System Architecture

Zero-Knowledge Ephemeral Chat

SecureChat is a real-time communication platform engineered for operational security. No persistence, no accounts, no trace. When the room dies, everything dies with it.

Core Principles

What makes it different

💾

Volatile Memory Only

No database. No file writes. All state is held in thread-safe Python dicts — gone on restart.

⚡

WebSocket-Native

Socket.IO with gevent workers. Every message travels over persistent connections.

🔥

Auto-Purge Lifecycle

Rooms self-destruct after 60 minutes. Empty rooms are garbage-collected immediately.

🔒

Zero Logs

No logs. No trace. No user tracking. All session tokens are generated per-visit.

🖼️

EXIF Scrubbing

Images re-encoded through canvas, stripping GPS and device metadata.

⚖️

Host Authority

Room creators hold full moderation power with auto host-promotion on disconnect.

Threat Model

What we protect against

Server-side message interception — messages never written to persistent storage
Identity tracking — no accounts, no cookies tied to identity
Image metadata leakage — EXIF data stripped from all uploads
Zombie rooms — hard 60-minute TTL on all rooms
Reverse proxy timeouts — Socket.IO tuned for cloud deployment
Server fingerprinting — werkzeug header masked to prevent version disclosure
Flood attacks — per-IP rate limiting with in-memory storage

System Limits

Operational boundaries

Max simultaneous rooms20

Max peers per room100

Room lifetime60 minutes

Message buffer per room2,000 messages

Max message length4,000 characters

Max file attachment100 MB

Rate limit (per IP)2,000/day · 400/hr

Host recovery window20 seconds

Tech Stack

Built with

Flask 3.0 Flask-SocketIO 5.4 gevent 24 gevent-websocket gunicorn 22 Flask-Talisman Flask-Limiter Socket.IO 4.7 Playfair Display DM Sans / DM Mono CSS Grid + Flexbox Canvas API

← Back to Home