Login

u/we-are-in-simulation

▲ 3 r/alphaandbetausers+1 crossposts

I built a completely free, zero knowledge encrypted chat because I was tired of private messengers asking for my phone number or email id.

Live at: https://chat.shivamdhamejani.in

GitHub: https://github.com/dhamejanishivam/notrace

TL;DR: Free and open source. I got tired of "private" messengers asking for my phone number or email id, so I built NoTrace: a purely ephemeral, browser based, End-to-End Encrypted chat where the server is completely blind and holds zero metadata.

Every secure messenger today still wants your phone number, email, or access to your contact list. I wanted a true burner chat. You open the link, generate a cryptographic keypair locally, pick a username, and chat. When you clear your browser cache, your identity ceases to exist.

The Core Features:

  • Burn After Reading: Messages feature a word-count based timer. The countdown starts the moment they are read, after which they dissolve and are permanently wiped from local storage and also from the reciever's device.
  • Ghost Mode (Anti-Shoulder Surfing): Toggle ghost mode to heavily blur your entire chat history. Simply hover your mouse over a message to reveal it (or tap if on mobile).
  • Zero Server Storage: The server is a dumb relay and temporary queue. It routes base64 ciphertext and holds undelivered encrypted payloads until the recipient comes online, then purges them the exact millisecond they are fetched.
  • No IP Logging: I have entirely disabled standard Werkzeug and Engine.IO logging. The server literally does not log or know who is connecting to it.

Under The Hood (Tech Stack):

  • Frontend: Vanilla JS, HTML, CSS.
  • Crypto: Native Web Crypto API (RSA-OAEP 2048-bit). Your private key never leaves your local browser storage.
  • Backend: Python, Flask, Flask-SocketIO.
  • Database: SQLite (Used strictly as a temporary routing queue).

I need your help to break it. I am hosting the live instance on a VPS right now. I want to see if the architecture holds up to real socket traffic. More importantly, if there are any pentesters, devs, or privacy enthusiasts here, I want you to try to intercept the data, find metadata leaks, or break the logic.

Test it out with your friend (or generate two burner tabs). Let me know what I missed or if you find any flaws.

Live at: https://chat.shivamdhamejani.in

Source Code: https://github.com/dhamejanishivam/notrace

reddit.com
u/we-are-in-simulation — 15 hours ago