GhostChat
True peer-to-peer encrypted chat where messages vanish like ghosts. No servers, no storage, no accounts. Messages travel directly via WebRTC and exist only in memory. Self-destructing messages, panic button, file sharing, and zero tracking. Open source privacy-first messaging.
Install / Use
/learn @Teycir/GhostChatREADME
Support Development
If this project helps your work, support ongoing maintenance and new features.
ETH Donation Wallet
0x11282eE5726B3370c8B480e321b3B2aA13686582
Scan the QR code or copy the wallet address above.
</div> <!-- donation:eth:end --> <div align="center">👻 GhostChat
Your messages vanish like ghosts
True peer-to-peer chat where messages travel directly between users.
No servers storing or reading your conversations. Everything exists only in memory and disappears when you close the tab.
Live Demo • Contributing • Changelog
</div>📑 Table of Contents
- Screenshots
- Why GhostChat?
- Comparison
- Features
- Quick Start
- Architecture
- Security
- Development
- Deployment
- Professional Services
- License
- Acknowledgments
- Support
📸 Screenshots
<div align="center">Landing Page
Copy Invite Link
Chat Interface
Connection Fingerprint (MITM Protection)
🎯 Why GhostChat?
Most "secure" messaging apps still store your messages on servers. Even Signal and WhatsApp keep metadata. GhostChat is different:
- ✅ True P2P - Messages travel directly between users via WebRTC
- ✅ Zero server storage - No databases, no logs, no message history
- ✅ Memory-only - Everything stored in RAM, wiped on tab close
- ✅ No accounts - No phone numbers, emails, or persistent identity
- ✅ Self-destructing - Messages auto-delete after 5s, 30s, 1m, or 5m
- ✅ Open source - Fully auditable code (MIT license)
Perfect for: Journalists, whistleblowers, activists, lawyers, executives, or anyone who values true privacy.
📊 Comparison
| Feature | GhostChat | Signal | WhatsApp | Telegram | | ---------------------------- | --------- | ----------- | ----------- | ----------- | | True P2P | ✅ Yes | ❌ No | ❌ No | ❌ No | | No server storage | ✅ Yes | ❌ Metadata | ❌ Metadata | ❌ Messages | | Does not require account | ✅ Yes | ❌ Phone | ❌ Phone | ❌ Phone | | No logs | ✅ Yes | ❌ No | ❌ No | ❌ No | | Self-destruct | ✅ Yes | ✅ Yes | ❌ No | ✅ Yes | | Open source | ✅ Yes | ✅ Yes | ❌ No | ❌ Partial | | Cost | 💰 Free | 💰 Free | 💰 Free | 💰 Free |
✨ Features
🔒 Privacy & Security
- Direct P2P connections - Messages never touch servers
- E2E encryption - WebRTC native DTLS/SRTP
- Memory-only storage - Zero disk traces, no forensics possible
- Ephemeral identity - Random peer ID per session
- Auto-clear on close - All data wiped when tab closes
- Connection fingerprint - 4-emoji hash to verify no MITM
- Sensitive content blur - Auto-detect and blur passwords, SSN, credit cards
- Metadata stripping - Remove EXIF data from images
- Anti-forensics - Memory overwrite on message delete
💬 Messaging
- Self-destructing messages - Timer: 5s, 30s, 1m, 5m, or never
- Message deletion - Delete for both sides with P2P sync
- Read receipts - Single/double checkmark delivery status
- Typing indicators - See when peer is typing
- Markdown support - 16 formatting buttons (bold, italic, code, etc.)
