anonymous · encrypted · ephemeral

whispr

talk. disappear.

generating ephemeral identity...

no signup · no trace · disappears when you leave

$ whispr --how-it-works

how it works

no accounts. no servers storing your messages. here's exactly what happens.

you open whispr

No install, no login. The app loads entirely in your browser. A random identity is generated locally — alias and encryption keys — and exists only in memory.

a room is created

Clicking "start a whispr" calls a Cloudflare Worker that spins up a temporary signaling room. The room has no content — it is just a meeting point. It auto-expires in 5 minutes if nobody joins.

you share the link

The invite link encodes the room ID. Share it however you want — the link burns after the first person opens it. No third party can snoop in.

keys are exchanged

When the other person opens the link, both browsers perform an ECDH P-256 key exchange over the temporary WebSocket relay. A shared AES-256-GCM session key is derived locally in each browser. The relay never sees the keys.

direct connection established

WebRTC upgrades the connection to a true peer-to-peer DataChannel. The Cloudflare Worker self-destructs — it is no longer in the path. All messages travel directly between your browsers.

you chat

Every message is encrypted in your browser before it leaves. The other person's browser decrypts it on arrival. Nothing is stored anywhere. No logs. No history.

someone leaves

Either tab closes and the session ends. The shared key is gone. The messages are gone. The room is gone. There is no recovery. This is by design.

$ whispr --use-cases

use cases

situations where you need to talk without creating a permanent record.

quick one-off conversationspersonal

"here's the thing — read it and it's gone."

You need to send something to someone without starting a contact, a thread, or a paper trail. whispr gives you a channel that disappears when you're both done.

sensitive feedbackprofessional

You want honest input from someone who might self-censor if their name is attached. Share a whispr link, let them speak freely. The conversation expires when you both leave.

temporary coordinationprofessional

Something is happening right now and you need an out-of-band channel fast. Spin up a whispr in seconds. No setup, no inbox to clean up afterward.

anonymous tipssensitive

You have information that matters but cannot attach your name to it. whispr lets you open a channel without either party revealing a real identity. The server never knows who you are.

shared or borrowed devicepersonal

You are on a library computer, a hotel kiosk, or a borrowed phone. whispr is browser-only with zero localStorage. Close the tab and the session is completely gone.

research and interviewsresearch

Reach participants or sources without exchanging personal contact details. Share a link in a post or survey. They reach you once, anonymously, with no permanent connection created.

$ whispr --security

security

what we built, what it covers, and where the limits are. no marketing, just facts.

// encryption model

key exchangeECDH P-256

key derivationHKDF-SHA-256

message encryptionAES-256-GCM

key generationbrowser WebCrypto API

private key storagein-memory only · never written to disk

forward secrecysession-level · new keys per whispr

server seesnothing · blind WebSocket relay only

// what whispr protects against

✓server breach

The Cloudflare Worker is a blind relay. It stores nothing. A full compromise reveals no message content, no keys, no identities.

✓network interception

Messages are encrypted before leaving your browser. The relay only sees ciphertext it cannot read.

✓passive surveillance

No plaintext passes through any infrastructure. There is nothing to log.

✓identity linkage

No email. No phone. No name. Your alias is randomly generated in your browser and means nothing to us.

✓message persistence

Messages exist only in React state. They are never written to disk, localStorage, or any database. Tab closes — they are gone.

✓metadata accumulation

Unlike server-based apps, whispr has no user records, no conversation history, no timestamps stored anywhere. The Worker self-destructs after handshake.

// honest limitations

!endpoint compromise

If your device or browser is compromised, an attacker with local access can read messages on-screen. E2EE does not protect against this.

!recipient behavior

Once the other person reads your message, they can screenshot or copy it. Ephemeral channels cannot prevent human action.

!not Signal protocol

whispr uses session-level ECDH, not the Signal Double Ratchet protocol. The threat model is different. We do not claim otherwise.

!WebRTC metadata

Your IP address is visible to the other peer during a WebRTC connection. This is a WebRTC limitation. Use a VPN if IP privacy matters for your use case.

!link interception

If someone intercepts your invite link before the intended recipient opens it, they can claim the session. Share links through a trusted channel.

// infrastructure

signaling relayCloudflare Workers · blind · ephemeral

room stateDurable Objects · auto-destructs post-handshake

WebRTC traversalCloudflare TURN · 1TB/mo free tier

app hostingVercel · static shell only

message routingpeer-to-peer · no server in the path

data retainednothing · ever

$ whispr --start

ready to disappear?

no account. no trace. gone when you leave.

generating ephemeral identity...

0serversrequired

0databasesused

0accountsneeded