Encrypted P2P file sharing & chat. No servers. No accounts. No trace.
Files and messages stream directly browser-to-browser via WebRTC.
End-to-end encrypted. Close the tab and it's gone.
| Home | Sender | Receiver |
 |
 |
 |
| Feature | The Manifest | WeTransfer | Dropbox | Google Drive |
|---|---|---|---|---|
| No file size limit | ✅ | ❌ | ❌ | ❌ |
| No account required | ✅ | ✅ | ❌ | ❌ |
| End-to-end encrypted | ✅ | ❌ | ❌ | ❌ |
| Zero server storage | ✅ | ❌ | ❌ | ❌ |
| Real-time chat | ✅ | ❌ | ❌ | ❌ |
| Multi-party collab rooms | ✅ | ❌ | ❌ | ❌ |
| Voice notes | ✅ | ❌ | ❌ | ❌ |
| Voice & video calls | ✅ | ❌ | ❌ | ❌ |
| No third-party requests | ✅ | ❌ | ❌ | ❌ |
| Completely free | ✅ | ❌ | ❌ | ❌ |
- End-to-end encrypted — ECDH P-256 key exchange + AES-256-GCM on every chunk
- Two encryption layers — App-level E2E encryption + WebRTC DTLS transport
- Zero knowledge — Files never touch a server, pure P2P via WebRTC
- Zero third-party requests — Self-hosted fonts, self-hosted STUN/TURN, no analytics, no cookies, no tracking
- Password protection — Optional password gate with constant-time verification
- Key fingerprints — Verify connection integrity with visual fingerprints
- Ephemeral — Close the tab and everything is gone. No localStorage, no cookies, no data retention
- Strict CSP — Content Security Policy with frame-ancestors, form-action, upgrade-insecure-requests
- No file size limit — StreamSaver writes directly to disk (tested with 1GB+)
- Adaptive chunking — Auto-adjusts chunk size (64KB-1MB) based on connection quality
- Backpressure-aware — Buffer drain between chunks prevents congestion
- Pause, resume, cancel, retry — Full transfer control per file with automatic retry on error
- Auto-reconnect — Resumes from last chunk on disconnect
- Live file sharing — Add or remove files while recipients are connected
- Drag-reorder — Sender can rearrange the file queue before or between transfers
- Bulk zip download — Download all files as a single streaming archive (fflate, no RAM buildup)
- Download all visible — One-click grab of every not-yet-saved file in a collab room
- File previews — Image/video thumbnails & text previews via Web Worker
- Multi-party shared space — A host creates a room; guests join via link or password. Everyone can share files, chat, and call in one workspace.
- Hybrid mesh topology — Guests form direct peer-to-peer connections with each other whenever NAT allows, with the host as a signaling relay and silent fallback path. File transfers prefer direct mesh so the host never sees plaintext guest-to-guest traffic.
- Per-peer fingerprint verification — Every pair-wise connection (host↔guest and guest↔guest) gets its own ECDH fingerprint you can compare out-of-band to detect MITM.
- Password-protected rooms — Host can lock or unlock a room, with mid-session changes blocked while guests are connected to avoid confusing admitted peers.
- Rate-limited password prompts — Five wrong attempts close the connection; guests get a clear error instead of an infinite loop.
- Per-file pause, resume, cancel, retry — Full transfer control with elapsed-time counters and error recovery per file.
- Live file list with filters — Search, sort by newest/name/size, and filter by owner when the room grows past a handful of files.
- Concurrent transfers — Per-fileId upload and download tracking so multiple files in flight don't clobber each other.
- Graceful disconnect handling — Selective teardown per mesh peer; unrelated transfers keep running when one peer leaves.
- Encrypted chat rooms — Standalone group chat mode
- Voice notes — Record and send encrypted voice messages (up to 3 minutes) with seekable playback
- GIF support — Animated GIFs sent through the binary chunk pipeline (no base64 inflation)
- Image sharing — Drag-and-drop or paste images directly in chat
- Typing indicators — See who's typing in real-time
- Emoji reactions — React to any message
- Reply threads — Quote and reply to messages
- Sound & notifications — Configurable alerts for new messages
- Auto link detection — http(s) URLs become safe
rel="noopener noreferrer"links inline - Fullscreen & popout — Moveable, resizable popout chat on desktop; fullscreen on mobile with iOS keyboard-aware viewport + safe-area insets
- RTL support — Arabic and other RTL languages work natively
- Clear messages — Local-only clear with confirmation dialog
- Live voice calls — Up to 20 participants in a P2P mesh with speaking indicators
- Live video calls — 1:1 video with Discord-style click-to-focus spotlight
- Screen sharing — Share a window, tab, or whole screen over the same encrypted mesh; the shared stream gets its own tile and inherits focus/pin behaviour
- VP9 video codec — Preferred for camera and screen share (~30% smaller than VP8 for text/UI), with encoder tuning for bitrate and framerate
- Picture-in-Picture — Pop any video tile into a floating PiP window (standards API with Safari legacy presentation-mode fallback)
- Per-tile fullscreen — Maximise a single video tile to the whole screen with one tap
- DTLS-SRTP encrypted — End-to-end encryption built into WebRTC — no server can listen