- Quick emojis - 15 one-click emoji buttons
- Message search - Real-time filtering with highlighting
- Copy protection - Clipboard auto-clears after 10 seconds
📁 File Sharing
- P2P file transfer - Send files up to 10MB directly
- Chunked transfer - Reliable transmission via 64KB chunks
- Upload progress - Real-time progress bar
- Image preview - Inline display for images
- Metadata stripping - EXIF removal from images
🚨 Emergency Features
- Panic button - Clear all messages instantly (Ctrl+Shift+X)
- Message limit - Auto-cleanup (10, 25, 50, or 100 messages)
- Session timeout - Auto-disconnect after inactivity (5m-1h)
- Screen blur - Auto-blur on tab switch or idle
🌐 Infrastructure
- $0 operating costs - Cloudflare Workers signaling (200k requests/day)
- Automatic fallback - Worker 1 → Worker 2 → PeerJS backup
- PWA support - Installable as desktop/mobile app
- No tracking - Zero analytics, telemetry, or user data collection
🚀 Quick Start
For Users
1. Visit the app:
https://ghost-chat.pages.dev
2. Create a room:
- Click "Generate chat"
- Click "Create Room"
- Copy the invite link
3. Share with peer:
- Send invite link via text, email, or any channel
- Peer clicks link and connects automatically
4. Chat privately:
- Messages travel directly between you (P2P)
- Close tab when done - everything vanishes
For Developers
Clone and run locally:
# Clone repository
git clone https://github.com/teycir/ghostchat.git
cd ghostchat
# Install dependencies
npm install
# Run development server
npm run dev
# Open http://localhost:3000
Test P2P locally:
# Terminal 1
npm run dev
# Browser Tab 1: localhost:3000/chat
# Click "Create Room" → Copy invite link
# Browser Tab 2: Paste invite link
# Messages sync via WebRTC P2P
Build for production:
npm run build
npm start
# Or deploy static export
npm run build
# Upload /out directory to any static host
🏗️ Architecture
How P2P Works
User A Signaling Server User B
| | |
|------ Create Room ---------->| |
|<----- Peer ID: abc123 -------| |
| | |
| |<----- Join: abc123 -----|
|<---- WebRTC Offer -----------|------ Forward Offer --->|
|<---- ICE Candidates ---------|------ Forward ICE ----->|
| | |
|<========== Direct P2P Connection ===================>|
| | |
|-- "Hello!" ------------------------------------------>|
|<----------------------------------------- "Hi!" ------|
| | |
(Signaling server no longer involved)
Key Points:
- Signaling server only helps establish connection (WebRTC SDP exchange)
- Once connected, messages flow directly peer-to-peer
- Server never sees message content
- Connection uses WebRTC DataChannels (DTLS encrypted)
Tech Stack
- Frontend: Next.js 15, React, TypeScript
- P2P Protocol: simple-peer (primary), PeerJS (fallback)
- Signaling: Cloudflare Workers (self-hosted)
- Styling: CSS-in-JS (no external CSS frameworks)
- Storage: Memory-only (no localStorage/IndexedDB)
- Deployment: Static export (Cloudflare Pages, Vercel, Netlify)
Project Structure
ghostchat/
├── app/ # Next.js App Router
│ ├── page.tsx # Landing page
│ ├── chat/page.tsx # Chat page
│ └── globals.css # Global styles
├── components/ # React components
│ ├── ChatCore.tsx # Main chat logic
│ ├── MessageList.tsx # Message rendering
│ └── ...
├── lib/ # Core libraries
│ ├── peer-manager.ts # P2P connection manager
│ ├── storage.ts # Memory-only storage
│ ├── file-transfer.ts # Chunked file transfer
│ └── ...
├── public/ # Static assets
│ ├── manifest.json # PWA manifest
│ └── sw.js # Service worker
└── tests/ # Test suite
🔐 Security
Threat Model
What GhostChat protects against:
- ✅ Server-side data breaches (no server storage)
- ✅ Message interception (E2E encrypted)
- ✅ Forensic analysis (memory-only, no disk traces)
- ✅ Persistent surveillance (ephemeral sessions)
- ✅ Metadata collection (no accounts, minimal logs)
What GhostChat does NOT protect against:
- ❌ Compromised devices (keyloggers, screen capture)
- ❌ Man-in-the-middle attacks (verify fingerprint!)
- ❌ IP address exposure (peers see each other's IPs - use VPN)
- ❌ Browser vulnerabilities (keep browser updated)
Man-in-the-Middle (MITM) Attack Vectors
GhostChat is vulnerable to MITM attacks during the initial connection phase. Here's how:
1. Signaling Server Compromise
- The Cloudflare Worker facilitates WebRTC handshake (SDP exchange)
- A compromised signaling server could intercept and modify:
- Session Description Protocol (SDP) offers/answers
- ICE candi
