Frequently Asked Questions
Quick, honest answers about Ciphar — what it is, what it is not, and how it compares to other private-messaging tools.
Is Ciphar really anonymous?
There is no account, no phone number, no email, and no profile. The server stores no user identity. Your network provider still knows your device contacted ciphar.org, and the other participant in the channel still knows whatever you tell them. Ciphar removes identity from the relay; it cannot remove identity from the conversation itself.
Can the server read my messages?
No. Messages are encrypted in your browser with AES-256-GCM before they leave your device. The relay only ever sees ciphertext, an initialization vector, and an authentication tag. The decryption key is derived from the access key, which never touches the server.
What happens after 60 minutes?
The channel and every encrypted blob associated with it are deleted from the relay. There is no archive, no recovery, and no soft delete. New attempts to load the URL show "Channel not found".
What if someone tries to guess our access key?
Two things happen at once. The relay rate-limits the attempting IP and locks them out with a retry-after timer. At the same time, a system message is posted into the channel so everyone already inside sees it in real time: a SECURITY_ALERT | ACCESS_ATTEMPT line on the first wrong try, MULTIPLE_ATTEMPTS on the second, and CHANNEL_UNDER_ATTACK + BURN_NOW from the third. The alerts contain no IP, no fingerprint, and no identifier — just the fact that a guess happened — giving you time to hit the burn button. Combined with PBKDF2 (100,000 SHA-256 iterations on the access key), random guessing a real Ciphar key is computationally impractical anyway.
Can I destroy a channel before the 60 minutes are up?
Yes. Every channel has a BURN CHANNEL button. Pressing it deletes the channel and every encrypted blob from the relay immediately — the same wipe the timer would have done, just earlier. There is no confirmation prompt, no undo, and no soft delete. If you need a conversation to end now, you end it now.
The home page shows a counter — what data is stored?
A single integer: how many channels have ever been created across the entire site. It lives in one row of one table, holds no timestamps, no identifiers, no per-channel data, and no link to any user or conversation. It is incremented atomically when a channel is forged. That counter is the only piece of state Ciphar keeps for longer than sixty minutes.
Do I need to install anything?
No. Ciphar runs entirely in your browser. Open the link, type the access key, and you are in.
Is it free?
Yes. There is no paid tier, no metered limit, and no upsell.
How is Ciphar different from Signal?
Signal is a long-lived messenger tied to a phone number. It is excellent for ongoing relationships with people you trust with your number. Ciphar is for short, ephemeral exchanges with people you specifically do not want to give your number to — sources, anonymous tipsters, one-off contacts. Ciphar requires nothing and forgets everything after 60 minutes; Signal remembers your contacts and your message history.
How is Ciphar different from Privnote?
Privnote is for one-time encrypted notes — the recipient opens it once and the note is destroyed. Ciphar is a real-time chat with multiple messages, replies, file transfer, and optional encrypted voice rooms, all under the same one-hour self-destruct.
What encryption does Ciphar use?
AES-256-GCM for symmetric encryption, with the key derived from the access key using PBKDF2-HMAC-SHA-256 at 100,000 iterations. All randomness comes from the browser's native crypto random source.
Can I share files?
Yes. Files are encrypted in your browser and uploaded as ciphertext. The relay never sees the cleartext file. Files self-destruct with the channel.
Does the other person need an account?
No. Send them the channel link and the access key over a separate trusted medium. They open the link, paste the key, and they are in.
What if I lose the access key?
There is no recovery. By design — Ciphar cannot recover what it never had. Re-share the channel with a new key, or forge a new channel.
Can the server be compelled to hand over my messages?
There are no decrypted messages to hand over. The server only ever stored ciphertext, and after 60 minutes there is no ciphertext either. The server can be compelled to disclose what it has — which is opaque blobs, soon deleted.
Is Ciphar HIPAA / GDPR / PCI compliant?
No. Ciphar has not been formally assessed against HIPAA, GDPR data processing agreements, PCI-DSS, or any similar regime. See the Terms of Service for the full position: https://ciphar.org/terms#not-for-regulated-uses
Still curious? Read about how it works, the full security model, or just forge a channel.