Today, we’re publicly launching Magicall, a project we’ve been building for the past little while. It’s a video calling platform, but not like the ones you’re used to.

Magicall is what happens when cryptographers get frustrated with the state of video calling. Every mainstream option falls into one of two camps: either it’s built by a trillion-dollar surveillance company that treats your conversations as training data, or it’s locked into a single ecosystem that requires everyone to own the same brand of devices.

We built something different.

The Problem with Video Calling in 2026

When you use Google Meet, Microsoft Teams, or most other “free” video calling services, you’re not the customer: you’re the product. Your meeting about sensitive business matters, your therapy session, your conversation with your lawyer: it all flows through infrastructure owned by companies whose primary business model is harvesting data for advertising and AI training.

Even when these services claim to offer encryption, they typically mean transport encryption (SRTP)—your call is encrypted in transit, but the provider can still access the content on their servers. Real end-to-end encryption, where even the service provider cannot access your communications, remains rare in mainstream video calling.

FaceTime is a notable exception with genuine end-to-end encryption, but it requires everyone on the call to own an Apple device. That’s not cross-platform support; that’s vendor lock-in disguised as a feature.

What We Built

Magicall takes a different approach:

End-to-End Encryption with Verifiable Authentication. Your video, audio, and chat messages are encrypted in your browser using AES-256-GCM before they ever leave your device. But we went further: Magicall provides short authentication strings (SAS) that let you verify you’re actually talking to who you think you are, not a man-in-the-middle attacker. This is a security feature you won’t find in Google Meet, Microsoft Teams, or even FaceTime.

Zero Downloads, Zero Guest Accounts. Magicall works entirely in your browser—Chrome, Firefox, Safari, Edge, desktop or mobile. When you share your room link, the recipient clicks it and joins. No app installation. No account creation. No friction.

Permanent Room URLs. Every Magicall user gets a permanent room URL like magicall.online/r/yourname. Put it in your email signature, your social media bio, your business card. It’s always ready. Unlike other platforms that generate random meeting links that expire, your Magicall room is yours for as long as you have an account.

No Ads, No AI Training, No Dark Patterns. We don’t show advertisements. We don’t train AI models on your conversations. We don’t use manipulative UI patterns to trick you into upgrading. Our business model is simple: we offer a genuinely useful free tier and a paid tier for users who need more.

The Technical Architecture

For those who care about the implementation details, here’s how Magicall works under the hood.

WebRTC with Modern Codec Support

Magicall is built on WebRTC, the open standard for real-time communication in browsers. Our Selective Forwarding Unit (SFU) architecture supports the latest video codecs in order of efficiency:

  1. AV1 — The newest and most efficient codec, offering excellent compression with minimal bitrate. Where hardware support exists, this delivers the best quality-to-bandwidth ratio.

  2. VP9 — Excellent compression and widely supported, especially on desktop browsers with hardware acceleration.

  3. H.264 — Universal hardware support across all devices. We use the Constrained Baseline profile for maximum compatibility.

  4. VP8 — Our fallback codec for older browsers that don’t support newer options.

For audio, we use Opus at 48kHz with 2 channels—the gold standard for voice and music transmission over the internet.

End-to-End Encryption with SFrame

WebRTC provides transport encryption (DTLS-SRTP) by default, which does offer true end-to-end encryption in ideal peer-to-peer scenarios where browsers connect directly. However, in the real world, most WebRTC connections can’t establish direct peer-to-peer links due to NATs and firewalls. This means traffic typically flows through TURN relay servers or, in our case, an SFU (Selective Forwarding Unit) for efficient multi-party calls. In these scenarios, DTLS-SRTP only protects data in transit between your browser and the server—the server itself can access the unencrypted media. For true end-to-end encryption—where even our SFU cannot access your media—we implement SFrame (Secure Frame), the IETF standard for encrypting media frames in real-time communications.

Here’s how it works:

  1. Key Exchange. When you join a call, your browser generates ephemeral encryption keys using ECDH (Elliptic Curve Diffie-Hellman) on P-256. We originally meant to go with Curve25519, but were constrained to P-256 since only NIST curves are supported by the Web Crypto API. These keys are exchanged directly between participants, never touching our servers in plaintext.

  2. Frame Encryption. Before each video or audio frame leaves your browser, it’s encrypted using AES-256-GCM with keys derived from the shared secret. The SFU receives only ciphertext—it can route packets between participants but cannot decrypt the content.

  3. Ratcheting. Keys are ratcheted forward regularly and whenever participants join or leave, providing forward secrecy. If a key is somehow compromised, it cannot decrypt past conversations.

This architecture means our servers are cryptographically blind to your call content. We handle the routing, but we can’t see or hear anything.

