Reclaim your digital sovereignty.
Digital conversations are exposed. GhostChat restores the balance of power, creating an impenetrable layer of client-side encryption over your existing platforms. Secure your data before it leaves your machine.
Requires GhostChat on both ends with a shared passphrase.
Press Shift before Enter to encrypt.
The current internet architecture is built on the assumption that your private data is a currency. Centralized platforms—even those claiming high security—often retain control over the metadata and the encryption keys that define your digital identity.
In a world of automated surveillance and data harvesting, the illusion of "private messaging" has made us vulnerable. We share our financial data, legal discussions, and intimate thoughts on platforms that have a financial incentive to analyze them.
"Encryption is not a luxury. It is a fundamental necessity for the preservation of a free and autonomous digital life."
GhostChat was designed to break this cycle of dependency. By injecting a high-performance cryptographic layer directly into the browser's Document Object Model (DOM), we bypass the platform's visibility entirely.
The host platform becomes nothing more than a delivery vehicle for encrypted noise. They cannot read your history. They cannot harvest your keywords. They cannot compromise your future.
You hold the keys. You manage the entropy. You define the boundaries of your digital world.
"Privacy is the power to selectively reveal oneself to the world."
Trust should never be blind. GhostChat is built on a foundation of verifiable, open-source principles designed to survive extreme scrutiny.
Our codebase is entirely transparent. We invite security professionals and privacy advocates to audit our logic to ensure no backdoors exist.
GhostChat does not request access to your identity or browser history. We only interact with the specific elements of the chat platforms you authorize.
The extension operates as a local tool. It does not communicate with any external APIs or servers. All data stays within your local environment.
We do not collect usage statistics, tracking pixels, or error reports. Your interaction with the tool is your business alone.
GhostChat leverages the native Web Crypto API to perform hardware-accelerated cryptographic operations within the browser's high-security sandbox. Encryption is manually triggered using a keyboard event (Shift) prior to message submission to ensure plaintext never reaches the network layer.
Every session key is derived from your high-entropy passphrase using PBKDF2-HMAC-SHA256. For every message transmitted, GhostChat generates a unique 96-bit Initialization Vector (IV) and appends a 128-bit authentication tag, ensuring that any tampering by the host platform is instantly detected and rejected.
// Client-Side AES-GCM Protocol async function encryptPacket(rawText, userKey) { // Non-repeating 96-bit IV const iv = crypto.getRandomValues(new Uint8Array(12)); const buffer = new TextEncoder().encode(rawText); const ciphertext = await crypto.subtle.encrypt( { name: "AES-GCM", iv: iv, tagLength: 128 }, userKey, buffer ); return serialize(ciphertext, iv); }
Deterministic Derivation: Your actual master passphrase never exists in plain text on your storage. It is processed into a cryptographic key and held only in volatile memory.
DOM Injection: GhostChat scans the chat interface for specific markers, decrypting packets in real-time. This allows for a native-feeling experience without compromising security.
Message Isolation: By using unique IVs for every transaction, we ensure that the discovery of one message's parameters provides no advantage in decrypting any subsequent communications.
GhostChat operates on a shared-secret model. Both participants must have the GhostChat extension installed and must use the exact same passphrase.
Messages are encrypted locally before transmission and decrypted locally upon detection. Without the correct passphrase, encrypted messages remain unreadable Base64 ciphertext.
GhostChat does not perform key exchange or identity verification. Security is entirely dependent on the strength and secrecy of the shared passphrase.
1. Type your message in the Discord Web chat input.
2. Press Shift to encrypt the message locally in the input field.
3. Confirm the message now displays as an encrypted Base64 string.
4. Press Enter to transmit the ciphertext securely.
* Encryption must occur via the Shift key before pressing Enter to ensure plaintext is never sent.
AES-GCM ensures that your messages are both encrypted and authentic. No platform can alter your text without failing the tag check.
Settings are stored using browser-encrypted local storage, isolated by the Extension API's strict origin policies.
Integrated directly into Discord Web. Use the platform you love while maintaining the privacy you deserve.
To anyone without the extension and the shared key, your messages appear as unreadable cryptographic noise.
Built with vanilla JavaScript and native browser APIs. No external dependencies. No performance overhead.
You generate the keys. You control the distribution. We simply provide the engine to execute your security policy.
PLATFORM SUPPORT
GhostChat is currently optimized for Discord Web. The extension integrates directly into the browser DOM, allowing seamless encryption and decryption without altering the platform experience.
Support for additional mainstream web platforms is actively in development. Future releases will expand compatibility while maintaining the same client-side encryption architecture.
Download the release package or clone the source code from the official GitHub repository.
Navigate to chrome://extensions, enable Developer Mode, and select the 'Load unpacked' option.
Type your message normally. Press Shift to encrypt it before sending. Once encrypted, press Enter to transmit securely. Ensure both participants share the same passphrase.
GhostChat began as an experiment in restoring user-controlled encryption to everyday platforms. We reject the notion that a convenient digital life must be built on a foundation of vulnerability.
Our objective is to empower the individual. In an age of centralized control, the ability to have a truly private conversation is a fundamental human right. GhostChat is the bridge between the utility of modern social networks and the sanctity of private correspondence.
By deploying GhostChat, you are reclaiming your identity. You are becoming a ghost in the machine. You are securing the future of your digital autonomy.