zkChat
Back to blog

Why we built zkChat: True privacy requires zero knowledge

How it worksStory

Most messengers today pitch "privacy" as a feature. End-to-end encryption, disappearing messages, private mode.

But in reality, there is almost always someone in the middle who could see something:

  • Servers that store metadata forever
  • Cloud backups that silently re-upload your chats
  • Companies that need analytics and growth dashboards
  • Legal or political pressure to weaken encryption

I wanted something different: a tool that doesn't want to know who you are, who you talk to, or what you say.

That's why zkChat exists.

What zkChat actually is

zkChat is a set of zero-knowledge tools:

  • Ephemeral group rooms end-to-end encrypted chats that vanish when everyone leaves
  • One-time messages (OTM) links that can be opened exactly once, then self-destruct
  • Private file drop files are encrypted client-side and auto-expire

There are no accounts, no usernames, no profiles. Your "identity" in a room is just a local, random persona: a color and a fun name. Reload the page and even that changes.

Encryption in the browser, not on the server

All encryption happens on your device using AES-256-GCM:

  • For each room or one-time message, the browser generates a 256-bit key
  • That key never leaves your device in plaintext
  • Messages or files are encrypted with that key before they ever hit the network

The decryption key is stored in the URL fragment (the part after #key=...). Browsers do not send that fragment to servers.

The server only ever sees:

  • room IDs
  • encrypted ciphertext blobs
  • basic presence counts (how many sockets are connected)

It never sees:

  • message content
  • file content
  • encryption keys
  • usernames or identities

Even if you gave someone full access to the server, they would see only random bytes.

Why there's a donate button at all

Running zero-knowledge tools isn't free:

  • Servers and bandwidth cost real money
  • Abuse protection and rate limiting take time to build
  • I want to keep zkChat independent: no ads, no trackers, no VC growth pressure

That's why there are crypto addresses in the footer and on this blog.

Donations keep zkChat:

  • Ad-free
  • Tracker-free
  • Account-free

If zkChat is useful for you, consider it like tipping your favorite open-source project it's what keeps the lights on without selling your data.

Support zkChat

zkChat stays ad-free, tracker-free and account-free. Donations help cover infrastructure and keep the project independent.