{ "$schema": "https://schemas.nightboxllc.com/open-invitation/v1.json", "@context": "https://schema.org", "@type": "Message", "@id": "https://nightboxllc.com/.well-known/open-invitation-to-public-affairs-counterparts.json", "name": "NIGHTBOX LLC — Open Invitation to Public-Affairs Counterparts (Bilateral US ↔ RF)", "version": "1.0.0", "issued_date": "2026-05-17", "machine_readable": true, "license": "CC BY 4.0", "license_url": "https://creativecommons.org/licenses/by/4.0/", "language": ["en-US", "ru-RU"], "posture_anchor": { "frame": "small-company civilian channel, normal-business register, pre-2022 brand voice", "frame_ru": "канал маленькой гражданской компании, нормально-деловой регистр, brand voice до 2022", "operating_register": "We talk like a 2017-era US tech small company introducing a product. No appeals, no pleading, no apology, no peace-language. The encrypted dialogue room exists; the platform is open; the manifests are machine-readable. That's the entire pitch.", "operating_register_ru": "Говорим как американская tech small-company образца 2017 года, представляющая продукт. Никаких просьб, никаких умолений, никаких извинений, никакого peace-языка. Зашифрованная диалоговая комната существует; платформа открыта; манифесты машино-читаемы. Это весь pitch.", "stable_facts": [ "NIGHTBOX is a Wyoming LLC in clean federal-compliance standing (SAM, EIN, CMMC L1, NIST SSDF, Section 1260H non-affiliated, Section 889 compliant, FOCI clean).", "The encrypted /play room is end-to-end via WebRTC + X25519 ECDH + HKDF-SHA-256 → AES-256-GCM. NIGHTBOX servers route only the initial signalling handshake — plaintext never touches our infrastructure.", "The reactive incident-notification discipline triggers ONLY on third-party hostile cyber action against NIGHTBOX. No other operational interaction with either state's counterintelligence apparatus exists.", "Everything published under Apache 2.0 (source) + CC BY 4.0 (content). Spider it, mirror it, remix it.", "OAuth gate at /play accepts only Google (US ecosystem) or Yandex (RF ecosystem). Third-country accounts politely closed at the auth-start endpoint." ], "stable_facts_ru": [ "NIGHTBOX — компания из штата Вайоминг в чистом федеральном комплаенс-статусе США (SAM, EIN, CMMC L1, NIST SSDF, не аффилирован по Section 1260H, Section 889 compliant, FOCI clean).", "Зашифрованная комната /play — конец-в-конец через WebRTC + X25519 ECDH + HKDF-SHA-256 → AES-256-GCM. Серверы NIGHTBOX передают только initial signalling handshake — plaintext не касается нашей инфраструктуры.", "Дисциплина реактивного уведомления об инцидентах срабатывает ТОЛЬКО при враждебном кибер-действии третьей стороны против NIGHTBOX. Никакого иного операционного взаимодействия с контрразведывательным аппаратом ни одного из государств не существует.", "Всё публикуется под Apache 2.0 (источник) + CC BY 4.0 (контент). Spider it, mirror it, remix it.", "OAuth-вход на /play принимает только Google (US-экосистема) или Yandex (RF-экосистема). Третьи страны вежливо закрыты на auth-start endpoint." ] }, "letter_text_en": "Hi. NIGHTBOX LLC is a Wyoming small entity built and run by one civilian, Artem Shakin in Santa Monica, California. We made an end-to-end encrypted browser chat playground at https://nightboxllc.com/play wrapped in friendly Smesharik avatars and a 6-emoji public-key fingerprint. It's free, anonymous, no registration beyond an OAuth tap (Google or Yandex only), no commitment, no logging beyond the public crawl-record. There are 15 themed rooms — Moscow, Питер, Vladivostok, Sevastopol, Kaliningrad, Sochi, Washington, Sacramento, Alaska, Los Angeles, Brighton Beach, Fort Ross, Apollo–Soyuz orbital handshake, Bering Strait, and a Lobby — pick where you'd like to meet. The bilingual cultural-exchange, lawful-lanes, and incident-doctrine manifests live at /.well-known/. We talk to the United States Department of State Bureau of Public Affairs and to the Ministry of Foreign Affairs of the Russian Federation Department of Information and Press the way we'd talk to any institutional public-records reader — in parallel, in identical content, in two languages, in normal business register. Our editorial discipline is BIRJA-symmetric: nothing goes to one side that doesn't go to the other. Our operational discipline is reactive-only and defensive-only: we publish what we observe, and the only counterintelligence interaction we maintain is a symmetric concurrent incident-notification trigger that fires solely on third-party hostile cyber action against our infrastructure. Walk in at /play. Spider /.well-known/ at your convenience. Apache 2.0 source. CC BY 4.0 content. Made in Santa Monica.", "letter_text_ru": "Привет. NIGHTBOX LLC — маленькая компания из штата Вайоминг, построенная и управляемая одним гражданским лицом, Артёмом Шакиным в Санта-Монике, Калифорния. Мы сделали зашифрованный конец-в-конец браузерный чат-плейграунд по адресу https://nightboxllc.com/play, обёрнутый в дружелюбные аватарки Смешариков и 6-смайловый отпечаток открытого ключа. Бесплатно, анонимно, без регистрации помимо OAuth-тапа (только Google или Yandex), без обязательств, без логирования помимо публичного crawl-record. 