tani on Nostr: I built OpenSlots, a zero-knowledge scheduling application that works without a ...
I built OpenSlots, a zero-knowledge scheduling application that works without a trusted server.
Most scheduling tools (When2meet, Doodle, Calendly, even self-hosted ones) leak significant metadata: who meets whom, when, and how often. OpenSlots treats scheduling as a client-side protocol rather than a hosted service.
Key ideas:
- No trusted third party: Runs as a browser-based thick client. Nostr relays are used only as untrusted storage.
- End-to-end encryption (NIP-44): All room data and availability are encrypted with ChaCha20-Poly1305.
- URL fragment key distribution: The symmetric room key lives only in the URL fragment and is never sent to servers or relays.
- Blinded indexing: Room identifiers are indexed on relays via HMAC-SHA256(room_id, key), preventing trivial enumeration or mapping by relays.
Relays can observe ciphertexts, tags, and timing, but cannot read meeting content or recover room identifiers without the key. This removes the central database as a point of trust.
This is not full anonymity: IP addresses and timing remain observable. The goal is trust minimization and metadata reduction, not network-layer anonymity.
Demo and documentation:
https://openslots.pages.devTechnical Details:
https://github.com/tani/openslotsFeedback is welcome, especially on the threat model, blinded indexing design, and usability trade-offs of URL-as-bearer-key approaches.
Published at
2026-01-14 15:32:19 UTCEvent JSON
{
"id": "382e36855cb88e64a6d481e86900d284263c9983c1e876dcd51a531dbb3489e4",
"pubkey": "df61d274b30a1232d460b5526cf98e7b98d1ad8847c25a163b8183ebfefece66",
"created_at": 1768404739,
"kind": 1,
"tags": [
[
"r",
"https://openslots.pages.dev"
],
[
"r",
"https://github.com/tani/openslots"
],
[
"r",
"https://image.nostr.build/ea7b60d80a526aa8f4c40c53be1f095349752b4a01dc0de1d7058ee30be07311.png"
],
[
"imeta",
"url https://image.nostr.build/ea7b60d80a526aa8f4c40c53be1f095349752b4a01dc0de1d7058ee30be07311.png",
"ox ea7b60d80a526aa8f4c40c53be1f095349752b4a01dc0de1d7058ee30be07311",
"x 3246a776283118c413d5d4936ad87edccf521fa06e5b8555b73ef32e7c6bf703",
"m image/png",
"dim 2916x2146",
"bh LJRfzg%L_4?bteofR$WA9:ofaiRj",
"blurhash LJRfzg%L_4?bteofR$WA9:ofaiRj",
"thumb https://image.nostr.build/thumb/ea7b60d80a526aa8f4c40c53be1f095349752b4a01dc0de1d7058ee30be07311.png"
]
],
"content": "I built OpenSlots, a zero-knowledge scheduling application that works without a trusted server.\n\nMost scheduling tools (When2meet, Doodle, Calendly, even self-hosted ones) leak significant metadata: who meets whom, when, and how often. OpenSlots treats scheduling as a client-side protocol rather than a hosted service.\n\nKey ideas:\n\n- No trusted third party: Runs as a browser-based thick client. Nostr relays are used only as untrusted storage.\n\n- End-to-end encryption (NIP-44): All room data and availability are encrypted with ChaCha20-Poly1305.\n\n- URL fragment key distribution: The symmetric room key lives only in the URL fragment and is never sent to servers or relays.\n\n- Blinded indexing: Room identifiers are indexed on relays via HMAC-SHA256(room_id, key), preventing trivial enumeration or mapping by relays.\n\nRelays can observe ciphertexts, tags, and timing, but cannot read meeting content or recover room identifiers without the key. This removes the central database as a point of trust.\n\nThis is not full anonymity: IP addresses and timing remain observable. The goal is trust minimization and metadata reduction, not network-layer anonymity.\n\nDemo and documentation: https://openslots.pages.dev\n\nTechnical Details: https://github.com/tani/openslots\n\nFeedback is welcome, especially on the threat model, blinded indexing design, and usability trade-offs of URL-as-bearer-key approaches.\n\t\n https://image.nostr.build/ea7b60d80a526aa8f4c40c53be1f095349752b4a01dc0de1d7058ee30be07311.png",
"sig": "3d6408e526b99619695df5a6299407ac7d038dbc7b9e9f25f0f1fe9be87ec09cbd1c974df65a73138cdc1a30c3d1bf4fb57090a1c66d36b589ff53541fcec99f"
}
