Agora is a censorship-resistant Bitcoin donation platform built by Soapbox in partnership with the World Liberty Congress. Activists launch campaigns and donors send Bitcoin directly to them, wallet to wallet. Agora never holds the money.

When did Agora launch?

The new version of Agora launched on June 2, 2026 at the Oslo Freedom Forum, on the OFF Freedom Tech stage.

How does Agora keep donations private?

Activists can accept Bitcoin Silent Payments (BIP-352). Each donor's wallet derives a fresh, unlinkable Taproot output from the activist's static silent-payment address, so observers can't tie donations together or back to the campaign.

Does Agora ever take custody of donor funds?

No. Donations move directly from the donor's wallet to the activist's wallet on Bitcoin. There is no escrow account, no platform balance, and no operator who could freeze or redirect funds. If Agora disappeared tomorrow, every campaign would keep working.

What is next for Agora?

A verification system for campaigns, local pilot coalitions in Venezuela, Palestine, and Africa, and marketing and funding partnerships with Bitcoin businesses.

Agora Launched at Oslo Freedom Forum: What we built and why

On June 2nd, we launched our new version of Agora on the OFF Freedom Tech stage. Agora was born out of a 6-month partnership with Venezuelan opposition leader Leopoldo López and his team from the World Liberty Congress, including Aaron Rodriguez, who leads Tech and Freedom initiatives at WLC. (New to Agora? Start here.)

Background: Collaboration with the HRF and WLC

We built our first version of Agora with Leo and Aaron at a January HRF AI Hack for Freedom. It featured voices rising up against censorship, which is important since Twitter is banned across Venezuela and other dictatorships, and Leo and Aaron onboarded over 1,000 members of their Voluntad Popular community. But after months of data, we found the format offered little beyond apps like Primal. People showed up only when money was available through the Freedom Zap Fund, then disappeared. And the zaps were pennies, nowhere near enough to cover what people needed, like USDT to store value as the Venezuelan bolívar inflated to worthlessness.

The Agora team building the first version of Agora with Leo and Aaron at the HRF AI Hack for Freedom hackathon

So we reinvisioned Agora as a Bitcoin fundraising platform. Fundraising across borders is a perfect use-case for Bitcoin, but surprisingly few Bitcoin fundraising platforms exist. There are already plenty of ways to raise money over Lightning or with custodians, from Zap Goals on Nostr to platforms like Geyser. If Lightning is what you want, those options exist today and work well. But they are all "stoppable": they lean on a custodian, a single server, or a company that can freeze funds, pull a campaign, or be pressured into doing so. We were not interested in building another one of those. We wanted to fill the gap that doesn't yet exist in the ecosystem, truly unstoppable funding that no one can shut down.

Unstoppable funding

To be truly unstoppable funding, Agora could not depend on any one server or middle-man service (including us) that could be shut down by a government, corporation, or hurricane. There are multiple benefits to operating this way for our users:

No third-party can take down/censor their fundraiser (unlike with GoFundMe).
No one can rug their funds after they've been donated (unlike with custodial Bitcoin layers).
No one can subpoena Agora to receive information about the users (or if they do, we won't have anything to give them).
Operating Agora requires practically zero infrastructure, which means that if our version of Agora went down anyone in the world could easily spin the code of the website up on a new domain with zero infrastructure or hosting knowledge (unlike with self-hosted solutions like BTCPay servers).
With no infrastructure costs, maintaining Agora is extremely cheap, which means we do not need to charge any platform fees so all funds go directly to the intended recipient (unlike other Bitcoin fundraising platforms).

The only servers Agora relies on are Nostr relays, which are distrubuted and redundant by design, and a public indexer for the silent payment wallet, which can be run by anyone and easily switched if needed (similarly for the Nostr relays). Even if these servers did go down, no money is lost: a user can import their seed into any silent-payment-supporting wallet and rescan the chain to recover every payment they've received. Their funds live on Bitcoin, not on our servers. This is the opposite of custodial Layer 2 setups, where if the servers go down the money is essentially gone.

Regular on-chain Bitcoin is the obvious solution to this but comes with privacy tradeoffs, especially for people in high-risk situations. However, concerns about the privacy of Bitcoin came entirely from the Bitcoin community itself, not the activists and people we were speaking to in war-torn regions. Time and time again when we asked real people in desperate need of money if privacy was important if it came at the tradeoff of ease of access, the answer was a resounding no and a frustration with the paternalism of the Bitcoin community.

