Skip to main content
← Back to Blog

From Flash Protest to CrowdTalkie: Building a Privacy-First Mesh Network for Crowd Coordination

5 min read By Craig Merry
CrowdTalkie libp2p WebRTC Mesh Networking Privacy P2P End-to-End Encryption Push-to-Talk Protest Tools

Flash Protest started as a straightforward idea: give communities a walkie-talkie-style coordination tool that works in a browser. No apps, no accounts, just open a link and start talking.

It worked. But as we used it in real situations, limitations emerged. The original architecture relied on centralized WebSocket servers - which meant a single point of failure, a potential surveillance target, and dependence on internet connectivity that often fails when crowds gather.

So we rebuilt it. The result is CrowdTalkie - a privacy-first Progressive Web App that turns every participant’s device into a node in a resilient mesh network.

Why Mesh Networking Matters

Traditional push-to-talk apps route all audio through central servers. That creates problems:

  1. Single point of failure - Server goes down, everyone loses coordination
  2. Surveillance target - All communication flows through one place
  3. Network dependency - No internet means no communication
  4. Scalability costs - More users means more server infrastructure

A mesh network flips this. Each device connects directly to nearby devices, forming a web of peer-to-peer connections. Messages hop from node to node until they reach everyone in the room.

The Technical Architecture

CrowdTalkie’s transport stack prioritizes resilience:

Primary: WebRTC via libp2p

libp2p is the networking layer that powers IPFS and Filecoin. We use it to establish direct peer-to-peer connections between browsers. When two devices can connect directly (no NAT in the way), audio travels peer-to-peer with no servers involved.

Secondary: Relay Nodes

Not everyone can establish direct connections. Firewalls and NAT devices block incoming connections for most home networks. For these cases, we run lightweight relay nodes that forward encrypted traffic between peers. The relay sees only encrypted blobs - it cannot read the content.

Tertiary: Web Bluetooth

This is the real innovation. When internet connectivity fails entirely - cell networks overloaded, WiFi jammed, infrastructure down - CrowdTalkie falls back to Web Bluetooth.

Devices form a local mesh using Bluetooth Low Energy. Range is limited (~30 meters), but messages hop device-to-device, extending the effective range across a crowd. If even a single device has internet connectivity, it can bridge the Bluetooth mesh to the wider network.

End-to-End Encryption

Every room has a symmetric encryption key derived from the room secret (part of the join URL fragment, never sent to servers). All messages - voice notes, text, location reports - are encrypted before leaving the device.

The key insight: the encryption key lives in the URL fragment (the part after the #). Browsers don’t send URL fragments to servers. So even if someone intercepts the join link, the relay nodes never see the decryption key.

Identity Without Identity

Traditional apps tie your activity to an account. CrowdTalkie takes the opposite approach:

  • New keypair per room - Your identity in Room A cannot be linked to Room B
  • No persistent identity - When you leave a room, that identity ceases to exist
  • Session-based display names - You choose a name for this room, this session

This matters for privacy. If someone compromises one room, they learn nothing about your participation in other rooms.

Geofenced Discovery

Rooms are tied to physical locations. When you create a room, you pin it on a map and set a radius. Only devices within that geofence can discover and join the room.

Discovery uses GossipSub topics based on geohashes. Devices subscribe to topics for their current geohash cells, automatically discovering nearby rooms without revealing their exact location to a central server.

Voice Notes, Not Streaming

We deliberately chose voice notes over real-time streaming. Here’s why:

  1. Reliability - A 10-second voice note can retry transmission; streaming audio breaks on any packet loss
  2. Bandwidth - Voice notes compress well; streaming requires consistent bandwidth
  3. Mesh-friendly - Voice notes store-and-forward naturally across the mesh
  4. Transcription - We can transcribe voice notes for accessibility and searchability

The Web Speech API provides real-time transcription during recording. When you release the PTT button, both the audio and transcript propagate through the mesh.

CRDT State Synchronization

Room state (participant list, speaking queue, settings) uses Yjs CRDTs (Conflict-free Replicated Data Types). CRDTs merge concurrent edits deterministically - no central authority needed to resolve conflicts.

When you join a room, your device syncs the Yjs document from peers. When you make changes (join, change settings, post a report), those changes propagate through the mesh and automatically merge with everyone else’s view.

What’s Next

CrowdTalkie is live at crowdtalkie.com. It’s a Progressive Web App - add it to your home screen and it works offline (within Bluetooth range of other participants).

The code architecture is designed for extension:

  • Quick Actions - One-tap reports (blocked route, need help, all clear) that propagate instantly
  • POI Reports - Location-pinned alerts that appear on everyone’s map
  • Role-based permissions - Organizers can restrict who speaks or posts

The goal remains the same as Flash Protest: when a moment calls for action, coordination should be instant, private, and resilient. CrowdTalkie brings that vision to a new level of technical robustness.

CrowdTalkie is part of the Antifascist Fun Brigade toolkit. The original Flash Protest PTT now redirects to CrowdTalkie.