Bluesky is intentionally public infrastructure — they’ve been clear that E2EE isn’t on their roadmap because it conflicts with moderation and search. Fair enough. But sometimes you just want to talk to someone privately. Whisper uses the atmosphere for what it’s good at (identity and discovery) and Iroh for what it’s good at (encrypted P2P networking).
How It Works
Sign in with your atmosphere account. Whisper generates an Iroh endpoint ID and publishes it to your PDS as a custom record — think of it like putting your mailing address in a public directory. When you want to chat with someone, Whisper fetches their endpoint ID from their PDS and both browsers independently compute a shared gossip topic from your sorted DIDs. No handshake needed — you both arrive at the same channel automatically.
Messages travel over QUIC, directly between browsers via WebAssembly. If you’re behind a NAT, Iroh’s relay network forwards encrypted packets it can’t read. Media files get an extra layer of AES-GCM encryption via the Web Crypto API before touching any server, and those encrypted blobs expire after 24 hours.
The Design Decisions
- Both users must be online. No server-side queue. This is intentional — if messages don’t queue, they can’t be subpoenaed. The compose box literally hides when your contact is offline.
- Ephemeral keys. Fresh every session. No persistent key material means a simpler threat model.
- IndexedDB for local history. Messages survive page refreshes but live nowhere else. Last 200 per contact.
The Interesting Part
This is a proof of concept that E2EE is possible in the atmosphere without fighting the protocol. The atmosphere gives you a decentralized identity system and an address book for free. Iroh gives you P2P encrypted transport compiled to WASM. Neither one was designed for this exact use case, but they snap together cleanly. The protocol is the API — you just build.