"I was kidnapped by the state, you don't need to explain privacy to me. If you ask someone who is about to get caught what they prefer, to receive this money from Agora or to be scared someone will know you will receive the money, they want to receive the money. By the time you get to this point, the decision about privacy is already made by the person."

- Activist now living in exile

"A lot of people ask me for help to create a GoFundMe. You need to decide: go public and receive the money or go private and find another way. … It's the possibility to decide. A lot of people will be waiting to create their campaign and willing to raise the risks."

- Organizer helping people in authoritarian regimes

User choice became the obvious solution. People understand their own situations better than we do. Each user should be free to choose the level of privacy they require. Nostr already naturally provides this, as anyone can create an npub completely anonymously. Silent Payments became the solution for user financial autonomy.

Agora Wallet: BIP-32 HD Wallet + Silent Payments

Agora wallet UI showing separate Public and Private wallet tabs with balance, receive QR, and send flow

The Bitcoin wallet is derived deterministically from the Nostr secret key. The benefit of this to the user is that they don't have multiple keys to manage and store, their wallet exists automatically at signup, and it can be ported with them to any normal Bitcoin wallet.

(src/lib/hdwallet/seed.ts):

nsec (32 bytes)
  -> HKDF-SHA256(salt="", info="agora/v1", len=32)  -> entropy (32 B)
  -> BIP-39 encode                                  -> 24-word mnemonic
  -> PBKDF2-HMAC-SHA512(passphrase="", 2048 iters)  -> 64-byte seed
  -> HDKey.fromMasterSeed                           -> BIP-32 root

HKDF is one-way, so writing down the 24-word mnemonic doesn't leak the Nostr identity. The "agora/v1" info string is a domain separator that lets us rotate the derivation later without touching the Nostr key. And because the output is a standard BIP-39 seed, the wallet roundtrips into Sparrow, Electrum, Trezor, Ledger, or anything else BIP-39 compatible.

From the BIP-32 root, Agora maintains two independent hardened branches (src/lib/hdwallet/derivation.ts):

BIP-86 (Taproot, single-key)

m / 86' / 0' / 0' / change / index

Standard Taproot addresses (bc1p…). Backs Bitcoin Public Payments: one fresh leaf per public campaign.

BIP-352 (Silent Payments)

spend: m / 352' / 0' / 0' / 0' / 0
scan: m / 352' / 0' / 0' / 1' / 0

One static silent-payment address (sp1q…) per user. Backs Bitcoin Silent Payments.

How Silent Payments Work

Silent payments (BIP-352) are the primitive that makes private, serverless donations work. The recipient publishes one static address (the sp1q…), and every donor's wallet uses that address plus the donor's own input keys to derive a brand new, one-shot Taproot output that only the recipient can find. On-chain, donations to the same activist look like unrelated transactions to unrelated addresses. (For those following the earlier Nostr conversations about silent payments, please note that this is an original implementation not tied to previous public discussions, although we did draw important inspiration from the discussions.)

The sp1q… is two compressed secp256k1 public keys, a scan key B_scan and a spend key B_spend. The donor's wallet computes (src/lib/hdwallet/sp/sender.ts):

a            = Sum of a_i              # donor's input private keys
input_hash   = tagged_hash("BIP0352/Inputs", outpoint_L || A)
ecdh         = input_hash * a * B_scan        # ECDH shared secret
t_k          = tagged_hash("BIP0352/SharedSecret", ecdh || k)
P_k          = B_spend + t_k * G              # the Taproot output key

Different donors produce different P_k values because the ECDH shared secret depends on their own input keys. Even the same donor paying twice produces different outputs.

Receiving works by scanning, not by watching an address. A public indexer (Agora uses BlindBit Oracle) publishes a per-transaction tweak equal to input_hash * A. The activist's wallet completes the ECDH locally with b_scan, which never leaves the device, and checks candidate P_k values against the block's Taproot outputs. A match means the output belongs to the activist.

Scanner: src/lib/hdwallet/sp/scanner.ts. Primitives: src/lib/hdwallet/sp/crypto.ts. Spend path: src/lib/hdwallet/sp/spend.ts, which reconstructs d_k = b_spend + t_k and signs the BIP-341 sighash directly with BIP-340 Schnorr, deliberately bypassing the automatic TapTweak in @scure/btc-signer because P_k is already the output key.

