Show HN: I made a zero-log, ephemeral, E2EE web chat

Every message you send, every file you share — it all lives somewhere. In your chat history, on a server in a data center, in a backup you forgot about. We’ve become accustomed to our digital lives being recorded by default.

I wanted to challenge that.

I wanted a way to have a quick, private conversation online with the same finality as a whispered secret. A digital equivalent of a note that you burn after reading. This led me to create TrashTalk.me, a free web app built on a simple, powerful idea: your conversation should never have happened.

What is TrashTalk.me? TrashTalk.me is a disposable, peer-to-peer, end-to-end encrypted chat application. Here’s the entire user manual:

Click one button. A unique, 64-character private chat link is instantly generated. Share the link. Send it to the one person you want to talk to. The room is strictly limited to two participants. Chat and transfer files. When one person closes the browser, tab, or clicks the trash can, the chat is permanently destroyed. There are no accounts, no sign-ups, no cookies, no user tracking, and no chat history. The moment the connection is broken, the session is gone forever.

The Philosophy: Privacy by Design, Not by Policy Most services today offer “privacy” as a feature you have to trust them to uphold. Their privacy policies are pages long because their systems are complex.

The privacy of TrashTalk.me is different; it’s based on the architecture itself. It’s private because it’s designed to know as little as possible.

No Database, No Logs: The Python backend server is completely stateless. Its only job is to be a temporary matchmaker for two browsers. It keeps no records of chat IDs, user information, or IP addresses. End-to-End Encryption (E2EE) by Default: All messages and files are encrypted and decrypted directly on the users’ devices using the Web Crypto API. The unencrypted content never, ever touches the server. I, the owner of the domain, cannot see what you’re saying. Peer-to-Peer (P2P) First: After the initial handshake, all your data flows directly between you and your peer using WebRTC. This is faster and more private. For users behind restrictive firewalls, the connection falls back to a TURN relay, but even then, the data passing through it remains end-to-end encrypted. How It Works: A Quick Look Under the Hood For those curious about the tech stack:

Frontend: Built with React and styled with Tailwind CSS. It’s a modern, responsive single-page application. Backend: A lightweight Python server using the websockets library for the initial signaling to connect two peers.

Security:

Signaling: The WebSocket connection is secured with SSL/TLS from Certbot. Encryption: The end-to-end encryption uses the standard Web Crypto API (ECDH for key exchange and AES-GCM for symmetric encryption of all messages and file chunks). Anonymity: The server is designed to be stateless, and using the app with a VPN or Tor Browser can further enhance user anonymity. Who Is This For? Developers needing to quickly share an API key or code snippet without pasting it into Slack. Friends wanting to share a secret, a surprise, or some good old-fashioned gossip. Journalists and Activists who need a quick, secure line of communication without requiring the other party to install a specific app. Anyone who believes that not every conversation needs to be saved forever. Try It Out TrashTalk.me is live and free to use. This was a passion project, and I’d love to hear what you think. Is it useful? Is it broken? What should it do next?

Check it out here: https://trashtalk.me

Let me know your thoughts!