If you haven’t already heard about Thunderbolt, it’s the groundbreaking new communication app bringing a pioneering approach to instant messaging and voice/video calls.
Unlike any other free communication app on the market, it uses your domain as the communication ID instead of a phone number or email address. So, for example, you would use ‘yourbrand.com’ as the whole identifier on Thunderbolt.
Anyone with an online presence should find this interesting, but what might not be clear right away is how this new approach can massively improve privacy and security.
Account creation and login security
To understand why Thunderbolt is different, let’s think about how typical messengers work and where their vulnerabilities lie.
Traditional account creation
Most commonly with a username (or phone number) and password combination.
Let’s use WhatsApp and iMessage as examples. For both of these messengers, your phone number is (usually) your username, and then you create a password to protect your data.
Once you’re logged in, it's rare to do so again — maybe after a device or password change. So, we quickly forget about the account setup and go about our business. But, behind the scenes, the reality still remains: all that stands between our private communications and the world are these two credentials.
The vulnerabilities
Firstly, it’s likely your phone number and email are so intrinsically linked to you online that we may as well write them off as a form of protection — bad actors are almost guaranteed to be able to find them unless you’re quite stringent about online privacy.
So then, you’re down to just a password. As you’ve probably heard, humans are predictable. We all fall into similar traps when creating passwords, and with AI only getting stronger, our data is more vulnerable than ever to being hacked.
You’ve probably noticed 2FA popping up in relatively “unimportant” apps. We’re seeing a much greater adoption of 2FA precisely because of this crazy new world of AI. The consensus is becoming ever clearer: Passwords alone simply don’t cut it anymore.
Thunderbolt’s domain alternative
For Thunderbolt, you need neither a username nor password. Sounds strange at first, but it makes total sense because of what you do instead.
Security through the DNS
During Thunderbolt’s setup, a TXT record (a type of domain name system (DNS) entry, storing text information) is added to your domain's DNS records. DNS records map domain names to specific information.
Thunderbolt uses this TXT record to connect with your domain and, in the process, validates your domain ownership — therefore validating your identity. Because adding this record is a task that only you can do, it’s comparable to 2FA — a specific action that can't be performed without legitimate access to the domain's DNS settings.
Only you have access
This might (at first) seem like you’re simply shifting the point of weakness. After all, what is your domain protected by if not a username and password? But the reality is a little more complex.
For a start, access to the back end of your domain/website should be stricter than for casual apps you use on your phone in your downtime. Thunderbolt will, therefore, benefit from these stricter password measures, and almost certainly, the more intense security procedures you have in place, like 2FA.
Auto-secure with password updates
This comes with the added benefit that your Thunderbolt account will be re-secured, completely incidentally, when you make any password updates to your domain/hosting account — and you won’t even have to log in again on your device. But these benefits are just the start…
The added bonus of DNSSEC protection
Because the Domain Name System (DNS) is vital to how the Internet works, the TXT records you set up for Thunderbolt will benefit from the unique protection methods for DNS generally. The biggest one is the Domain Name System Security Extensions (DNSSEC).
In simple terms, DNSSEC is a suite of specifications designed to safeguard DNS queries and responses. It prevents malicious actors from forging or manipulating DNS data (for example, spoofing your records), ensuring the integrity and authenticity of communications that rely on DNS.
If you enable DNSSEC on your domain account, it will ensure that data sent via DNS cannot be intercepted or tampered with, which means the TXT records you set up for Thunderbolt are about as secure as they can be.
Compatibility with Handshake and ENS domains
For those unsure what these are, they’re (kind of) the domain equivalent of Bitcoin. Rather than being issued by a central bank (in this case, a domain provider), there is a public ledger, validated (agreed upon) by enough individual computers that ownership of a given domain can be issued.
This is all a technical way of saying that users can manage the issuance of their own domains without having regulations imposed by a company like ICANN — the blockchain regulates itself. The benefits of domains issued like this are numerous, but centre around transparency, security, and control.
By being compatible with all Handshake and ENS domains, Thunderbolt allows for yet another layer of freedom from centralised structures. This helps make it the perfect option for those looking to move away from corporate or “Big Tech” control.
Encryption and storage
You’re probably aware that most conventional messengers (WhatsApp, and iMessage) are end-to-end encrypted (E2EE). Theoretically, this means that the companies themselves can’t see the messages you send, only the recipient can.
However, in reality, there are exceptions to this. WhatsApp, in particular, will be able to view messages if they are reported by the recipient to their moderation team (for example).
