Completely Private Voice & Video Chat
Seriously Strong Encryption
Anonymity via Tor Hidden Service
Video Calling and File Transfers
Application Integrity Validation
No Signup or Downloads Required
Cross-Platform — Works on Any Device
Cyph is end-to-end encrypted using our patent-pending Castle messaging protocol. Castle is an encryption protocol inspired by the classic Off-the-Record (OTR), with a number of architectural details influenced by Open Whisper Systems' TextSecure protocol — such as the use of elliptic curves (ECDH/Curve25519).
The major departure that Castle takes from these other solutions is that it's been designed to theoretically withstand an attack from a quantum computer running Shor's algorithm (50 - 100 years from now). This is thanks to our incorporation of the post-quantum cipher NTRU, along with lower-level details such as a unique public key authentication technique that mitigates the theoretical strengths of a quantum computer. This helps ensure that your now-private conversations won't one day suddenly become public after an accident of science.
Fun fact: to crack a single Castle message would require 1038 Tianhe-2 supercomputers running for the lifetime of the universe.
Just connect to the Tor network and navigate to cyphdbyhiddenbhs.onion ("cyph'd by hidden backbone host server"). While this won't totally eliminate communication metadata in the way that solutions like Ricochet are designed to, it does very effectively obfuscate the origin of any traffic you send to Cyph.
Important note: Tor Browser Bundle is not currently supported. A bug in Firefox Private Browsing mode (which TBB depends on) currently causes it to misbehave when confronted with our TOFU implementation, and subsequently block any access to Cyph.
Voice/video calling is encrypted using a direct peer-to-peer DTLS-SRTP session between the clients, with public key authenticity assured by means of a fingerprint exchange via WebRTC signaling within the original Castle session.
File transfers are encrypted symmetrically using a one-time XSalsa20 key, which is distributed from the sender to any recipients through Castle.
Important note: unlike file transfers and standard Cyph messages, voice/video calling is in fact theoretically vulnerable to quantum computing attacks, due to a property of the WebRTC specification that (by design) blocks us from protecting the entire key exchange within our Castle session.
Cyph application packages are verified at run-time using our patent-pending browser-based Trust on First Use code signing framework, WebSign. WebSign will protect you even in the event that our servers and/or your TLS session are compromised.
Until we solved it, addressing this had long been considered an intractable problem, which is why you'll commonly see advice to avoid any product claiming to offer private communication or other cryptographic protection from within a Web app (e.g. MEGAChat, ProtonMail, etc.). With the sole exception of Cyph, such advice should be taken very seriously.
Cyph is extremely simple for anybody to use, and runs anywhere in one click — no installation or registration required. This makes it very easy to jump right into using, or to deploy to any new device (in addition to completely eliminating any potential hassle for friends with whom you intend to engage in encrypted communications).
Cyph from your desktop, laptop, phone, or tablet! Native mobile and desktop apps are on our roadmap, but right now you can use the Web version of Cyph anywhere.
Cyph provides an end-to-end encrypted messaging solution that, despite its friendliness and ease of use, offers a strong guarantee of confidentiality through the use of patent-pending technologies that dramatically improve upon existing, proven security methods. It was founded by two former SpaceX engineers with the vision of defending innocent people from increasingly sophisticated rogue hackers and invasive government mass surveillance.
Ryan and Josh have been friends for nearly two decades, in that time having spent many all-nighters working closely together on various software projects. Most recently, they were on the internal software quality team at Elon Musk's SpaceX, where Ryan drove the development of next-gen test automation tooling and frameworks while Josh led software quality assurance efforts.
Over the years, the difficulty of communicating privately online had become a constant thorn in their side. Existing solutions were largely cumbersome to use, had major functional limitations (lack of support for video calling, restrictions to small sets of platforms and operating systems, etc.), and often came with "gotchas" that would silently compromise confidentiality when one didn't have the expertise to fully understand the tool.
They knew there could be a better way, so they created Cyph.
Press The Button
The button will take you into the Cyph application, where you'll be given a custom shortlink to share with one friend.
When your friend opens this link, the conversation will begin.
Welcome Penn's Sunday School Jordan, Jesse, Go! We The People Sawbones Judge John Hodgman My Brother, My Brother and Me The Security Brief listeners!
Sign up below, and get bumped to the front of our waitlist for Cyph v2.
Sign up below, and you'll get first access to Cyph accounts and an extra 5 invites (10 total), for being a member of the Penn's Sunday School Congregation! Registration will be closing when we reach initial capacity.
Don't be confined to your buddy list — cyph anyone!
Unlike other messenger apps, Cyph gives you the freedom to start a secure chat or call with anyone — regardless of whether they're already using Cyph.
Don't be limited by your social network. When you want to chat, your friends who don't use Cyph will simply receive a cyph link, and with one click a private key will be generated for them right in their browser.
Video chat with peace of mind again.
For optimal performance, all video, audio, and transferred files are sent directly to the person you're cyphing (without ever touching our servers).
Since they're encrypted locally, however, even if intercepted, your friendly neighbourhood FBI van will only see gibberish
Powerful encryption on all your platforms.
Cracking a single Cyph message key would take longer than the age of the universe, even using the fastest supercomputers on Earth — and because the keys are constantly refreshed, even if one were somehow leaked, only a few messages would be compromised (rather than an entire conversation).
As an added layer of obfuscation, all of our encrypted traffic is randomly split between eight different datacentres around the world, with no obvious way for us to piece together the data belonging to any one chat.
