A privacy-first RSS reader that runs entirely in your browser. No accounts, no tracking, no analytics — your reading habits stay yours.
- Subscribes to RSS, Atom, and JSON Feed sources
- Stores all data encrypted in your browser (AES-GCM-256)
- Optionally syncs across devices with end-to-end encryption
- Extracts full article text when feeds provide only summaries
- Works offline after first load
Hosted — open my.feedzero.app. Nothing to install.
Run your own — one Docker command:
docker run -p 3000:3000 -v feedzero:/data ghcr.io/forcingfx/feedzero:latestOpen http://localhost:3000. Data persists in the feedzero volume; the image is on GitHub Packages.
Run it on a server with your own domain and automatic HTTPS — see Self-hosting (a Compose stack with Caddy, three commands).
Either self-host path unlocks every Personal feature for free.
FeedZero minimizes server-side data exposure:
| Component | What the server sees |
|---|---|
| Feed fetching | Feed URLs (required for CORS proxy) |
| Cloud sync | Encrypted blob + vault ID (cannot decrypt without your passphrase) |
| Everything else | Nothing — parsing, storage, and rendering happen in-browser |
No telemetry. No analytics. No crash reporting. No third-party tracking.
For the full threat model, cryptographic details, and honest limitations, see docs/architecture.md.
The CORS proxy is a trust point. It must see feed URLs to fetch them. If you don't trust the hosted version, run your own — the entire stack is one binary.
Paste any URL into the "Add feed" input:
- Direct feed URL:
https://example.com/feed.xml - Website URL: FeedZero will discover the feed automatically
| Key | Action |
|---|---|
j / k |
Next / previous item |
Enter |
Open selected item |
Escape |
Go back |
- Open Settings → Data & Storage
- Enable cloud sync
- Save your 4-word passphrase — it's the only way to access your data
Your passphrase never leaves your browser. The server stores only encrypted blobs.
- Import: Settings → Import OPML → select file
- Export: Settings → Export OPML → downloads your feed list
npm install # install dependencies
npm run dev # dev server at http://localhost:3000
npm test # Unit/integration tests (Vitest)
npm run test:watch # Watch mode
npm run test:coverage # Coverage report (90% threshold)
npm run test:e2e # E2E tests (Playwright)
npx tsc --noEmit # Type checksrc/
├── core/ # Framework-agnostic business logic
│ ├── feeds/ # Feed fetching, parsing, refresh
│ ├── parser/ # RSS/Atom/JSON Feed parsing
│ ├── storage/ # IndexedDB + encryption
│ ├── sync/ # E2E encrypted cloud sync
│ └── extractor/ # Full-text extraction
├── stores/ # Zustand state management
├── components/ # React UI components
└── pages/ # Route components
See docs/architecture.md for detailed architecture documentation.
- UI: React 19, TypeScript, Tailwind CSS v4
- State: Zustand
- Storage: Dexie.js (IndexedDB), Web Crypto API
- Parsing: Custom RSS/Atom/JSON Feed parser
- Sanitization: DOMPurify
- Extraction: Defuddle
- Testing: Vitest, Playwright, React Testing Library
FeedZero is built as a sustainable business, not a venture-funded runway. The category around us has gotten brutal — Pocket shut down November 2025, Omnivore November 2024, Tiny Tiny RSS's original maintainer retired the project the same month, Artifact closed January 2024. Each of those services took user data with them.
The structural commitments that keep FeedZero around:
- No external runway to outrun. No VC, no board demanding hockey-stick growth. We grow at the pace the work supports.
- No data we cannot lose. The server holds opaque encrypted blobs. There is nothing here to sell, sublicense, or accidentally leak — see docs/vault-format.md for the format.
- Lossless exit at all times. OPML import/export round-trips, the vault format is publicly documented, and the entire server runs as a single Hono binary you can self-host. If FeedZero ever shuts down, your data leaves with you.
- Open source. The privacy claims and the code that delivers them are auditable today.
- Focused. We are great at one thing: fetching feeds reliably and presenting them in a reader that's a pleasure to use. We decline features that would distract from that, even when the market is asking for them — see docs/strategy/003-playing-to-win.md.
If you're migrating from a product that just shut down, you're welcome here. We'll still be here when the next one does.
Found a vulnerability? See SECURITY.md for reporting guidelines.
See CONTRIBUTING.md for development workflow and guidelines.
AGPL-3.0-or-later. See LICENSE for the full text.
If you run a modified version of FeedZero as a public-facing service, section 13 of the AGPL requires you to offer your users access to the source of that modified version. The default deployment satisfies this out of the box because the source is already public — for any fork, host the diff somewhere your users can reach.