NoTrace

NoTrace

Documentation

Technical specifications and operating protocols for the NoTrace platform.

Architecture Overview

NoTrace is built on the principle of **Ghost Networking**. Unlike traditional messaging platforms that maintain persistent user databases and message archives, NoTrace operates as a transient state-synchronization engine.

Local-First Logic

Cryptographic key generation and message encryption occur entirely on the client-side. The server acts only as a relay for encrypted packets, never possessing the keys to decrypt your traffic.

Stateless Routing

We utilize a decentralized approach to session management. Rooms are identified by high-entropy cryptographic seeds, making them virtually invisible to unauthorized discovery.

Security & Encryption

Security on NoTrace is not optional. Every session is protected by a multi-layered cryptographic stack designed to withstand modern surveillance techniques.

Primary CipherAES-256-GCM
Key ExchangeECDH (Elliptic-curve Diffie–Hellman)

"GCM (Galois/Counter Mode) provides both data authenticity and confidentiality, ensuring that messages cannot be tampered with while in transit."

Room Lifecycle

1. Initialization

When you generate a room, a unique 8-character token is minted. This token serves as the temporary address for your secure link.


const room_key = crypto.generateRoomKey();
await sync.initialize(room_key);
2. Interaction

Peers join using the room code and a chosen nickname. Message payloads are synchronized in real-time across all active participants. No historical logs are fetched upon joining—you only see what happens while you are present.

3. Termination ("Kill-Switch")

Rooms are destroyed instantly when the "Kill-Switch" is activated or when all participants disconnect. Termination involves the immediate deletion of the room record from our volatile global state.

Security Best Practices

While NoTrace implements robust client-side protections, maintaining a secure environment requires strict database-level enforcement.

Recommended Firebase Rules
{
  "rules": {
    "rooms": {
      "$room_id": {
        ".read": "true",
        ".write": "!data.exists() || data.child('members/'+auth.token.user_id).exists()",
        "messages": {
          "$msg_id": {
            ".validate": "newData.hasChildren(['senderId', 'text', 'timestamp']) && newData.child('text').val().length < 1000"
          }
        }
      }
    }
  }
}
01

**Input Sanitization**: All user input is sanitized and validated against cryptographic regular expressions before being pushed to the transport layer.

02

**Rate Limiting**: Our state engine enforces a 1-second cooldown between message pushes to prevent flooding and resource exhaustion.

Maintenance Protocol

1. Auto Message Expiry

To ensure total privacy, everything is stored strictly in memory. We don't use persistent tracking like cookies or local storage for your chat history. Once everyone leaves a room, the data is gone for good—it's like the conversation never happened.

// Cloud Function Snippet for 24h Expiry exports.cleanupRooms = functions.pubsub.schedule('every 24 hours').onRun(async (context) => { const now = Date.now(); const cutoff = now - (24 * 60 * 60 * 1000); // Logic to delete rooms older than cutoff });
2. Bot Protection

We integrate Cloudflare Turnstile for silent, privacy-preserving CAPTCHA verification, ensuring all traffic originates from human actors.

# Set your site key in .env.local NEXT_PUBLIC_TURNSTILE_SITE_KEY=your_site_key
3. Abuse Logging

Minimal, non-traceable logs (Session ID, Timestamp) are maintained for illegal activity prevention. No real IP addresses or personal identifiers are stored.