City of Hats vs. The Competition
Secure Channels — Feature Comparison
How City of Hats compares to SecureDrop, GlobaLeaks, Signal, and Telegram across anonymous intake, encryption, dead drops, and identity verification.
Anonymous Intake & Source Protection
| Capability | City of Hats | SecureDrop | GlobaLeaks | Signal | Telegram |
|---|---|---|---|---|---|
| No account or phone required | ✓ | ✓ | ✓ | ✕ | ✕ |
| No Tor dependency | ✓ | ✕ | Optional | ✓ | ✓ |
| Works in any browser (PWA) | ✓ | ✕ | ✕ | ✕ | Web app |
| Ephemeral disposable identities | ✓ | ✕ | ✕ | ✕ | ✕ |
| Sealed one-way tip submission | ✓ | ✓ | ✓ | ✕ | ✕ |
| Two-way secure channel from intake | ✓ | ✕ | Limited | ✓ | ✓ |
| No infrastructure to self-host | ✓ | ✕ | ✕ | ✓ | ✓ |
Encryption & Ephemerality
| Capability | City of Hats | SecureDrop | GlobaLeaks | Signal | Telegram |
|---|---|---|---|---|---|
| End-to-end encryption (default) | ✓ | ✓ | ✓ | ✓ | Secret chats only |
| Post-quantum key exchange (ML-KEM-768) | ✓ | ✕ | ✕ | PQXDH | ✕ |
| Forward secrecy (Double Ratchet) | ✓ | ✕ | ✕ | ✓ | ✕ |
| Burn-after-read (server-side destruction) | ✓ | ✕ | ✕ | Timer only | Timer only |
| Channel auto-expiry | ✓ | ✕ | Configurable | ✕ | ✕ |
| Zero-knowledge server (blind relay) | ✓ | ✓ | Partial | ✓ | ✕ |
| No raw IP or metadata stored | ✓ | ✓ | ✓ | Sealed sender | ✕ |
Dead Drops & Advanced Delivery
| Capability | City of Hats | SecureDrop | GlobaLeaks | Signal | Telegram |
|---|---|---|---|---|---|
| Asynchronous encrypted dead drops | ✓ | ✕ | ✕ | ✕ | ✕ |
| Time-locked delivery (future unlock) | ✓ | ✕ | ✕ | ✕ | ✕ |
| Multi-path secret sharing (split delivery) | ✓ | ✕ | ✕ | ✕ | ✕ |
| Steganography (data hidden in image) | ✓ | ✕ | ✕ | ✕ | ✕ |
| E2E encrypted file attachments | ✓ | ✓ | ✓ | ✓ | Secret chats only |
| Client-side crypto proof log | ✓ | ✕ | ✕ | ✕ | ✕ |
Identity Verification & Access Control
| Capability | City of Hats | SecureDrop | GlobaLeaks | Signal | Telegram |
|---|---|---|---|---|---|
| Face liveness verification (sender) | ✓ | ✕ | ✕ | ✕ | ✕ |
| Face liveness gate (recipient, API-enforced) | ✓ | ✕ | ✕ | ✕ | ✕ |
| 1:1 face matching for recipient (enterprise) | ✓ | ✕ | ✕ | ✕ | ✕ |
| Zero biometric data retention | ✓ | — | — | — | — |
| Safety number verification | ✓ | ✕ | ✕ | ✓ | ✕ |
| PIN-protected local key storage | ✓ | ✕ | ✕ | ✓ | ✓ |
How we compare: SecureDrop protects sources through Tor complexity. Signal protects conversations through phone-bound identity. Telegram prioritizes reach over security. GlobaLeaks requires self-hosting infrastructure.
City of Hats is the only platform that combines anonymous ephemeral identity, end-to-end encryption with post-quantum key exchange, burn-after-read with server-side destruction, asynchronous dead drops with time-lock and multi-path delivery, and face liveness verification without biometric data retention — all from a standard browser with no infrastructure and no account required.