Short Authentication Strings (SAS) for Verification

End-to-end encryption is only as strong as your confidence that you’re talking to the right person. A sophisticated attacker could potentially intercept the key exchange and perform a man-in-the-middle attack, presenting different keys to each participant while secretly relaying (and reading) all traffic.

Magicall defeats this with Short Authentication Strings (SAS), similar to the approach used in the ZRTP protocol:

  1. Hash Commitment. During the key exchange, both parties commit to their public keys using cryptographic hashes before revealing them, preventing either party from adapting their keys based on the other’s.

  2. SAS Generation. After the encrypted channel is established, both clients independently derive a short authentication string (displayed as a 2-word phrase) from the shared cryptographic state.

  3. Verbal Verification. Participants can read these strings aloud to each other. If the strings match, you have cryptographic proof that no man-in-the-middle attack is occurring—the keys you’re using are the same keys your conversation partner is using.

This is a security feature absent from Google Meet, Microsoft Teams, and even FaceTime. Those platforms ask you to trust their infrastructure implicitly. Magicall lets you verify the security of your call yourself, using mathematics rather than corporate promises.

For high-stakes conversations—legal consultations, medical discussions, business negotiations—this verification step takes ten seconds and provides guarantees that no amount of corporate trust policies can match.

Privacy by Architecture

We don’t record your calls or store call transcripts. Your conversations exist only in the moment, between the participants, and nowhere else.

We don’t analyze your conversations for advertising purposes, and we don’t train AI models on your data. Your words aren’t fuel for someone else’s machine learning pipeline.

We don’t sell or share your data with third parties. Full stop. This isn’t a policy decision that could change with new management or shareholders—it’s an architectural decision. With end-to-end encryption, we can’t access your call content even if we wanted to. The cryptographic keys are generated in your browser and never transmitted to our servers.

Made in Europe, GDPR by Default

Symbolic Software is based in Paris, France. Our servers are hosted in the European Union. We’re fully GDPR compliant—not as a checkbox exercise, but because we believe privacy is a fundamental right.

There are no surprise data transfers to jurisdictions with weaker privacy protections. Your data stays in the EU, processed by an EU company, under EU law.

Why You Should Trust Us

This is a fair question. Why should you trust a video calling service from a company you might not have heard of?

Symbolic Software has spent nearly a decade building our reputation in applied cryptography. We’ve conducted over 250 security audits for organizations including Coinbase, Mozilla, 1Password, Bitwarden, NordVPN, ExpressVPN, Zoom, and Dashlane. Our founder has a PhD in formal verification of cryptographic protocols from Inria Paris, and has published research at IEEE S&P, USENIX Security, and other top academic venues.

We built Verifpal, a widely-used tool for formal verification of cryptographic protocols. We built Noise Explorer, which analyzes implementations of the Noise Protocol Framework. We built Kyber-K2SO, a clean implementation of the post-quantum key encapsulation mechanism that won the NIST competition.

When we say Magicall is built by cryptographers, we mean it. This is what we do.

Pricing

Magicall has two tiers:

Free (Forever)

The free tier gives you everything you need for secure video calling: end-to-end encrypted calls with up to 5 participants, 30-minute meetings that you can restart anytime, and a permanent room URL that’s yours to keep. You also get screen sharing, in-call chat, and waiting room controls to manage who joins your calls. No credit card required.

Pro ($4.99/month)

The Pro tier includes everything in Free, plus expanded capabilities for teams and power users. You can host calls with up to 256 participants and run meetings of unlimited duration. You get 5 room names instead of one, along with priority support. Custom branding and recording features are coming soon.

The free tier isn’t a trial. It’s not a limited-time offer. We believe everyone deserves access to secure, encrypted communication. The free tier has no time limit on the account, no credit card required, no strings attached.

30 minutes is plenty for daily standups, quick syncs, and 1-on-1s. If you need longer meetings or more participants, the Pro tier is there for you. If you don’t, the free tier will serve you indefinitely.

Alpha Launch

We’re calling this an alpha launch because that’s exactly what it is. Magicall works—we’ve been dogfooding it for months—but more users means more edge cases, and we’d rather be honest about that upfront. Found a bug? Tell us. Want a feature? We’re listening.

Try It Today

Claiming your room takes 30 seconds:

Your conversations are yours. They shouldn’t be training data for someone else’s AI. They shouldn’t be analyzed to show you better ads. They shouldn’t require everyone to own the same brand of devices.

We built Magicall because we believe video calling can be both simple and secure. Now it’s time to find out if others agree.

→ Try Magicall at magicall.online

Want to work together?

Choose Symbolic Software as your trusted partner in enhancing security and fostering integrity within the digital ecosystem.

Start a Project