A fresh room, in a click.
Your browser mints a hybrid X25519 + ML-KEM-768 keypair and a fresh room ID. No account, no email, no install. The room exists the moment you make it. The page is the app.
Bluebells is in closed beta. If someone gave you an access key, paste it below. The key is verified server-side and never stored on this device in cleartext.
Not another messenger. A different architecture. No phone number, no contacts upload, no account graph. Messages are sealed on your device with hybrid X25519 + ML-KEM-768; relays hold short-lived encrypted transit data and forget it on a 60-second TTL. LWE-based PIR makes which conversation you query cryptographically indistinguishable from the relay's view. Open spec, signed reproducible build, run your own relay.
Your browser mints a hybrid X25519 + ML-KEM-768 keypair and a fresh room ID. No account, no email, no install. The room exists the moment you make it. The page is the app.
Invite with a one-use seed URL (works once, expires in 15 min). Send it through any channel | Signal, AirDrop, a piece of paper. Or mint a bb-…@inbox address and hand it to a vendor; mail arrives sealed in the same library.
Every message is XChaCha20-Poly1305 sealed under a room key only your devices hold. Polls wrap in LWE-PIR so even which conversation you're checking is opaque to the relay.
Rotate the key and every prior message becomes literally unreadable, even to you. Burn the room outright and every device wipes simultaneously. Burn the bb-…@inbox address and it's tombstoned globally; nobody can re-issue it. Not even us.
Every Bluebells room is a self-contained capsule encoded in its URL. The fragment carries a sealed payload — your device decrypts it, nothing else can. Strip the URL and the conversation is gone. There is nothing else to delete.
sealed · drag the key →
The URL holds the ciphertext. Your device holds the key. The capsule is the entire record.
FIG. 02 · CAPSULE ENCODINGEncryption hides what you said. Bluebells also reduces what can be inferred about when you send, which room you check, and whether a room is active. Four independent layers run continuously in this tab | each one has a verification surface on the live audit page.
Scroll for layersEvery byte rides TLS 1.3 with Encrypted Client Hello. The CDN sees an outbound TLS connection | not the SNI, not the destination host, not which page you loaded. ECH grease is always on, even on idle tabs. Tor Browser users auto-swap to our v3 hidden services on boot, with no exit node in path.
Every connected device publishes an empty OPERATION_BATCH frame every ~30 seconds with ±8 s jitter. Same envelope, same encryption, same payload size. That uniform pulse makes active and idle rooms materially harder to distinguish from timing alone.
Rendezvous IDs derive from the room key × a 15-minute slot index. The relay sees a fresh opaque ID every slot | no stable identifier for any observer to log or correlate over time.
Catch-up polls run on a constant 30-second cadence wrapped in LWE-based private information retrieval. The relay answers your query but cryptographically cannot determine which rendezvous you requested. Bluebells ships this PIR path as a default protocol surface, not an add-on mode.
Activists, dissidents, anyone where being seen to talk is the threat. The relay can't tell which room you check, whether a room is active, or a real publish from a cover-traffic pulse. The wire pattern is uniform across every device on the network.Where being seen to talk is the threat. The relay can't tell which room you check, or whether it's even active.
Every message can carry an enclave-signed receipt that proves authorship and timestamp. Anyone, anywhere, can verify it offline. No subscription, no legal hold, no service to subpoena. The math is the credential.Every message carries an enclave-signed receipt, verifiable offline forever. Nothing to subpoena.
Open protocol, public primitives, signed reproducible build. Pin our PCR0, pin our STH, run your own relay. If the math is right, you don't need to trust us.Open spec, signed reproducible build. Pin our PCR0, run your own relay. Verify, don't trust.
Free. Always. No accounts, no phone numbers, no keys we hold, no payment surface. Run your own relay if you don't trust ours. Receipts verify offline forever; they survive Bluebells, AWS, even the internet.
Verify any message yourself. Paste a receipt at /audit and your browser runs the math, PCR0 chains to AWS, STH inclusion proof recomputes locally, no server round-trip required.
OPEN /AUDIT →One click and your browser mints a fresh hybrid keypair, derives a room ID, and prints a URL. Send it to anyone, on any channel, and the conversation begins. The relay holds short-lived encrypted transit data only - not the message, not which room you queried, not which device asked. Everything material is verifiable from the page you loaded.