How your messages are protected.

When you write a message through a Quieter Signal scratchpad, it is encrypted in your browser before it leaves your device. The server stores the encrypted file but cannot read it. This page explains the system in enough detail for you — or anyone advising you — to assess whether it meets your needs.

The short version

Your message is encrypted on your device using a key derived from your scratchpad token. The encrypted message is transmitted to and stored on our server. Our server never sees the plaintext. Our operator decrypts the message offline using a separate tool. At no point does the server hold both the encrypted content and the key needed to read it.

How it works in detail

When you create a scratchpad, the server generates a unique token — a long, random string. This token serves as both the scratchpad address and the basis for the encryption key. The token is shown to you once. It is not stored on the server in a form that allows key recovery.

When you write a message, your browser uses the token to derive an encryption key via a key derivation function. The message is encrypted using AES-256 in your browser. The encrypted ciphertext — not your original message — is sent to the server and written to disk as a file. The server sees only the encrypted blob. It cannot distinguish a message about transfer pricing from one about the weather.

When the operator collects your message, they download the encrypted file and decrypt it offline using the token-derived key and a separate decryption tool. Decryption happens on the operator's machine, not on the server. The encrypted file on the server is then overwritten and deleted.

When the operator replies, the reply is encrypted and stored on the server in the same way. When you return to your scratchpad and enter your token, your browser decrypts the reply locally. Once you confirm you have read it, the encrypted reply is overwritten and deleted from the server.

What this means in practice

If the server is seized, an attacker obtains encrypted files that cannot be read without the corresponding tokens. The tokens are not stored on the server. Without the token, the encryption is computationally infeasible to break.

If the server is compromised while running, an attacker could potentially intercept messages in transit — but only if they modify the application code to capture plaintext before encryption. This is a risk inherent in any web application that delivers its own JavaScript. We mitigate this by keeping the server minimal, tightly controlled, and monitored. The warrant canary provides an independent signal if the server's integrity is compromised.

If your token is compromised, anyone who has it can read your scratchpad. This is why the security guide tells you to write the token on paper, never store it digitally, and access your scratchpad only from a clean device on public wifi. The token is the single point of trust. Protect it accordingly.

What we cannot do

We cannot read your messages. We cannot recover a deleted message. We cannot tell you what a scratchpad contained after it has been wiped. We cannot identify who created a scratchpad or who accessed it. These are not policies — they are architectural constraints. The system is built so that we do not have the information, even if we wanted it, even under compulsion.

Limitations and honesty

No system is perfect. The encryption protects the content of your messages. It does not protect against an adversary who can observe that you visited quietersignal.com — which is why the security guide instructs you to use a clean device on public wifi with no connection to your identity. Encryption is one layer of protection. Operational security is the other. Both are necessary.

The JavaScript that runs in your browser is delivered by our server. If our server is compromised and the JavaScript is replaced with a malicious version, encryption could be bypassed. This is a fundamental limitation of browser-based encryption. We accept it as a trade-off for accessibility — requiring informants to install specialist software would be a barrier that prevents people from coming forward at all. We compensate with tight server controls, minimal attack surface, and the warrant canary as a dead man's switch.

If you require stronger guarantees — for instance, if you believe you are under active surveillance by a state-level adversary — contact us through the secure channel and say so. We can discuss alternative arrangements.

This page was last updated on 14 February 2026.