Mosh Privacy By Default

Mosh Privacy By Default is not a feature. It is the baseline. Every packet, every handshake, every reconnection happens without leaking metadata or exposing sensitive state. When a user opens a session over unstable networks, Mosh encrypts content end-to-end and discards anything the remote endpoint does not need.

Traditional session tools leave traces. They reveal IPs, session lengths, and in some cases raw keystrokes in transit. Mosh was built to reject that. Privacy by default means eliminating optional toggles for security. There is no configuration flag to forget. It ships locked down, so the cost of a mistake is zero.

Its transport protocol works over UDP, but never trusts the network. Authentication happens with strong cryptographic keys. The server never stores history. If the session drops, Mosh picks up where it left off without resending sensitive data. Packet loss and roaming between networks become background noise—no dropped connections, no exposed buffers.

For teams that care about compliance, security reviews are simpler. Privacy by default satisfies the principle of least privilege: no extra data, no expanded attack surface. Deployment is fast because settings are minimal. What you see in the specification is what runs in production.

Engineers can adopt it without trade-offs in usability. Managers can approve it knowing there’s no hidden dependency on user behavior for security. You get persistent, secure remote sessions that just work, even with shifting IPs or high-latency links.

See Mosh Privacy By Default in action and spin up a secure environment on hoop.dev in minutes.