Circumvent government censorship and blocked access with confidence.
Cyph is 100% supported for use on the Tor network, which allows you to hide your location, and subvert government and company internet filters.
In addition to having a recognisable Tor address (cyphdbyhiddenbhs.onion), Cyph is the first hidden service on the Tor network to deploy an Extended Validation SSL certificate, the highest level of trust and authentication for a website. This helps us easily let you know if you're ever connected to an impostor; to make sure you're connected to the real Cyph, just look for the green lock in the upper left-hand corner of your screen that reads "Cyph, Inc.".
We're now piloting a beta of Cyph for enterprises with a small set of startups and business customers.
Our standard enterprise beta offers:
- SDK for third-party Cyph integration
- Optional "modest branding" feature
- Hands-on support from the founders of Cyph
- Extra priority for feature requests
Custom arrangements may include:
- Extended SLA
- Self-branded white label distribution
- Custom Cyph deployments (internally forked, self-hosted, and/or self-signed)
If you're interested in learning more about Cyph's beta enterprise program, contact us now.
I'm sorry, but your cyph is in another castle...
Reasons why you may have landed here:
- A glitch in the matrix
- You're just guessing random URLs
- We broke something
Frequently Asked Questions
How do I use Cyph?
Simply go to cyph.im or click the "start new cyph" button and a cyph link will be generated for you to send to a friend. Text, email, or send the link to them via any other channel, and when they click it you both will enter a secure chat.
How do I send photos?
Click the media icon in the message composition textbox (on the far right; only visible when no text has been entered) and select the photo you wish to share.
How do I send files?
Click the paperclip icon (on the far left on desktops and on the top right on mobile) and select the file you wish to share.
How do I start a video or voice call?
Click the video (or phone) icon on the far left (desktop) / top right (mobile). A warning will pop up confirming that you wish to send the call invite and that connecting will expose your IP (Cyph video uses a peer-to-peer connection for voice and video, so you will be connecting directly to the other party instead of going through our servers).
What data do you track?
Currently, we only track numbers of: cyph sessions, messages, timeouts, voice/video calls, file transfers, signups, "cyphertext" UI views, and calls to our API.
How much does Cyph cost?
The Cyph beta is free to use for individuals (we intend to always have a free tier, because we see online privacy as a basic right) and we are currently piloting enterprise deployments of secure video and instant messaging.
Do you have an Android/iOS/TI-89 app?
Native chat applications for Android and iOS are in the works. We have no plans to support any Texas Instruments machines.
Why do I keep getting the "I'm sorry, but your cyph is in another castle" screen?
Common reasons for landing on this page are: the cyph URL has been opened more than once (only the first person who clicks it is allowed into the chat) or the cyph link has already expired.
Has there been a third-party security audit of Cyph?
Yes, Cure53 recently completed their audit of Cyph and concluded that "No major issues in regards to application security or cryptographic implementations could be spotted in spite of a thorough audit." [Complete Cure53 Pentest Report] A postmortem analysis will be posted on our blog soon.
How can I support Cyph?
One of the best ways you can support Cyph is by using it with your friends and talking about us on social media. You can also give feedback or donate to the cause. All donations will go towards the development and growth of Cyph.
What should I do if I encounter a bug?
Please contact us at email@example.com; our team generally has pretty fast response time. If you can, please include any steps to reproduce or other relevant information.
Terms of Service
By accessing this website, you are agreeing to be bound by these website Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trade mark law.
- Use License
Permission is granted to temporarily download one copy of the materials (information or software) on Cyph's website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:
- modify or copy the materials;
- use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
- attempt to decompile or reverse engineer any software contained on Cyph's website;
- remove any copyright or other proprietary notations from the materials; or
- transfer the materials to another person or "mirror" the materials on any other server.
- This license shall automatically terminate if you violate any of these restrictions and may be terminated by Cyph at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
The materials on Cyph's website are provided "as is". Cyph makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, Cyph does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet website or otherwise relating to such materials or on any sites linked to this site.
In no event shall Cyph or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption,) arising out of the use or inability to use the materials on Cyph's Internet site, even if Cyph or a Cyph authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
- Revisions and Errata
The materials appearing on Cyph's website could include technical, typographical, or photographic errors. Cyph does not warrant that any of the materials on its website are accurate, complete, or current. Cyph may make changes to the materials contained on its website at any time without notice. Cyph does not, however, make any commitment to update the materials.
Cyph has not reviewed all of the sites linked to its Internet website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Cyph of the site. Use of any such linked website is at the user's own risk.
- Governing Law
Any claim relating to Cyph's website shall be governed by the laws of the State of VA without regard to its conflict of law provisions.
- Before or at the time of collecting any personal information, we will identify the purposes for which information is being collected.
- We will collect and use of personal information only when necessary, solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
- We will only retain personal information as long as necessary for the fulfillment of those purposes.
- We will protect personal information by security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- We collect and use limited data with Google Analytics on our corporate site (cyph.com), as well as in a sandboxed iframe for cyph.im (the Cyph application), which then self-destructs after 10 seconds. Our backend logs the total number cyphs started, number of messages sent, beta-list sign-ups, and incoming requests.
- We do not and will never view, log, or transfer plaintext versions of your encrypted data, nor the private keys and mutually shared secrets needed in order to decipher them.
- We have not been approached by any agency, government or otherwise, with a request to backdoor our code. We are currently working on implementing a better warrant canary system.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
If you have any questions about our policy, please email us at firstname.lastname@example.org.