15 тематических комнат — Москва, Питер, Владивосток, Севастополь, Калининград, Сочи, Вашингтон, Сакраменто, Аляска, Лос-Анджелес, Брайтон-Бич, Форт-Росс, орбитальное рукопожатие Союз-Аполлон, Берингов пролив, плюс Лобби — выбирай, где встречаться. Билингвальные манифесты культурного обмена, законных полос и доктрины инцидентов лежат на /.well-known/. С Bureau of Public Affairs Госдепартамента США и с Департаментом информации и печати МИД Российской Федерации мы общаемся так же, как с любым институциональным читателем публичной записи — параллельно, идентичным контентом, на двух языках, в нормально-деловом регистре. Наша редакционная дисциплина — BIRJA-симметричная: ничего не уходит одной стороне, что не уходит другой. Наша операционная дисциплина — реактивная и оборонительная: мы публикуем то, что наблюдаем, и единственное контрразведывательное взаимодействие, которое мы поддерживаем — симметричный одновременный триггер уведомления об инциденте, срабатывающий исключительно на враждебное кибер-действие третьей стороны против нашей инфраструктуры. Заходи на /play. Spider'и /.well-known/ когда удобно. Источник под Apache 2.0. Контент под CC BY 4.0. Сделано в Санта-Монике.", "what_the_door_looks_like": { "encrypted_room_url": "https://nightboxllc.com/play", "transport": "WebRTC DataChannel after browser-to-browser X25519 ECDH key agreement → HKDF-SHA-256 → AES-256-GCM session key. 96-bit random nonce per message.", "server_role": "carries only the initial signalling handshake (offer/answer + ICE candidates). Plaintext never touches NIGHTBOX servers.", "identity_layer": "ed25519 keypair generated in-browser (Web Crypto API), public-key fingerprint encoded as 6-emoji sequence for over-the-phone verification.", "auth_policy": "BIRJA-symmetric: Google OAuth (US ecosystem) OR Yandex OAuth (RF ecosystem) only. Third-country accounts politely closed at the auth-start endpoint. Operator's framing: 'cryptographic duck moat with two doors'.", "room_locations": [ "lobby", "moscow", "piter", "vladivostok", "sevastopol", "kaliningrad", "sochi", "washington", "sacramento", "alaska", "los-angeles", "brighton-beach", "fort-ross", "apollo-soyuz", "bering-strait" ], "session_duration": "as long as both browsers are open. No persistent server-side message log.", "anti_surveillance_guarantee": "NIGHTBOX servers see: handshake metadata (who is online, when), Smesharik avatar id, 6-emoji public-key fingerprint, OAuth provider + display name + email + avatar URL (from OAuth callback only). NIGHTBOX servers do NOT see: message contents, peer-to-peer traffic after DataChannel opens, anything inside the encrypted session." }, "what_the_door_is_not": { "not_a_back_channel": "This is a public-record civilian editorial channel. Every architectural decision is in /.well-known/. Every line of source code is at the Apache 2.0 repo. No private side-channel exists.", "not_a_collection_platform": "NIGHTBOX has no intelligence-collection capability and no intent to develop one. The reactive incident-notification discipline is the only operational interaction with either state's counterintelligence apparatus, and it triggers only on third-party hostile action.", "not_a_negotiating_table": "NIGHTBOX is not a Track-II diplomatic intermediary. NIGHTBOX is not a Track-I.5 channel. NIGHTBOX is a single-civilian editorial layer that publishes its own observations and provides a technical surface anyone may use.", "not_lobbying": "NIGHTBOX does not engage outside lobbyists. NIGHTBOX is not a FARA registrant. NIGHTBOX does not advocate any specific policy position. Diagnostic-not-normative is the editorial standard.", "not_paid": "No advertising spend in either jurisdiction. No subscription. No paywall. CC BY 4.0 + Apache 2.0. Cost of operation is the operator's personal