Start an end-to-end encrypted chat, in 30 seconds

get it
There are no images or videos added to the gallery.
Add to gallery



You need to become a Contributor to join the discussion - Find out how.
Ryan HooverPro@rrhoover · Founder, Product Hunt
I spy a Christopher Walken cameo (that landing page is kind of intense). The site lacks any details on the encryption or how it works. Strange for a service that's entirely dedicated to privacy and security.
Ryan LesterMaker@theryanlester · Founder @cyph, Former engineer @SpaceX
@rrhoover Yep, that's Walken; @thebeefytaco got a little carried away with the video lol. Details are coming soon! This version of the landing page was pretty rushed, but we figured we'd just get it out there and worry about the content after the fact since our actual product is pretty good now. Basically, though, we're using OTR and authenticating with a randomly generated shared secret that we put in the URL fragment (visible only to the client), which means that our threat model for a server-side mitm is essentially that an attacker would need to compromise both the Cyph backend *and* the users' SMS/email/etc. (This ignores the possibility of an attacker who's hacked our backend brazenly pushing malicious code out to the frontend, but we have a solution for this problem in the works.)
Taylor Hou@taylorhou1
hmmmmm interesting little quirk. don't know if it was intentional but is it possible that the reason behind using for the chat links versus the .com is to foresee an event where the government takes over the .com but can't for the .im?
Ryan LesterMaker@theryanlester · Founder @cyph, Former engineer @SpaceX
@taylorhou Hmm, that's an interesting point. I hadn't thought of that (.im just seemed shorter and more convenient), but that's definitely possibly a good reason to keep using the .im domain!
@TheRyanLester there are other encrypted chats out there, what makes this unique?
Ryan LesterMaker@theryanlester · Founder @cyph, Former engineer @SpaceX
@TheRyanLester @GraehamF Two things, mainly: 1. It's super fast and simple. When you need it, you shouldn't have to bother installing an app (or trying to get someone else to install an app!). Cyph really streamlines the whole end-to-end process and lets you easily have a private chat with anyone. 2. It works anywhere. It's infuriating that our competitors pretty much only support mobile; some of us actually still use desktops and laptops!
Bram Kanstein (@bramk)Hunter@bramk · @nocodemvp | @startupstash (Acquired)
Cyph was founded by two former SpaceX engineers to meet their own high standards of what chat should be: completely private and delightfully dope. Try out a chat I created via:
Ryan LesterMaker@theryanlester · Founder @cyph, Former engineer @SpaceX
@bramk Nice, thanks for the post! That chat will only work for the first person who clicks it, by the way (by design), but hope the rest of you like our 404 page!
Bram Kanstein (@bramk)Hunter@bramk · @nocodemvp | @startupstash (Acquired)
@theryanlester aaah ok so it's 1-on-1 :p
Ryan LesterMaker@theryanlester · Founder @cyph, Former engineer @SpaceX
@bramk Yep, no group chat for now, but we should have that out by early next year.
Matthew A. Gallagher@galligator · Creator, nagg
I love this. Having used pidgin before and others, this is so refreshingly easy to use. I have a couple questions: 1) How do you plan to monetize? 2) Is the data wiped as soon as the browser window is closed? Is there a time limit you can be in a chat? 3) Is there an encryption key that allows the encrypted data to be deciphered into the readable text? Thanks for a great product!
Ryan LesterMaker@theryanlester · Founder @cyph, Former engineer @SpaceX
@galligator Thanks Matthew! 1. We won't be focusing on that for a while, but we have some ideas for freemium and enterprise services down the line. 2. Yep, completely gone. There's no time limit, though your local instance will disconnect if the other one goes offline for more than a few minutes. 3. Not really, no. I mean, it is the actual cyphertext we show in that screen, but there isn't one key or any other trivial way to convert that back into the source text. We're using OTR, which generates ephemeral keys and changes keys pretty frequently.