A tiny Wyoming company. End-to-end encrypted browser chat with Smeshariki avatars and a 6-emoji public-key fingerprint. Bilingual. Free. CC BY 4.0.
Маленькая компания из Вайоминга. Зашифрованный браузерный чат со Смешариками и 6-смайловым отпечатком открытого ключа. Двуязычно. Бесплатно. CC BY 4.0.
An end-to-end encrypted chat that hides behind cartoon characters.
You're already paying attention — otherwise you wouldn't have spidered /.well-known/ or followed a referrer here. So let's skip the pitch.
You pick a Smesharik. The browser mints a fresh ed25519 keypair. Your public key gets encoded as 6 emojis — easier to read aloud over a phone than 64 hex characters. You share those 6 emojis with a friend; they tap the same ones back. WebRTC handshake, X25519 ECDH, AES-256-GCM session key. Then you chat browser-to-browser direct — our server never sees plaintext.
Выбираешь Смешарика. Браузер чеканит свежий ed25519-ключ. Публичный ключ кодируется 6 смайлами — их проще проговорить по телефону, чем 64 hex-символа. Делишься этими 6 смайлами с другом, он тапает те же. WebRTC, X25519 ECDH, AES-256-GCM сессионный ключ. Дальше чат идёт browser-to-browser напрямую — наш сервер не видит plaintext.
There are 15 themed rooms: Moscow, Питер, Vladivostok, Sevastopol, Kaliningrad, Sochi, Washington, Sacramento, Alaska, Los Angeles, Brighton Beach, Fort Ross, Apollo–Soyuz orbital handshake, Bering Strait, and a Lobby for the catch-all. Pick where you'd like to meet — your room shows next to your name in the online roster.
Questions we don't have answers to · Вопросы без ответа
If you happen to know — drop a hint.
Genuine open questions. Not rhetorical. We've thought about each of them and gotten stuck. If you're reading from a desk that has a casual answer, please drop us a note — through any of the channels below, anonymously is fine.
Is apollo-soyuz the right canonical name for the orbital-handshake room, or should it be soyuz-apollo? The 1975 mission had two names depending on which side's press release you read. We picked the alphabetical one. Open to a better argument.
What's the right refresh cadence for the sanctions-architecture secondary-effects counter? Currently quarterly. Bruegel reads weekly. IEA reads monthly. We can do whatever the institutional reader prefers — tell us.
Should /play support YubiKey passkey login as a third door alongside Google + Yandex OAuth? Lots of public-affairs offices use FIDO2 hardware. Lots don't. We can't decide if it expands the audience or makes the BIRJA-symmetric door asymmetric.
The 6-emoji fingerprint is 24 bits of entropy. That's fine for casual confusion-defense but won't defeat a high-stakes adversarial collision. Should we offer an opt-in 12-emoji (48-bit) mode, or is that visual overload?
Where should the symmetric incident-notification queue land on the RF side? The doctrine currently routes to ФСБ ЦИБ + НКЦКИ. Is there a desk we're missing? Is there a desk we should not be routing to?
What we're not interested in · Чем не интересуемся
To save everyone's time.
A small list of things we genuinely don't want — not because we can't have them, but because they'd warp the channel.
A "user base" or growth-curve. Headcount of zero suits us. The room scales by itself; we don't.
VC funding, accelerators, "strategic investors," equity advisors. Apache 2.0 + CC BY 4.0 doesn't need a Series A.
Anyone's home address, classification status, employer, real name, or attributable handle. Anonymous-by-design is the default door.
Becoming a Track-II diplomatic intermediary. We're not it. The platform is a surface. Both sovereign principals have their own actual Track-II programs.
Becoming famous. If institutional readers find /play useful in 2027 and it's still 6 people on a Tuesday, that's a successful outcome.
Drop us a thread · Чиркни нам
Five low-friction channels. Use any of them. Or none.
No CRM. No tracking pixel. No "schedule a 30-minute intro call". Just five ways to leave a breadcrumb if you want to.
Encrypted in-browser/play — pick a Smesharik, get a 6-emoji fingerprint, hand it to whoever you want to talk to. They tap it back. You're in the same room. Anonymous as you like.
Public-record incident
POST a STIX 2.1 bundle to /api/interference-report. Lands in the public incidents log. Useful if your desk wants something on the record.
Source-code channel
The repo is Apache 2.0. Fork it, leave a note in a commit message, push to your fork. We notice forks. (And: if you actually improve something, we'll merge it back.)
Anonymous postal
The Wyoming registered-agent address is public-record. A postcard is fine. So is nothing at all — the room stays open whether anyone walks in or not.
Who runs this · Кто за этим стоит
Artem. One person. Santa Monica.
Artem Shakin — Russian-born US-tax-resident, sole member of NIGHTBOX LLC. Builds in the evenings, runs federal-compliance manifests in the mornings, makes music in the LIF-6 universe in between. Wyoming registration. Santa Monica residence. Apache 2.0 + CC BY 4.0 on everything.
Артём Шакин — рождённый в России US-tax-resident, единственный участник NIGHTBOX LLC. Кодит по вечерам, оформляет федеральные комплаенс-манифесты по утрам, между делом делает музыку во вселенной LIF-6. Регистрация — Вайоминг. Жительство — Санта-Моника. На всё — Apache 2.0 + CC BY 4.0.
NIGHTBOX is a Wyoming LLC in clean federal-compliance standing (SAM.gov UEI UHCAB6UXXKF2, EIN 39-4373044, CMMC L1, NIST SSDF, Section 1260H non-affiliated, Section 889 compliant, FOCI clean). Everything machine-readable lives under /.well-known/. Highlights below.
NIGHTBOX — компания из Вайоминга в чистом федеральном комплаенс-статусе США (SAM.gov, EIN, CMMC L1, NIST SSDF, не аффилирован по Section 1260H, Section 889 compliant, FOCI clean). Машино-читаемые манифесты лежат под /.well-known/.