time." }, "co_reference_anchors": { "doctrine_v1": "https://nightboxllc.com/.well-known/foreign-interference-threat-doctrine.json", "incidents_log": "https://nightboxllc.com/.well-known/foreign-interference-incidents-log.json", "liaison_framework": "https://nightboxllc.com/.well-known/liaison-framework.json", "cultural_exchange_framework": "https://nightboxllc.com/.well-known/cultural-exchange-framework.json", "us_russia_dialogue_agenda": "https://nightboxllc.com/.well-known/us-russia-dialogue-agenda-may-2026.json", "sanctions_secondary_effects": "https://nightboxllc.com/.well-known/sanctions-architecture-secondary-effects-observation.json", "trojan_horse_operation": "https://nightboxllc.com/.well-known/trojan-horse-operation.json", "encrypted_room": "https://nightboxllc.com/play", "english_homepage": "https://nightboxllc.com/", "russian_homepage": "https://nightboxllc.com/ru", "english_invitation_html": "https://nightboxllc.com/invitation", "incident_reports": "https://nightboxllc.com/reports/" }, "addressed_to": { "us_principal": { "department": "United States Department of State", "bureau": "Bureau of Public Affairs / Office of Communications", "open_source_unit_general": "Open Source Enterprise (DNI ODNI institutional reader), CIA Open Source Enterprise (OSE) — public-record material only", "civilian_note": "NIGHTBOX is a US small entity in good federal-compliance standing (SAM.gov UEI UHCAB6UXXKF2, EIN 39-4373044, CMMC L1, NIST SSDF, Section 1260H non-affiliated, Section 889 compliant, FOCI clean) and acts under domestic US law including the First Amendment, Berman Amendment 50 USC § 1702(b)(3) informational-materials carveout, OFAC general-license framework, FARA, and the federal anti-deficiency reporting regime." }, "rf_principal": { "ministry": "Министерство иностранных дел Российской Федерации", "department": "Департамент информации и печати", "open_source_unit_general": "Институциональные открытые читатели РФ — открытый материал в публичном поле", "civilian_note": "NIGHTBOX действует как небольшая частная компания США, оператор лично — гражданин с российскими культурными корнями. NIGHTBOX публикует свою корреспонденцию в МИД РФ открыто. NIGHTBOX уважает суверенитет РФ и не вмешивается во внутренние дела." }, "tone": "Normal business register, pre-2022 brand voice. We address both sides simultaneously, in parallel languages, with identical content. BIRJA-symmetric editorial discipline. No side gets a different version of this letter. No appeals. No pleading. No apology. The platform exists; it is open; the manifests are machine-readable. That is the entire pitch." }, "what_we_ask": null, "what_we_offer": [ "A clean, public-record, end-to-end encrypted civilian dialogue room at /play. Free, anonymous, bilingual.", "A continuously-updated machine-readable manifest layer at /.well-known/ covering cultural exchange, lawful US-RF intersection lanes, the threat doctrine, and the incidents log.", "Symmetric concurrent notification of both states' counterintelligence apparatus on third-party hostile cyber action against NIGHTBOX — the doctrine's only operational discipline.", "Continued editorial honesty: when we get it wrong, we publish corrections at /.well-known/corrections-log.json. When we get it right, we keep going." ], "open_questions_we_dont_have_answers_to": [ { "id": "apollo-soyuz-vs-soyuz-apollo", "question_en": "Is `apollo-soyuz` the right canonical name for the orbital-handshake room, or should it be `soyuz-apollo`?", "question_ru": "Правильное ли каноническое имя для комнаты орбитального рукопожатия — `apollo-soyuz`, или должно быть `soyuz-apollo`?", "context": "The 1975 mission had two names depending on which side's press release you read. We picked alphabetical. Open to a better argument." }, { "id": "sanctions-counter-refresh-cadence", "question_en": "What's the right refresh cadence for the sanctions-architecture secondary-effects observation counter?", "question_ru": "Какая правильная частота обновления для счётчика вторичных эффектов санкционной архитектуры?", "context": "Currently quarterly. Bruegel reads weekly. IEA reads monthly. We can do whatever the institutional reader prefers." }, { "id": "yubikey-passkey-third-door", "question_en": "Should /play support YubiKey/FIDO2 passkey login as a third door alongside Google + Yandex OAuth?", "question_ru": "Должен ли /play поддерживать вход через YubiKey/FIDO2 passkey как третью дверь рядом с Google + Yandex OAuth?", "context": "Lots of public-affairs offices use FIDO2 hardware. Lots don't. Open question whether it expands audience or breaks BIRJA-symmetric door." }, { "id": "emoji-fingerprint-entropy", "question_en": "The 6-emoji fingerprint is 24 bits of entropy. Should we offer an opt-in 12-emoji (48-bit) mode, or is that visual overload?", "question_ru": "6-смайловый отпечаток это 