Skip to content

lissy93/arnon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

47 Commits
.well-known
.well-known
Β 
Β 
pwa
pwa
Β 
Β 
relay
relay
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CNAME
CNAME
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
accessibility.html
accessibility.html
Β 
Β 
index.html
index.html
Β 
Β 
privacy.html
privacy.html
Β 
Β 

Repository files navigation

Arnon

Encrypted conversations that leave no trace. No download. No account. No history.

A complete encrypted messenger β€” app + relay β€” in 489 lines of code.

Structure

arnon/
β”œβ”€β”€ index.html          # Landing page (GitHub Pages)
β”œβ”€β”€ accessibility.html  # Accessibility statement
β”œβ”€β”€ Dockerfile          # Docker setup for relay
β”œβ”€β”€ .well-known/
β”‚   └── security.txt    # Security contact info
β”œβ”€β”€ pwa/
β”‚   └── app.html        # The entire app β€” single file
└── relay/
    β”œβ”€β”€ server.js              # Blind relay server (Node.js + ws)
    β”œβ”€β”€ package.json
    └── arnon-relay.service    # systemd service file

How it works

  1. One person opens arnon.app and taps "New conversation" β€” gets a link
  2. They send the link to someone
  3. The other person opens the link β€” encrypted chat starts instantly
  4. Close the tab β€” everything is destroyed

Features

  • End-to-end encrypted (ECDH P-256 + AES-256-GCM, Web Crypto API)
  • Text messages + voice notes (30s max) β€” no photos, videos, or file sharing, by design
  • Self-destruct timer (5min / 15min / 30min / 1hr) β€” destroys the entire room
  • No account, no phone number, no email
  • No download β€” works in any browser
  • Close tab = everything destroyed (keys, messages, identity)
  • Blind relay β€” sees only encrypted blobs in memory, nothing written to disk, nothing to hand over
  • Relay hardened β€” runs as dedicated non-root user, rate limiting (5 rooms/IP), 1MB message size limit, 24-char room IDs
  • Content Security Policy β€” restricts scripts, connections, and media sources
  • Accessible β€” aria labels, keyboard navigation, screen reader support
  • Responsive β€” works on phone, tablet, desktop
  • Tor Browser compatible (voice notes may not work)
  • Free forever β€” no company, no investors, no monetization plan

Architecture

  • Crypto: ECDH P-256 key exchange β†’ AES-256-GCM (Web Crypto API, no WASM)
  • Relay: Forwards encrypted blobs in memory only β€” nothing written to disk. No accounts, no logs. Runs as dedicated user. Hosted in Helsinki, EU (GDPR).
  • Storage: None. Everything in memory. Close tab = destroyed.
  • Voice: MediaRecorder β†’ encrypted β†’ relay β†’ decrypted β†’ audio element
  • Self-destruct: Timer synced from relay on key exchange. Room destroyed server-side when time is up.

Privacy

What the relay sees What the relay does NOT see
An IP connected Who you are
A blob was stored What's in the blob
A blob was picked up Who sent it or who it's for

For stronger anonymity, use Tor Browser. Voice notes may not work in Tor Browser.

Deploy

# Relay (on VPS)
useradd -r -s /usr/sbin/nologin arnon
mkdir -p /opt/arnon/relay
cp relay/server.js relay/package.json /opt/arnon/relay/
cd /opt/arnon/relay && npm install
chown -R arnon:arnon /opt/arnon
cp relay/arnon-relay.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable arnon-relay
systemctl start arnon-relay

# Landing page + PWA β€” host on GitHub Pages
# Update RELAY and BASE constants in pwa/app.html to match your domain

Docker

docker build -t arnon-relay .
docker run -d --name arnon-relay -p 9444:9444 --restart always arnon-relay

License

AGPL-3.0 β€” see LICENSE.

Built by Particular Ltd.

About

πŸ” Encrypted conversations that leave no trace. 476 lines of code. No app, no account, no history.

arnon.app

Resources

Readme

License

View license
Activity

Stars

3 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages