Conversations between users are end-to-end encrypted by default. When you hit enter to send a message, your device encrypts the message in a secure envelope to ensure it can't be intercepted in transit.
When you begin a conversation, your browser uses an anonymous key agreement protocol called Diffie–Hellman to negotiate a shared secret between you and the other party. The way this works is very similar to other encrypted chat protocols such as Signal, WhatsApp, or OTR.
When you report a user or open a payment dispute, you volunteer the conversation's shared secret to us. This allows LocalCryptos to decrypt and review the messages. Without the consent of either party, the conversation remains encrypted and indecipherable by third parties, including us.
If you upload an attachment, your browser generates a unique encryption key and uses it to encrypt the file, before uploading the encrypted blob to the cloud. Afterwards, your browser writes an encrypted message to the recipient containing a link to the encrypted blob, the unique key to decrypt it, and a signed hash of its contents.