An ambitious project from Boris Kriuk called OMSP proposes a third path in the long-running standoff between user privacy and content moderation — and it might actually work.
For years, the debate over encrypted messaging has been stuck in a binary: either platforms preserve end-to-end encryption and accept that harmful content will flow freely, or they introduce server-side scanning and break the privacy promise entirely. Governments from Brussels to Canberra have pushed for backdoors. Privacy advocates have pushed back. Neither side has budged.
Now Boris Kriuk, one of the public developers and researchers in Hong Kong, is attempting to dissolve the impasse altogether with an open-source project called the Open Moderation Safety Protocol, or OMSP. The framework performs content safety classification without ever transmitting raw message data to an external server. Instead of scanning messages in a centralized cloud, OMSP runs its entire detection pipeline locally — either on the user’s device or on a platform-controlled node — ensuring that no plaintext content ever crosses a trust boundary.
The project, which is freely available and open to audit, positions itself not as a surveillance tool but as a structured safety layer that platforms can deploy to satisfy regulatory obligations without compromising the cryptographic guarantees their users depend on.
“The fundamental idea is that moderation and encryption are not actually in conflict,” Kriuk has argued. “They only appear to be, because every existing solution assumes content has to move somewhere to be classified. OMSP removes that assumption.”
How It Works
The protocol operates on a three-tier pipeline designed for efficiency. The first layer is a simple pattern matcher that screens messages against known threat indicators. This step is computationally cheap and filters out the vast majority of benign traffic before it ever reaches the more expensive stages.
Messages that trigger the keyword layer are escalated to the second tier: a natural language inference classifier. Using a compact neural encoder, OMSP evaluates the semantic content of the message against six threat categories — terrorist content, radicalization and extremism, fraud and scams, child grooming, self-harm, and spam. Crucially, this model runs locally. There are no API calls, no cloud dependencies, and no external data transmission. The classifier outputs a set of confidence scores, not the message itself.
The third and most distinctive layer — and what Kriuk considers the protocol’s key innovation — is a behavioral profiler that tracks threat-relevant patterns over time using exponential decay mathematics. Rather than flagging a single suspicious message, the profiler accumulates signal across interactions and only triggers an alert when a user’s pattern crosses defined thresholds across multiple dimensions. This approach mirrors how human analysts actually identify threats — not from one message, but from a trajectory.
When all three layers agree that a threshold has been met, OMSP generates a structured alert containing only meta threat category, confidence score, risk dimensions, and a timestamp. The raw content stays where it originated. Platforms can then decide how to act on these signals according to their own policies and legal requirements.
Why Now
The timing is not coincidental. The European Union’s proposed Chat Control regulation, which would require platforms to scan private messages for illegal content, has faced fierce opposition from cryptographers and civil liberties organizations who argue it amounts to mass surveillance. The United Kingdom’s Online Safety Act contains similar provisions. In both cases, platforms have been left in an impossible position: comply and betray user trust, or resist and face legal consequences.
Kriuk’s protocol offers a potential escape route. Because OMSP is open-source and auditable, platforms can demonstrate to regulators that safety mechanisms are in place without opening a backdoor. Because classification happens locally, privacy advocates cannot credibly argue that encryption has been broken. The protocol creates what Kriuk’s documentation describes as “a provable compliance layer” — evidence that a platform is taking safety seriously, delivered in a format that does not require surrendering user data.
Several legal scholars have noted that this framing could prove significant. Under both EU and UK regulatory frameworks, platforms are expected to take “proportionate measures” against harmful content. An open, auditable, privacy-preserving safety protocol may satisfy that standard without the constitutional and technical problems that accompany server-side scanning.
What Comes Next
OMSP is still in its early stages. The current reference implementation is still too resource-intensive for true on-device deployment on most consumer hardware, though Kriuk has indicated that smaller, optimized encoders are on the roadmap. The zero-shot detection accuracy, while promising, would benefit from targeted fine-tuning on real-world threat data.
But the architecture itself has drawn cautious praise from researchers in both the privacy and safety communities. The three-tier pipeline is computationally sound, the behavioral profiling approach adds a dimension that single-message classifiers lack, and the strict separation between classification metadata and raw content represents a genuine design innovation.
Whether OMSP gains traction will depend largely on whether platforms see it as a credible shield against regulatory pressure. If even one major encrypted messenger adopts the protocol or something like it, the political dynamics of the encryption debate could shift significantly.
For now, Kriuk has made the code public, the specification open, and the argument simple: privacy and safety were never the trade-off we were told they were. We just needed better engineering.
OMSP is available on GitHub under an open-source license.