In the case of iMessage, if you do what Apple suggests, and back up your data on their Cloud storage, unless you specifically set up E2EE (End-to-End Encryption), chances are, they will have your encryption keys. And this means, you guessed it, they could (potentially) gain access to your messages.
Also, while Apple claims to safeguard encryption keys, it also admits to compliance with legal requirements in certain regions, which could enable access under specific circumstances.
Decentralising data
Thunderbolt has the added benefit of ‘decentralising’ your communications. Neither the encryption keys nor the messages you send are stored (after delivery) on any central storage.
This is where Thunderbolt differs from providers like WhatsApp and iMessage. The messages on these platforms may be end-to-end encrypted, but they are still stored on centralised servers. That’s why, particularly in the case of Facebook Messenger, you can access them from any device.
With Thunderbolt, you’d have to transfer the data manually to a new device because it is not stored centrally. Unlike Apple, Thunderbolt doesn’t save your encryption keys, ever. There are no loopholes to get around this — even if authorities ask Thunderbolt to provide access to encrypted data, the data is simply not known by Thunderbolt.
Customer peace of mind
The benefits of Thunderbolt’s unique validation process extend far beyond your own peace of mind, freedom, and security. The extra checks that are required to validate you as the owner of your domain will, in turn, give customers, clients, or business associates peace of mind that you are who you say you are.
It can be incredibly easy to spoof a SIM card or email address. Impersonation is a big problem, especially for businesses. We encounter spoofing in one form or another every day in our inboxes. The bigger the company, the more there is to gain by spoofing them.
The limitations of the technologies we all use to communicate and the lack of regulation, don’t help with this.
Because it uses a completely different (DNS) system, Thunderbolt can’t be spoofed in the same way as traditional email addresses and phone numbers. So, share the fact you use Thunderbolt with your clients, and give them peace of mind that when they use Thunderbolt, they’ll always reach the real you.
Thunderbolt’s place in the future
There has been a noticeable shift away from centralisation in the early 2020s. This is evidenced in everything from the burgeoning adoption of handshake/ENS domains to the ever-soaring price of Bitcoin, and even a stronger desire for alternative media. Even the way we browse the net has changed, with privacy-sensitive browsers, like Brave, designed to prevent the tracking and monetisation of your data, growing in prominence.
Perhaps many of us have had enough of feeling watched, or feeling like our privacy is for sale to the next highest bidder, and our every micro-behaviour is being monetised, or even weaponised against us.
With its feet squarely in the realm of decentralisation, openness for all domains, and messages that are trulyend-to-end encrypted, Thunderbolt is trailblazing this new way of life in the instant messaging/video call sector.
So yes, it’s secure, yes it’s new and exciting, but it’s more than this: Thunderbolt is paving the way towards the freer future we all want to see.
You’ll only find Thunderbolt on Spaceship
Like Spaceship, Thunderbolt was created to disrupt the current market, and offer you more control over your privacy, freedom, and personal data. Thunderbolt is the only communication app that uses your domain. Download it today, and join a new era of free video/voice calls and instant messages.
Frequently asked questions
Yes, Thunderbolt is completely free. You can use it to make voice calls, video calls, and send messages.
Thunderbolt uses your domain as an identifier (instead of an email or phone number). This gives it certain security benefits over and above the alternatives. These come from the fact that it’s set up using your domain account, which tends to be better secured, and that it benefits from using the Domain Name System (DNS) for validation, which makes it harder to spoof than a phone number or email address.
Thunderbolt has numerous benefits explored in full above. The way it is set up provides a massive security benefit because of how you secure the account. Because it’s set up using your domain account and uses the Domain Name System (DNS) for validation, it’s harder to spoof than a phone number or email address.It’s also end-to-end encrypted, and unlike other providers, your data is not stored on a centralized server. It exists only on the sending and receiving devices.
Because Thunderbolt isn’t prone to the same spoofing practices, contacts and clients can get extra peace of mind that they’re talking to the real you.
Yes — Thunderbolt can be used with any domain. You simply need to be able to add a TXT record to your DNS files.
You can download Thunderbolt from our main product page.
To set up Thunderbolt, you need access to your domain’s DNS (Domain Name Server) files. You will need to add a TXT file here that’s randomly generated by the app on your device. This process validates your device, and once it is set up, no username or passwords are needed for Thunderbolt.


Comments (2)
Rave
23 Jun 2025
Anastasiia Vasylenko
1 Jul 2025