Start a video conference

Spin up a private room and share the link. Audio, video, and screen sharing go directly between the browsers on the call — peer to peer. Our server only relays the initial connection setup; it never sees your media.

Browser extensions can read data on any webpage you visit, including this one. Use a private/incognito window with extensions disabled.

New room

Schedule
When the room expires it is deleted from our database, along with anyone still listed in it.
Password
Optional. A random key that someone must have (in addition to the link) to join. We store only a hash of it — never the password itself.

How your media stays private

  • Audio and video are encrypted end-to-end (DTLS-SRTP) and sent directly between browsers.
  • You can check who's on the call at any time — and it doubles as a tripwire if a name you don't expect shows up.
  • Rooms auto-expire and are deleted. No accounts, no recordings.

What our server can and can't see

Your media is peer-to-peer. Audio, video, and screen shares are encrypted with DTLS-SRTP and sent directly between the browsers on the call. Our server never relays, records, or decrypts your media — we only run a STUN server (no TURN) that helps your browsers find a direct path to each other.

What the server does see. To set up the call, your browsers exchange connection details (SDP and ICE candidates) and our signaling server relays those between you. They describe how to connect — including IP addresses and codec capabilities — but contain none of your audio or video.

The honest caveat. Because we relay the connection setup, a malicious or compromised signaling server could in principle insert itself in the middle (a man-in-the-middle). Your browsers verify each other's encryption fingerprint, but that fingerprint travels through us — so the cryptography alone doesn't stop us, only our honesty and our open-source code do. We don't do this. If that residual trust is unacceptable, use a tool with out-of-band fingerprint verification.

The roster. The list of who's on the call is a convenience, not a cryptographic identity proof. Names are typed in by each participant and are not verified. Treat it as a tripwire: if a name you don't recognize appears, hang up.

The optional password. If you set one, it's a random value generated in your browser. Your browser sends only a SHA-256 hash of it (bound to this room's id) — the password itself never reaches our server. We store the hash and compare it, in constant time, when someone joins. It keeps out a stranger who has the link but not the password; it does not encrypt your media.

A STUN-only honest limit. Because we run no relay server (TURN), if two people are both behind strict ("symmetric") NATs, their browsers may be unable to find a direct path and the connection will fail. There is no fallback for that case, by design — this is the price of keeping media strictly browser-to-browser.

Lifecycle. Rooms expire (3 hours, 24 hours, or 7 days) and are then deleted from the database. Leaving the call removes you from the roster; a missed heartbeat removes you automatically. We never log SDP, ICE candidates, display names, or tokens.

YouShallNotPass.io

Free, privacy-first tools. Open source. No accounts. No tracking.

Support YouShallNotPass.io by starring us on GitHub and sharing it with coworkers and friends.

Sister sites

© 2026 YouShallNotPass.io