An anonymous, unmoderated, encrypted, minimalistic chat network — a test case in freedom.
What it has is this: a port, a keyphrase, a nickname, and a room.
If you know the keyphrase, you can join. If you do not, every byte on the wire is encrypted with AES-256 under a key derived from that phrase, and you cannot read the traffic — not the operator, not anyone watching the network.
There is no account. No email. No captcha. No phone number. You are whoever you say you are, for as long as you say it. Change your nick and the network forgets the old you. Close the tab and it forgets you entirely.
Shared out of band — spoken, written on paper, posted on a private forum. Without it you cannot connect, and no one without it can read anything you send.
kolhaam-network is a test case in freedom. It is small. It is unfinished. It is on purpose unmoderated. It does not have a /kick command, a /ban command, a "safety team", a "verified" checkmark, an algorithm that picks what you should see, an advertising budget, a data-retention obligation, or a way to remember who you are after you close the program.
The test is this: can a tiny piece of software — a few thousand lines of C and Python — let people who do not know each other find each other and talk, without identity, without surveillance, without moderation, without a company that owns the room? The answer used to be yes, in 1985 on a 2400-baud BBS and in 1993 on IRC. The answer is still yes.
The early Internet was an unsupervised place that worked. The reason it worked was not that everyone was nice. The reason it worked was that the software did not pretend it could solve the problem of people, and so it did not try to. kolhaam-network is built in that tradition.
This page derives the AES-256 key from your keyphrase in your browser — 100,000 rounds of SHA-256 — and encrypts every packet locally with AES-256-CBC and a fresh random IV. Only ciphertext leaves your machine. The web bridge relays bytes and cannot read them; it never has the keyphrase.
The contents of every message, DM, and file; nicknames, room names, and command structure — from anyone on the network who does not know the keyphrase.
The server operator, who has the keyphrase by definition and decrypts to route. Anyone else who legitimately knows the keyphrase. Side channels like packet timing and volume. There is no forward secrecy: if the keyphrase leaks tomorrow, a session recorded today can be read. This is casual privacy for casual chat — not a replacement for Signal, and not for a nation-state threat model.
The native C and Python clients speak the identical protocol, byte for byte. Source, build instructions, and the full manifesto are on GitHub.
The whole thing is small enough that one person can read all of it in an afternoon and run it on the cheapest VPS there is. If you do not like this server, run your own and pick a keyphrase only your people know.