How a private connection works

Encryption keys are what turn readable text into scrambled data and back again. In most apps the provider keeps a copy of those keys. Here, the key is created on your own device and placed in the part of the link that comes after the “#” symbol — known as the URL fragment.

Browsers treat that fragment as local-only: it is never put into the request that travels to a server. So the secret that unlocks your conversation never reaches us. We could not read your messages even if we were compelled to.

Before anything else, there’s a problem to solve. Your two devices usually sit behind home or office routers that share a single public address among many devices and refuse uninvited incoming traffic. Neither device knows a working way to reach the other.

Something has to introduce them to each other — without ever seeing the conversation itself.

To introduce the two devices, each one writes a short note describing how it can be reached and what it supports — which kinds of audio, video and data it can handle. These notes are passed back and forth through a tiny relay we run for exactly this purpose: to hand one note to the other side and bring back the reply.

This step is called signaling. The notes contain connection details only — never the content of your conversation — and they are thrown away the instant the connection is live.

All of this runs on WebRTC — a standard built into every modern browser that lets two of them open a direct line for audio, video and arbitrary data, with no plugins and no extra software to install. It’s the same family of technology behind most in-browser calling.

WebRTC quietly handles the two hardest parts for us: getting through firewalls, and encrypting the link end to end.

To actually connect, each device gathers a list of ways it might be reachable: its address on the local network, and its public address as seen from the wider internet. Discovering that public address means asking a simple helper out on the open internet, “what address do you see my traffic coming from?” That helper is a STUN server.

The whole routine of collecting these candidate paths and then testing which one actually works is called ICE.

Sometimes two networks are locked down so tightly that no direct path exists at all. For those cases there is a relay server, using a protocol called TURN, that simply forwards traffic between the two devices.

Two things matter here. First, the relay only ever handles already-scrambled data — it cannot read your messages. Second, because each side talks to the relay instead of directly to the other, neither device ever learns the other’s real IP address. So the last-resort fallback doubles as a way to keep your location private — and it can be chosen on purpose for exactly that reason.

Once a path is found, the two devices agree on encryption keys directly with each other and wrap the entire connection in strong encryption before any real data flows. Audio and video are protected by the secure-media layer built into WebRTC; text and files are additionally sealed with the key that came from your link.

At no point does readable content exist anywhere but on the two devices taking part.

Add it all up and the picture is simple. We help two devices find each other, and on rare occasions relay scrambled packets between them. We never hold your keys, never see your messages, files or calls, and write no conversation history to storage.

When a session ends, the small amount of handshake data used to connect you is gone.

A meeting is simply a link you can reuse. The link stays the same, so you can send it once and meet again later. When a guest opens it, they see a short waiting screen; the moment you — the host — open the meeting from your device, the two of you are connected and the conversation begins.

That waiting screen only ever asks one question — “is the host here yet?” — and never carries any content.