City of Hats - Exposure Intelligence Platform
Secure Drop
Anonymous · Encrypted · No login required
Your message is sealed and anonymous. We cannot identify you. No account or login is needed.
Your message
Max 3 files, 10 MB each
Powered by City of Hats · Get your own Secure Drop
Secure Channel
Anonymous · Bidirectional · Encrypted
Start an anonymous conversation. You'll receive a thread code to check for replies later.
Your message
Max 3 files, 10 MB each
Thread Code
Enter your thread code above to check for replies.
Powered by City of Hats · Get your own Secure Channel
🖼️ GhostFrame

Hide Secrets
Inside Ordinary Images.

Embed AES-256-GCM encrypted messages inside any photo. Share it anywhere. The image looks completely ordinary. Only City of Hats Premium can decrypt what's inside.

Create a GhostFrame → PREMIUM
Core Capabilities

Discreet Transport. Proven Encryption.

GhostFrame combines image steganography with AES-256-GCM encryption and a hybrid token architecture — designed to remain intact across common image-sharing platforms.

🔐

AES-256-GCM Encryption

Every message is encrypted client-side with AES-256-GCM before embedding. The encryption key is derived locally and never touches our servers.

AES-256-GCM
🖼️

Hybrid Token Architecture

A small token is embedded in the image pixels. The encrypted payload is stored separately on our servers. This hybrid approach remains intact across WhatsApp, LINE, and other image-sharing platforms.

STEGANOGRAPHY
🔥

Burn-After-Read Lifecycle

Set your GhostFrame to self-destruct after first read, after a set number of retrievals, on a time delay, or after a countdown timer. Once burned, the payload is permanently deleted.

EPHEMERAL
🎯

Access Control

Choose who can decrypt: anyone with City of Hats Premium, or lock it to a specific Hat identity. Without the right permissions, the image looks like any ordinary photo.

RECIPIENT-LOCKED
How It Works

Four Steps to Invisible Communication

From import to decode — the entire process happens client-side. Your plaintext never touches our servers.

1

Import Image

Pick any photo from your camera roll, Google Photos, or local files. Any standard image format works.

2

Compose & Encrypt

Write your secret message. AES-256-GCM encrypts it client-side. Set lifecycle rules — burn-after-read, time-lock, auto-destroy.

3

Embed & Share

The encrypted token is embedded into the image pixels. Share the image normally — email, Dropbox, WhatsApp, anywhere.

4

Decode & Burn

The recipient imports the image into City of Hats. The token retrieves and decrypts the message. Then it's gone.

🖼️ Image Pixel Layer

A small retrieval token — not the message itself — is embedded via LSB steganography. The image carries only the key to unlock, not the content.

linked

☁️ Server-Side Vault

The full AES-256-GCM encrypted payload lives here with lifecycle rules. Zero-knowledge — we cannot read or access the content.

📸
Import
Pick any image
✍️
Embed
Encrypt & hide token
📤
Share
Send via any platform
🔍
Decode
Retrieve & decrypt
🔥
Burn
Payload destroyed
Use Cases

Who Uses GhostFrame?

When the channel itself needs to be invisible — not just encrypted.

📰

Journalists & Sources

Receive sensitive documents and tipoffs hidden inside ordinary photos. No metadata trail, no suspicious file names — just a family photo that happens to contain classified information.

🏦

Financial Institutions

Share transaction approvals, compliance alerts, and sensitive financial data through images that look routine. Audit-ready with burn-after-read timers.

⚖️

Legal Teams

Exchange privileged communications inside image attachments. Attorney-client privilege protected by steganography and AES-256-GCM — invisible to discovery tools.

🕵️

High-Sensitivity Environments

Share confidential information through images in environments where standard encrypted channels draw attention. GhostFrame provides a discreet transport layer for sensitive operations.

🏥

Healthcare

Share HIPAA-sensitive patient data between practitioners without exposing it in email bodies or chat logs. Burn-after-read ensures zero retention.

🏢

Enterprise Security Teams

Distribute vulnerability disclosures, breach reports, and incident response instructions inside images. No one knows the image contains critical security data.

Security Architecture

What GhostFrame Guarantees

Every architectural decision is designed to minimize exposure and prevent recovery after burn.

Enforced by Architecture

  • AES-256-GCM client-side encryption
  • LSB steganography token embedding
  • Hybrid architecture survives image compression
  • Burn-after-read with server-side deletion
  • Recipient-locked or Premium-gated access
  • Time-lock and auto-destroy timers
  • Zero plaintext on server at any point

Never Happens

  • No plaintext message stored on server
  • No encryption keys stored server-side
  • No image analysis or content scanning
  • No sender-recipient metadata linking
  • No server-side backups of burned payloads
  • No third-party access to steganographic tokens
  • No recovery after burn

Try GhostFrame Now

Import any image. Write a message. Embed it. Share it. The image looks ordinary — only City of Hats Premium can decrypt what's inside.

Create a GhostFrame → Request Enterprise Demo