How encryption works (and its limits)

We’d rather be precise than impressive. Here’s the honest version.

What happens

When you create a chat, your browser generates a random 256-bit key using the operating system’s secure randomness. That key is placed in the QR code’s link — specifically in the part after the “#”, which browsers do not send to servers. When the other person scans the QR, their browser reads the key from the link and then removes it from the address bar.

Every message is encrypted with AES-GCM in your browser before it’s sent, and decrypted in the other browser. The server stores only the encrypted payload. The server never receives or stores the key, so it cannot read your messages.

What this protects

Someone who only sees what’s stored on the server sees ciphertext, not your words. Each message is also bound to the room and sender, so a stored message can’t be silently moved to another chat or relabelled without decryption failing.

What it does not protect — stated plainly

• The QR effectively contains the key. Anyone who photographs or sees the QR could read the chat. Show it only to the person you mean to, and don’t share it as an image.
• Metadata exists. The timing and existence of messages, room state, nicknames, and possibly IP-level logs are not hidden by message encryption.
• No identity check. Because there’s no out-of-band way to verify who you’re talking to, we can’t rule out an active man-in-the-middle, so we don’t use the bare phrase “end-to-end encrypted.”
• The other person can save anything. Screenshots, copying, and photos are always possible.

What we claim, and don’t

We claim: messages are encrypted and decrypted in your browser, and the server stores only encrypted payloads and never the key. We don’t claim anonymity, untraceability, or that TillTom is as secure as a dedicated secure messenger. It’s a light, honest tool for a brief conversation.

tilltom.com