Most scheduling tools (When2meet, Doodle, Calendly, even self-hosted ones) leak significant metadata: who meets whom, when, and how often. OpenSlots treats scheduling as a client-side protocol rather than a hosted service.
Key ideas:
- No trusted third party: Runs as a browser-based thick client. Nostr relays are used only as untrusted storage.
- End-to-end encryption (NIP-44): All room data and availability are encrypted with ChaCha20-Poly1305.
- URL fragment key distribution: The symmetric room key lives only in the URL fragment and is never sent to servers or relays.
- Blinded indexing: Room identifiers are indexed on relays via HMAC-SHA256(room_id, key), preventing trivial enumeration or mapping by relays.
Relays can observe ciphertexts, tags, and timing, but cannot read meeting content or recover room identifiers without the key. This removes the central database as a point of trust.
This is not full anonymity: IP addresses and timing remain observable. The goal is trust minimization and metadata reduction, not network-layer anonymity.
Demo and documentation: https://openslots.pages.dev
Technical Details: https://github.com/tani/openslots
Feedback is welcome, especially on the threat model, blinded indexing design, and usability trade-offs of URL-as-bearer-key approaches.