End-to-end encrypted · Deniable · Open source

You never said that.

Name: NeverSaid
Author: NeverSaid

Deniable, end-to-end encrypted messaging for Microsoft Teams. No one can prove what you wrote — not even cryptographically.

Add to Chrome Read the Protocol

What your chat looks like

Jeff

NeverSaid active

Did you do the assignment due for today?

14:31 🔒

14:32 🔒

Hahah me neither

14:33 🔒

🔒 What Microslop & the school see: neversaid://v1/eyJhbGciOiJYMjU1MTkiLCJ0eXAi
OiJOU0UiLCJlbmMiOiJBMjU2R0NNIn0.k8Yq3x
Bm7vNpL2wF9aHd1kRzTcWxJmQe5uVn0sP...

Every message. Opaque.

Three guarantees

Encrypted

Every message is encrypted with AES-256-GCM using keys derived from X25519 Diffie-Hellman exchange. Microsoft sees ciphertext. Your IT admin sees ciphertext. Only your recipient sees plaintext.

Deniable

No digital signatures on messages. Authentication uses shared HMAC keys — any participant could have forged any message. No one can produce cryptographic proof you authored anything.

Ephemeral

Forward secrecy via Diffie-Hellman ratcheting. Each message uses a unique key that is deleted after use. Compromise today reveals nothing from yesterday. Old keys are gone forever.

Setup in 60 seconds

Install the extension

Add NeverSaid to Chrome or Edge. It detects Microsoft Teams automatically — no configuration needed.
Verify your email

NeverSaid detects your Teams identity and registers your encryption keys on keys.neversaid.eu. Click the verification link in your inbox.
Click the lock

A padlock icon appears next to your compose box. Toggle it on. Every message in that chat is now encrypted and deniable. Your contacts with NeverSaid decrypt automatically.
Invite others

Contacts without NeverSaid see a friendly prompt with a link to install. No key management, no passphrase to remember, no ceremony.

Under the hood

Cryptographic stack

Key exchange: Simplified X3DH (X25519)
Ratchet: Double Ratchet (DH + symmetric)
Encryption: AES-256-GCM
Authentication: HMAC-SHA256 (deniable)
Key derivation: HKDF-SHA256
Signatures: None on messages — by design
Forward secrecy: Per-message key deletion
Implementation: Web Crypto API + @noble fallback

Plausible deniability

Any transcript can be fabricated.

NeverSaid ships a built-in transcript forgery tool. Anyone can generate a cryptographically valid conversation between any two key holders. Real transcripts and fakes are mathematically indistinguishable.

From: Jeffrey

To: Massimo

14:33 — "Hahah me neither"

Verified: unverifiable

hover to reveal — or don't. it proves nothing either way.

Say what you need to.
Then deny everything.

Free. Open source. Self-hostable. No accounts beyond your Teams email.

Install for Chrome & Edge

You never said that.

What your chat looks like

Three guarantees

Encrypted

Deniable

Ephemeral

Setup in 60 seconds

Install the extension

Verify your email

Click the lock

Invite others

Under the hood

Cryptographic stack

Any transcript can be fabricated.

Say what you need to.Then deny everything.

Say what you need to.
Then deny everything.