Message content is end-to-end encrypted (libsodium crypto_box: X25519 + XSalsa20 + Poly1305). The server cannot read your messages even if compromised.
Constant-cadence broadcast: every client emits a fixed-size packet on a fixed schedule, real or random. A passive on-path observer cannot tell which slot in each broadcast is your real conversation.
What this app does NOT protect against
Untrusted servers. Only connect to a server run by you or someone you trust. BeatEm is open source — setting up your own server is straightforward (see the project README). A custom server can log every connection, fake any field, and weaken anonymity in ways the client cannot detect.
Sybil flooding. Anyone can open many WebSocket sessions to the server at near-zero cost. They then know which slots they did not send, narrowing the real conversation. No "client count" indicator can detect this, so this app deliberately does not show one.
Endpoint compromise. If your browser, device, or extensions are compromised, none of the above helps.
Local data
Your secret key, public key, and peer list are stored in this browser's localStorage. Chat history is in memory only and is lost on reload.
Add or select a peer to start chatting.
My public key
Have your peer scan this with the Scan button on their side, or with their phone camera.