- Hot-swap devices — Switch microphone or camera mid-call without dropping the connection
- Master volume + per-peer mute — Global slider plus local mute-for-me on any participant (doesn't affect anyone else)
- Mobile-first controls — 44px tap targets, portrait-aware video grid, orientation-change aware
- Popout window — Draggable and resizable floating call window on desktop
- Track-state sync — Mute, camera-off, and screen-share state propagate to every peer in the call
- Multiple recipients — Unlimited simultaneous connections
- Heartbeat monitoring — 30s timeout with proof-of-life on any incoming traffic
- Zombie detection — ICE state + heartbeat dedup prevents false disconnects
- Reconnect dedup — Nickname-based eviction prevents stale connection accumulation
- Buffer drain safety — waitForBufferDrain races against channel close to prevent hangs
- TURN relay fallback — Encrypted relay for strict NATs and firewalls
- Mobile-optimized — iOS viewport fix, non-sticky header on mobile, touch-friendly
- Accessible — ARIA labels, keyboard navigation, role attributes
- Connection stats — Live RTT, P2P/Relay indicator, online count
- QR codes — Share portal links via QR code
- Privacy page — Transparent privacy policy at
/privacy - FAQ — Common questions answered at
/faq
git clone https://github.com/iTroy0/TheManifest.git
cd TheManifest
npm install
npm run devRun the test suite:
npm test # 370 unit tests
npm test -- --reporter=verbose # see each test name
npm run test:e2e # Playwright E2E (local peerjs-server)Create a .env file from the example:
cp .env.example .env| Variable | Description | Required |
|---|---|---|
VITE_TURN_URL |
TURN/STUN server hostname | Optional |
VITE_TURN_USER |
TURN username | Optional |
VITE_TURN_PASS |
TURN password | Optional |
VITE_SIGNAL_HOST |
PeerJS signaling hostname | Optional |
VITE_SIGNAL_PATH |
PeerJS signaling path | Optional |
VITE_SIGNAL_PORT |
PeerJS signaling port (defaults to 443) | Optional |
VITE_SIGNAL_SECURE |
'false' disables TLS (defaults to true) |
Optional |
Note: The app works without any environment variables using public STUN servers. Configure TURN/signaling for better NAT traversal and full privacy (no third-party requests).
For true zero-knowledge operation, run your own signaling and relay servers:
# TURN/STUN relay (coturn) for strict NATs
sudo bash turn-setup.sh
# PeerJS signaling server
sudo bash signal-setup.shWith self-hosted infrastructure, the only external connections during a session are between the two peers themselves.
- Language: TypeScript (strict mode)
- Frontend: React 19, Vite 6, Tailwind CSS v4
- P2P: PeerJS (WebRTC), Web Crypto API (ECDH + AES-256-GCM)
- Streaming: StreamSaver.js, fflate (zip)
- Fonts: Self-hosted Inter & JetBrains Mono via @fontsource
- Testing: Vitest (370 unit tests — crypto, chunking, transfer engine, session lifecycle, protocol fuzzing, connection helpers, integration) + Playwright E2E against a local peerjs-server
No backend. No database. Deploy as a static site.
┌─────────────┐ ┌─────────────┐
│ Sender │ │ Receiver │
│ (Browser) │ │ (Browser) │
└──────┬──────┘ └──────┬──────┘
│ │
│ 1. Exchange keys (ECDH P-256) │
│◄────────────────────────────────►│
│ │
│ 2. Derive shared AES-256-GCM │
│ secret key │
│ │
│ 3. Stream encrypted chunks │
│ (backpressure-aware) │
│─────────────────────────────────►│
│ │
│ 4. Chat, images & voice notes │
│ via binary chunk pipeline │
│◄────────────────────────────────►│
│ │
│ WebRTC DataChannel │
│ (DTLS encrypted P2P) │
│ │
┌─────────────┐
│ Host │
│ (Browser) │
└──┬────┬────┘
control + │ │ control +
signaling │ │ signaling
│ │
┌───────┘ └───────┐
│ │
▼ ▼
┌─────────────┐ ┌─────────────┐
│ Guest A │◄────►│ Guest B │
│ (Browser) │ mesh │ (Browser) │
└─────────────┘ └─────────────┘
▲ ▲
│ direct P2P file │
│ transfer (AES-GCM │
│ with guest-pair │
│ ECDH key) │
└────────────────────┘
- Every pair-wise link (host↔guest, guest↔guest) runs its own ECDH + AES-256-GCM layer.
- The host carries only control plane: room state, participant list, chat fan-out, file-list broadcast, WebRTC signaling for the mesh.
- File chunks flow direct guest-to-guest whenever NAT allows. When the mesh can't form, transfers fall back to a host relay that forwards already-encrypted bytes — the host still can't read them.
- Each connection exposes an independently verifiable fingerprint in the UI so users can detect MITM.
- Encryption: ECDH P-256 key exchange + AES-256-GCM with fresh random IV per chunk
- Password: Constant-time XOR comparison prevents timing side-channel attacks
- Input validation: Chunk fileIndex bounds-checked against manifest to prevent injection
- Key validation: Invalid P-256 curve points abort the connection
- CSP: Strict Content-Security-Policy with no external domains
- Headers: X-Frame-Options SAMEORIGIN, HSTS, no-referrer, permissions-policy
The signaling server facilitates the WebRTC handshake only. The fingerprint displayed in the UI lets both sides verify no MITM occurred during key exchange.
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing) - Open a Pull Request
This project is licensed under the AGPL-3.0 License — see the LICENSE file for details.
Made with care by @iTroy0
Open source, free forever.