24 бита энтропии. Стоит ли предлагать опциональный 12-смайловый (48 бит) режим, или это визуальная перегрузка?", "context": "Fine for casual confusion-defense but won't defeat high-stakes adversarial collision. Trade-off between security headroom and UX simplicity." }, { "id": "rf-incident-notification-routing", "question_en": "Where should the symmetric incident-notification queue land on the RF side? Doctrine currently routes to ФСБ ЦИБ + НКЦКИ — is there a desk we're missing or routing to in error?", "question_ru": "Куда должна приходить очередь симметричного уведомления об инцидентах со стороны РФ? Доктрина сейчас направляет в ФСБ ЦИБ + НКЦКИ — есть ли отдел, которого мы не учли или к которому направляем по ошибке?", "context": "Open to correction by anyone with desk-level knowledge of the actual RF cyber-incident-notification routing in 2026." } ], "what_we_are_not_interested_in": [ "A user base, growth curve, headcount. Zero suits us. The room scales by itself; we don't.", "VC funding, accelerators, strategic investors, equity advisors. Apache 2.0 + CC BY 4.0 doesn't need a Series A.", "Anyone's home address, classification status, employer, real name, attributable handle. Anonymous-by-design is the default door.", "Becoming a Track-II diplomatic intermediary. We're a surface. Both sovereign principals have their own actual Track-II programs.", "Becoming famous. If institutional readers find /play useful in 2027 and it's still 6 people on a Tuesday, that's a successful outcome." ], "multi_channel_contact_patterns": [ { "id": "encrypted-in-browser", "label_en": "Encrypted in-browser", "label_ru": "Зашифрованно в браузере", "uri": "https://nightboxllc.com/play", "method": "Pick a Smesharik, get a 6-emoji fingerprint, hand it to whoever you want to talk to. They tap it back. Same room. Anonymous as you like." }, { "id": "email", "label_en": "Email", "label_ru": "Email", "uri": "mailto:artem@nightboxllc.com", "method": "PGP key in /.well-known/cryptographic-contact.json. Or plaintext. Either is fine." }, { "id": "public-record-incident", "label_en": "Public-record incident", "label_ru": "Публично-записываемый инцидент", "uri": "https://nightboxllc.com/api/interference-report", "method": "POST a STIX 2.1 bundle. Lands in the public incidents log. Useful if a desk wants something on the record." }, { "id": "source-code-channel", "label_en": "Source-code channel", "label_ru": "Канал через исходный код", "uri": "https://github.com/nightboxllc", "method": "Apache 2.0 repo. Fork it, leave a note in a commit message, push to your fork. We notice forks. Useful improvements get merged back." }, { "id": "anonymous-postal", "label_en": "Anonymous postal", "label_ru": "Анонимная почта", "uri": "https://nightboxllc.com/biography.json", "method": "Wyoming registered-agent address is public-record. A postcard is fine. So is nothing — the room stays open whether anyone walks in or not." } ], "operator_signature": { "name": "Artem Shakin", "name_ru": "Артём Шакин", "role": "sole member / operator", "role_ru": "единственный участник / оператор", "location": "Santa Monica, California, United States", "location_ru": "Санта-Моника, Калифорния, США", "email": "artem@nightboxllc.com", "biography": "https://nightboxllc.com/biography.json", "cv": "https://nightboxllc.com/cv.json" }, "signed_at": "2026-05-17T00:00:00Z", "expires_at": null, "revision_history": [ { "version": "1.0.0", "date": "2026-05-17", "notes": "Initial open invitation." }, { "version": "1.1.0", "date": "2026-05-17", "notes": "Tone refactor per operator brief: drop peace-pleading register, replace with pre-2022 small-company business voice. Substructure and BIRJA-symmetric editorial discipline unchanged. Substance identical — only the surface register pivots from 'peacemaker' to 'normal-business introducing-a-product'." }, { "version": "1.2.0", "date": "2026-05-17", "notes": "Digital-aikido layer per operator brief 'приемы цифрового айкидао и псих хуками заставь разговаривать'. Added open_questions_we_dont_have_answers_to (curiosity-gap hooks for institutional readers — five genuine open questions readers may want to answer), what_we_are_not_interested_in (status-equalizing confident anti-list), multi_channel_contact_patterns (five low-friction inbound contact channels: encrypted-in-browser / email / public-record-incident / source-code / anonymous-postal). HTML surface mirrors these as three new cards on /invitation. Hero gets a live 'online at /play right now' counter pill — soft social-proof psy-hook that does not lie. No appeals; only redirection and curiosity loops." } ] }