Zero knowledge. Messages are encrypted in your browser with AES-256-GCM before leaving your device.
The decryption key lives in the URL fragment (#) which is never sent to the server.
The server relays only ciphertext. Messages are ephemeral — they exist only while participants are connected.
Nothing is stored. Nothing is logged.
Share each link with one member only. Each invite is single-use —
it cannot be reused by another person. The room self-destructs in 24 hours.
Rendezvous
Passphrase-based rendezvous. Enter a pre-agreed passphrase and sequence number.
All members with the same passphrase and sequence will arrive at the same encrypted room.
Use Generate for a secure random passphrase, or enter your own (minimum 20 characters).
The server never sees the passphrase — all keys are derived locally.
How it works
1. A random room ID and 256-bit AES-GCM key are generated in your browser
2. One-time invite tokens are generated — each grants one person access
3. An access token is derived from the encryption key via HKDF — only key-holders can connect
4. The encryption key is in the URL fragment (#) — browsers never transmit this
5. Messages are padded to fixed sizes and encrypted client-side before transmission
6. The server relays opaque ciphertext — it cannot decrypt, determine message sizes, or identify participants
7. No messages are stored on the server — not in memory, not in a database
8. No IP addresses, cookies, user agents, or metadata are logged for chat routes
9. Rooms self-destruct after 24 hours and when the last participant disconnects
Limitations
Client-side encryption protects your data from the server operator,
network observers, and casual forensics. It cannot protect against:
• A compromised device (malware, keyloggers, screen capture)
• A compromised browser (malicious extensions with page access)
• Physical access to an unlocked device
• Browser vulnerabilities or zero-day exploits
This tool performs runtime integrity checks to detect common
tampering, but these checks run in the same environment they
are trying to verify — a fundamental limitation of
client-side security. For high-risk situations, use a trusted
device with a minimal browser profile (no extensions) and a
verified OS.
Choose a callsign (optional). Use a pre-agreed alias that other members will recognize.
Do not use your real name, online handle, phone number, or anything that could identify you.
Agree on callsigns through a separate secure channel before joining.
room:
0
Compare this safety number with other members via a separate channel. If they match, you share the same encryption key.
This number is derived from the room encryption key. A mismatch means someone has a different key.
How it works
All messages are padded to fixed sizes and encrypted with AES-256-GCM in your browser.
The server relays ciphertext only. The key never leaves your device.
Messages are ephemeral — they are not stored anywhere. When you close this tab, they're gone.
The room self-destructs after 24 hours.
Limitations
Client-side encryption protects messages from the server and
network observers. It cannot protect against a compromised
device, browser, or extensions with page access. For high-risk
situations, use a trusted device with no extensions and a
verified OS.