Because the unlinkability of silent payments only holds if the private funds never touch the public wallet, the two are kept strictly isolated. Agora exposes separate Public and Private wallets, each with its own balance, addresses, and history. The two UTXO sets can never be spent together: coin selection only ever sees inputs of the matching kind (public draws from BIP-86, private from silent payments), and private-wallet change is routed back to a fresh silent-payment output rather than a public change address. Combining a private UTXO with a public one, or sending private change to a public address, would link the two on-chain and destroy the very unlinkability silent payments exist to provide.

Campaign addresses

Silent payments are a decentralized solution to address reuse, that let us skip the coordinating server entirely. The freshness step happens inside the donor's wallet, using only public information. The activist publishes one static sp1q… in their campaign event (a Nostr addressable event, kind 33863), and that's it.

Agora can't tell, from the silent-payment side alone, which campaign a given donation was intended for. The comparison:

Approach	Donor privacy	Server?	Per-campaign totals?
Single shared on-chain address per campaign	Weak (donors cluster)	No	Yes
Server-coordinated fresh address per donor	Strong on-chain	Yes (central failure point)	Yes
Static `sp1q…` per user (Agora SP mode)	Maximal (every output unlinkable)	No for address generation, but yes for scanning (public indexer, decentralized)	No (by design)
Fresh BIP-86 leaf per public campaign (Agora public mode)	Donors cluster, per-campaign	No	Yes

Activists pick one. Most accept both, and the donation page produces a single BIP-21 URI (bitcoin:bc1p…?sp=sp1q…) so BIP-352-aware wallets take the private endpoint and everything else falls back to on-chain.

Silent payments are a solution to the problem of static address reuse for fundraisers, however, they are not a solution for all of Bitcoin's privacy problems. Agora is designed not for users who require perfect privacy, but for people who need money and are willing to accept some tradeoffs to get it in the most accessible format. For pure privacy, the solutions require either a custodian like a Cashu mint or using a different coin entirely, like Monero.

What's next for Agora

The response since launch has been beyond what we expected. In the first few days alone, over 60 campaigns were created, most of them from Palestinian families, and more than $5,000 worth of Bitcoin has already been donated and distributed directly to recipients.

Further testing and exploration of privacy systems

We are still in the early days of BIP-352 implementation and adption, with much to be learned and improved upon. We plan to continue battle testing the silent payment wallet against real world scenarios and to explore further improvements to the implementation and UI to make it more secure, private, and user-friendly with a focus on empowering users to make informed decisions about their own privacy and security. We are also exploring additional privacy layers such as multi-sig for users concerned about physical security.

Verification System for Campaigns

Anyone can create a campaign on Agora. That's intentional: no central authority decides who gets to ask for help. But donors, especially institutional ones, reasonably want to know a campaign is who it claims to be. (Learn how Agora works for activists.)

We're building a verification model where signals come from trusted civil-society institutions (HRF, the World Liberty Congress, regional coalitions) rather than from corporate identity providers, and can be revoked when circumstances change. Verification is a confidence signal, not a permission gate. If verification breaks, campaigns keep running.

Local Pilot Coalitions

Agora campaigns submitted by Palestinian activists seeking censorship-resistant Bitcoin funding

We are developing on three coalitions to battle-test Agora's central promises and tradeoffs in high-impact communities.

1. World Liberty Congress members

We are already working closely with Leo and other members of the WLC to pilot Agora in their key countries such as Venezuela, Cambodia, Uganda, Zimbabwe, and Nicaragua. We are planning to host onboarding training and research gathering sessions with leads of these movements.

2. Palestine aid coalition

Our next major pilot is with a coalition of Palestinian activists, one of the hardest fundraising environments in the world. We already have dozens of Palestinians who have submitted campaigns seeking funding, with the largest barrier to funder engagement being verification and trust. We're working on building a team of on-the-ground experts from organizations such as Realign for Palestine and Operation Olive Branch to develop a full model covering onboarding, verification, operational safety, and off-ramping.

3. African women's sovereignty coalition

Thanks to the contacts we have developed through Hack4Freedom and the Human Rights Foundation, we plan to collaborate with multiple organizations in Africa dedicated to women's financial empowerment and sovereignty. We will be traveling to Nairobi next week with multiple meetings scheduled to advance these conversations.

Marketing and Funding Partnerships with Bitcoin Businesses

Agora's natural funding base is the Bitcoin community. We're talking to companies and foundations that have been waiting for credible applications that actually exercise Bitcoin's censorship-resistance properties and who wish to add a charitable element to their business model. If you are one such business, please get in touch with us!

In the long run, we hope that Agora can also be a mainstream use case for Bitcoin adoption to help everyday people understand the freedom that Bitcoin can bring to the world. Learn more about Agora.