infrastructure, not an afterthought of a telco business plan.

The consequences are significant:

  • There is no central company that can see or cut all connections.
  • There is no global attack vector that states or corporations can simply switch off.
  • Communication works even where X Chat, WhatsApp & Co simply have no infrastructure.

CoDeTech summarises the underlying stance like this: “Our vision is a network that treats connectivity as a human right – not as a premium feature for a select few providers.”

Heyo is therefore not “just another encrypted messenger”, but a demonstrator of how communication can run as an infrastructure layer on a DePIN‑based mesh network – resilient, censorship‑resistant and not owned by a single company.

Rural mesh network with solar-powered nodes connecting people via peer-to-peer signals at sunset

Keeping data where it belongs

To ensure that this architecture does not collide with data‑protection requirements, the CORE ecosystem uses a hybrid model:

  • The blockchain layer (Core ) provides an immutable, energy‑efficient ledger as a proof and audit layer.
  • Content itself is stored off‑chain but cleanly referenced via hashes and identities.
  • RegTech platforms create structured data for audit and compliance without building central data silos.

The result is a tension that many previously considered “impossible to reconcile”: data protection and user control on one side – compliance and traceability on the other.

From “trust us” to “don’t trust, verify”

The Threema sale, the X Chat launch and the Wsocial debates are not isolated incidents but symptoms of an old model:

  • Security is a feature of an app.
  • Trust is a promise made by a company.
  • Control means ownership of servers and protocols.

The Core/CoDeTech ecosystem flips this logic around:

  • Identity belongs to the users (CorePass ).
  • The transport layer belongs to a decentralised network, not a company (Lunaº Mesh, Heyo).
  • Data sovereignty is enforced technically, not just promised in legal text.

In this logic, the Threema sale and the X Chat announcement are not disasters but narrative triggers: they reveal how strong the desire for security and control has become – and how deeply current solutions are still stuck in the old paradigm of “central app, central operator, trust us”.

The real break happens one layer below – in the infrastructure. Anyone discussing “secure messengers” today should not only ask which app we use, but on which infrastructure our communication actually runs – and who owns that infrastructure.

This is precisely where CORE Blockchain, Lunaº Mesh, CorePass and Heyo position themselves: moving from “sold, hyped, dependent” towards a communication infrastructure in which users structurally have their hand on the switch – regardless of who owns which app tomorrow.

I used Threema myself for a long time within my close family circle and was genuinely convinced by its security. Today, I am simply glad that a better alternative is emerging – one that finally lets me be the true owner of my identity, my connections and my data.

The communication of the future will be decentralised – built on Heyo, Luna Mesh and CorePass. In that sense, the future of truly sovereign communication is CORE.