Speak the Passphrase.
Retrieve the Message.
Create encrypted messages retrieved by speaking a secret passphrase. Voice processing occurs locally on your device — only a hash of the resulting text is sent for verification. PBKDF2 key derivation with 600,000+ iterations. Then it burns.
Create an EchoDrop → PREMIUMVoice-Triggered. Zero-Knowledge. Ephemeral.
EchoDrop turns a spoken passphrase into a decryption key — with voice processing designed to stay on your device. Proven cryptographic standards meet on-device speech recognition.
Voice-Passphrase Retrieval
Speak a secret phrase — or type it — to retrieve and decrypt your message. The system converts speech to text entirely on your device using the Web Speech API.
VOICE-TRIGGEREDOn-Device Speech Recognition
Voice processing occurs locally on your device using the Web Speech API. No audio recordings, voice data, or speech patterns are transmitted to City of Hats servers — only a text hash is sent for verification.
ZERO-KNOWLEDGEPBKDF2 Key Derivation
Your passphrase is stretched through PBKDF2 with a high iteration count (600,000+) to derive the AES-256-GCM encryption key. Only a SHA-256 hash is stored server-side for matching.
PBKDF2 · 600K+Full Dead Drop Lifecycle
Set EchoDrops to burn after first read, limit retrieval count, add time-lock delays, or auto-destroy after a countdown. Once burned, the encrypted payload is permanently deleted.
EPHEMERALFour Steps to Voice-Triggered Retrieval
From compose to speak — the passphrase is never stored. Only the hash touches the server.
Compose Message
Write your secret message. Set lifecycle rules — burn-after-read, time-lock, retrieval limit, auto-destroy.
Set Passphrase
Choose a system-generated passphrase or create your own. PBKDF2 derives the encryption key. Only the SHA-256 hash is stored.
Share the Passphrase
Tell your recipient the passphrase — in person, by phone, or through a separate channel. No digital link needed.
Speak & Retrieve
The recipient speaks the passphrase into City of Hats. On-device STT converts it to text, the hash matches, and the message decrypts. Then it burns.
🎙️ Speak Passphrase
On-device speech-to-text. Only a text hash is sent.
#️⃣ Hash Matching
SHA-256 hash compared server-side. No plaintext passphrase stored.
🔓 Decrypt & Burn
AES-256-GCM decryption. Payload destroyed after read.
Who Uses EchoDrop?
When the retrieval method itself needs to be untraceable — no links, no files, no digital trail.
Journalists & Whistleblowers
Share a spoken passphrase in person. The source speaks it later to retrieve your encrypted instructions. No digital link to intercept or subpoena.
High-Risk Environments
Share sensitive directives retrieved by voice. No links in browser history, no files on disk, no messages in chat logs. The passphrase exists only in memory.
Financial Compliance
Share sensitive compliance decisions or trade instructions via voice-triggered retrieval. Full audit trail of lifecycle events without exposing content.
Legal Privilege
Deliver privileged legal communications that can only be retrieved by speaking the passphrase. No forwarding, no screenshots of links — just a burned message.
Incident Response
Coordinate breach response through voice-triggered instructions. Share the passphrase on a secure call. The response team speaks it to get the playbook. Then it's gone.
Healthcare
Share HIPAA-sensitive patient data between practitioners using a spoken passphrase. No digital trail — the message self-destructs after retrieval.
What EchoDrop Guarantees
Every architectural decision is designed to eliminate digital traces of both the message and the retrieval method.
✓ Enforced by Architecture
- ✓ On-device speech-to-text (Web Speech API)
- ✓ PBKDF2 key derivation with high iteration count (600,000+)
- ✓ AES-256-GCM client-side encryption
- ✓ SHA-256 hash-only server storage
- ✓ Burn-after-read with server-side deletion
- ✓ Text-to-speech read aloud option
- ✓ Voice processing designed to stay on-device
✗ Never Happens
- ✗ No voice recordings stored anywhere
- ✗ No plaintext passphrase stored on server
- ✗ No encryption keys stored server-side
- ✗ No sender-recipient metadata linking
- ✗ No server-side backups of burned payloads
- ✗ No recovery after burn
Enterprise-Ready Architecture
EchoDrop is built to align with privacy regulations and enterprise security policies — without compromising on cryptographic strength.
On-Device Processing
Voice-to-text conversion is designed to stay local. No audio data is collected, stored, or transmitted by City of Hats.
Zero Plaintext Storage
Neither the passphrase nor the message content is ever stored in plaintext on our servers. Only hashes and encrypted blobs.
Lifecycle Deletion
Burn-after-read, retrieval limits, and auto-destroy timers ensure data minimization by design — aligned with GDPR and PIPEDA.
Audit-Ready Architecture
Lifecycle events (creation, retrieval, deletion) are logged without exposing content — providing compliance evidence without privacy compromise.
Try EchoDrop Now
Compose a message. Set a passphrase. Share it verbally. The recipient speaks it to decrypt. Then it's gone forever.