this post was submitted on 30 Jun 2026
25 points (93.1% liked)

Privacy

49557 readers
1195 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
 

Source code and details: https://git.anarchists.space/NanoChat/Server

Features

  • Small codebase
  • Messages expire after 30 days
  • Panic button to delete all messages in a room
  • WebSocket for communication
  • Docker support

Technical details

  • AES-256-GCM for client-side encryption
  • Key is not sent to server
top 10 comments
sorted by: hot top controversial new old
[–] armrecords@lemmy.ca 1 points 1 hour ago

A few ideas that could further strengthen the design:

  • Consider deriving separate keys from a master secret using HKDF (e.g. encryption key, authentication key, attachment key) instead of relying on a single key for everything.
  • Room IDs alone could leak metadata if discovered. An HMAC-based room authentication scheme could help without requiring the server to know any encryption keys.
  • Adding replay protection with counters/nonces and periodic key rotation would make the protocol more resilient.
  • For public deployments, some abuse protection (rate limiting, room creation limits, optional proof-of-work) would help prevent DoS attacks.
[–] thatsnomayo@lemmy.ml 1 points 2 days ago

Thanks for sharing I recommend Cheogram web which is in beta but will reach the full feature set of the app in due time

[–] solrize@lemmy.ml 2 points 3 days ago (1 children)

How does the anonymity work?

[–] nemesis3469@lemmy.world 2 points 3 days ago

There are no user identities (not even cryptographic ones), and room encryption key is stored in URL which is never sent to server. Anyone can choose any nickname and you can access official instance (https://nanochat.anarchists.space/) through Tor.

[–] voxel@feddit.org 2 points 3 days ago (1 children)

Cloudfare doesn't let me through. 🙄

[–] nemesis3469@lemmy.world 7 points 3 days ago (1 children)

We were under attack from a Singaporean botnet for two weeks, so I had to put our Forgejo instance behind Cloudflare because of that 🥲

[–] nutbutter@discuss.tchncs.de 1 points 3 days ago (1 children)

Do peojects like Anubis fail in such cases?

[–] nemesis3469@lemmy.world 7 points 3 days ago

Anubis is for blocking AI crawlers, not DDoS attacks

[–] dreamy@lemmy.blahaj.zone 0 points 2 days ago (1 children)

OnionShare already has a chat feature that works pretty well. What does this add?

[–] nemesis3469@lemmy.world 1 points 2 days ago

Codebase is small and easy to audit. The panic button wipes all chat history in a room and blocks future messages. OnionShare fully depends on Tor’s built-in encryption for message security while NanoChat has its own encryption, which means you can host it on different anonymity networks.