Encrypted chat without an account, a phone number, or an install
Ciphar is a zero-knowledge encrypted chat app that runs entirely in your browser. There is nothing to download, no account to create, no phone number or email to verify. You click Initialize Secure Channel, share the link and access key with the other person over a trusted medium, and you are talking. Sixty minutes later the channel and every byte of ciphertext is gone forever.
Every message, file, reply, and voice frame is encrypted in your browser with AES-256-GCM before it touches the network. The encryption key is derived locally from your access key using PBKDF2 with 100,000 SHA-256 iterations. The relay never sees your password, your derived key, your messages, or your files. It sees opaque ciphertext, an initialization vector, an authentication tag, and an expiry timestamp — and it deletes all of it after one hour.
Why no account and no phone number
Most encrypted messengers solve message confidentiality but make you trade your phone number, your contact list, and a permanent identity for the privilege. For people who do not already trust the other party with that information — a journalist's source, a lawyer's new client, a security researcher's anonymous tipster — that trade is exactly the wrong shape. Ciphar removes identity from the protocol entirely. There is no "you". There is only a channel name, an access key, and a 60-minute timer.
For the full picture of what the relay can and cannot see, read the security model. For the step-by-step walkthrough of the cryptography, read how Ciphar works.
Who reaches for Ciphar
- Journalists and their sources — first contact without exchanging phone numbers.
- Lawyers and clients — privileged conversations that should not live on either device.
- Healthcare professionals — sensitive coordination outside the system of record (with regulatory caveats).
- Security researchers — vulnerability disclosure, off-the-record incident coordination.
How Ciphar compares
Ciphar is not trying to replace Signal, WhatsApp, or Telegram. It solves a different problem: short, anonymous, ephemeral conversations under a hard self-destruct. For ongoing relationships with someone you trust with your phone number, a long-lived messenger is still the right answer. For one-time encrypted notes, a tool like Privnote works. Read the honest, side-by-side breakdowns:
- Ciphar vs Signal — when to use which.
- Ciphar vs WhatsApp — encrypted chat without your phone number.
- Ciphar vs Telegram — E2E by default, not opt-in.
- Ciphar vs Privnote — real-time chat vs single notes.
What is "zero knowledge"
Zero knowledge, in this context, means the server has no knowledge of the plaintext content of the data it stores. The relay holds ciphertext only. It cannot read your messages because it does not have the key. It cannot recover your messages if you lose the key, because it does not have the key. It cannot hand cleartext over to anyone — a court, an attacker, an employee — because there is no cleartext to hand over. The trade-off is that there is also no recovery: lose the access key and the channel is unrecoverable, even by us. That is by design.
Common questions
The full list lives on the FAQ page. The short version: yes the encryption is real, no the server cannot read your messages, no there is no account, yes it is free, yes it works on phones, and yes the channel is genuinely deleted after 60 minutes — there is no archive, no soft delete, and no recovery path.
Ready to try? Scroll back up and click Initialize Secure Channel. It takes about three seconds.