DEV Community: Rehan Kumar Sahu The latest articles on DEV Community by Rehan Kumar Sahu (@rehankumar554). https://dev.to/rehankumar554 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3948783%2F0a18e4d3-6791-43eb-9b29-73a477b8ac25.png DEV Community: Rehan Kumar Sahu https://dev.to/rehankumar554 en Why We Still Need Truly Anonymous Chat Apps in 2026 (And How I Built One) Rehan Kumar Sahu Sun, 24 May 2026 08:41:55 +0000 https://dev.to/rehankumar554/why-we-still-need-truly-anonymous-chat-apps-in-2026-and-how-i-built-one-e9g https://dev.to/rehankumar554/why-we-still-need-truly-anonymous-chat-apps-in-2026-and-how-i-built-one-e9g <p>I built an ephemeral, zero-footprint E2EE chat app using the Web Crypto API πŸ”’</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Figdwoxd6o4p3zhjzpbrx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Figdwoxd6o4p3zhjzpbrx.png" alt=" " width="800" height="377"></a></p> <p>Hey DEV community! πŸ‘‹</p> <p>For the past few weeks, I've been building <strong>Nixvoid</strong> β€” a completely anonymous, real-time chat application that runs entirely in the browser.</p> <p>The idea sparked from a frustration with modern "secure" messaging apps. Sure, they have end-to-end encryption, but they still want your phone number, your email, and your contact list. I wanted to build something where anonymity was the default, not an opt-in feature. No sign-ups, no tracking, no footprint.</p> <p>How it works under the hood πŸ› οΈ<br> Nixvoid relies heavily on the native <strong>window.crypto.subtle</strong> API.</p> <p>Key Generation: When you open the app, it generates an ECDH key pair.<br> Key Exchange: The public key is sent through Firebase (which acts only as a transit layer). The two clients derive a shared AES-GCM secret key.<br> Encryption: Every message is encrypted before it ever touches the network.<br> Here is a simplified idea of the core encryption flow:</p> <p>javascript</p> <p><code>// Deriving the AES-GCM key from the ECDH shared secret<br> const derivedKey = await crypto.subtle.deriveKey(<br> {<br> name: "ECDH",<br> public: remotePublicKey<br> },<br> localPrivateKey,<br> { name: "AES-GCM", length: 256 },<br> false,<br> ["encrypt", "decrypt"]<br> );<br> // Encrypting the payload<br> const iv = crypto.getRandomValues(new Uint8Array(12));<br> const encryptedMessage = await crypto.subtle.encrypt(<br> { name: "AES-GCM", iv: iv },<br> derivedKey,<br> new TextEncoder().encode(messageText)<br> );</code></p> <p>The 10-Second Auto-Destruct Rule ⏱️<br> End-to-End Encryption doesn't protect you from shoulder-surfing or a seized unlocked phone. To combat this, Nixvoid is deeply ephemeral.</p> <p>Once a message is rendered on the recipient's screen, a 10-second timer starts. When it hits zero:</p> <p>The DOM element is completely removed.<br> A signal is sent to immediately wipe the ciphertext from Firebase.<br> There are no databases holding your chat history. Once you close the tab, it’s gone forever.</p> <p>UI Privacy Customizations<br> I also built in a few local privacy tweaks stored purely in localStorage:</p> <p>Ghost Mode: Stops sending typing indicators.<br> Incognito Read: Blocks read receipts.<br> Feedback Wanted!<br> I’d love for you guys to check it out, try breaking it, or review the architecture concept. Let me know what you think of the UI/UX as well!</p> <p>πŸ”— Live App: <a href="https://nixvoid.vercel.app" rel="noopener noreferrer">Nixvoid</a></p> <p>Happy (and secure) coding! πŸš€</p> showdev webdev security javascript