[//] CIPHAR

Encrypted Chat for Security Researchers

Vulnerability coordination, responsible disclosure, and working sessions on live exploits all share a property: the conversation is sensitive in the moment and a liability afterwards. Ciphar gives security researchers a fast, account-free channel that ceases to exist on a 60-minute timer.

Common scenarios

  • Initial disclosure contact. A researcher who has just found something serious wants to reach a vendor security team without using personal email or filing a public ticket. A Ciphar channel link in the vendor's security.txt works.
  • Off-the-record coordination during an incident. Multiple parties triaging a live issue can talk freely without a written record that may later be discoverable.
  • Pair-debugging on a sensitive system. Walking through logs, command output, or proof-of-concept artifacts with a colleague when those artifacts should not live anywhere persistent.
  • Bug-bounty triage with anonymous reporters. A reporter who wants to remain pseudonymous can be talked through a repro without ever exchanging contact details.

How it fits the workflow

Forge a channel, share the URL and access key over a trusted out-of-band medium (Signal, encrypted email, an in-person hand-off). The other party joins from any browser. Drop logs, screenshots, or PoC files in as encrypted attachments — they are uploaded as ciphertext and live only for the duration of the channel. Use the encrypted voice room for anything that is faster spoken than typed. After an hour, the channel and everything in it is gone.

Why ephemeral matters here

Detail about an unpatched vulnerability is high-value to attackers. Even an internal Slack channel is a long-term liability if it is ever breached. Forcing every working conversation to be ephemeral by construction shrinks the attack surface considerably.

What it is not

Ciphar is not a replacement for a coordinated disclosure platform, a CVE process, or an internal incident-management system. It is for the conversations that happen alongside those formal artifacts.

Read more: Security & threat model · How Ciphar works · FAQ.

Spin up a disclosure channel. Vanishes in 60 minutes.
Forge channel →