LemurPouch

End-to-end encrypted file sharing that never leaves your network.

Run the relay on any LAN machine. Anyone on your network opens it in a browser, verifies a six-word fingerprint, and sends. Files never touch the cloud — and the relay routes opaque ciphertext it can’t read.

curl -fsSL https://lemurpouch.com/install.sh | sh
Installs the relay. Clients just open a URL.View on GitHub →
  • MIT licensed
  • Relay for macOS, Linux, Windows
  • No accounts
  • No telemetry
  • Session-only
lemur-pouch · running on the LAN
:8080
This devicetide-quantum-velvet-tribe-yellow-orchard192.168.1.42 :54088
Peers nearby2
  • abandon-ladder-marble-finger-zebra-rocket192.168.1.21 :51422
    Friend
  • forest-narrow-coast-meadow-piano-walnut192.168.1.34 :49810
    Send invite
How it works

Three steps, no accounts.

Set up once on the LAN, then any browser on the network can send files end-to-end encrypted. No app, no extension, nothing to install on the senders or receivers.

  1. Install the relay, once

    One curl on any Mac, Linux, or Windows machine on your network. The binary verifies its own checksum, picks a sensible install path, and starts listening on :8080. That's the only setup.

    ~/lemur-pouch
    curl -fsSL https://lemurpouch.com/install.sh | sh
    Downloading lemur-pouch-darwin-arm64.tar.gz
    Verifying checksum
    Extracting to /Users/you/Library/Application Support/lemur-pouch
    Starting LemurPouch…
    ✓ Listening on :8080
    http://192.168.1.42:8080/
    http://[fe80::1c5:c1d2]:8080/
  2. Verify six words

    Each device generates its identity locally in the browser and renders it as a six-word BIP-39 fingerprint. Read it aloud across the room or across the call to confirm — humans verify identity, not the relay.

    Your laptop seesabandon-ladder-marble-finger-zebra-rocket
    Same six words → friend confirmed
    Your phone seesabandon-ladder-marble-finger-zebra-rocket
  3. Send the file

    Drag a file in, the receiver accepts the offer, and bytes flow through the relay as opaque ciphertext it can't read. Filenames, sizes, and content stay on your network.

    Sending toEncrypted
    abandon-ladder-marble-finger-zebra-rocket
    roadmap-q3.pdf12.4 MB
    62% · 7.7 MB of 12.4 MBchunk 124/200
What you get

Built for the network you’ve got, not the one you wish you had.

  • End-to-end encrypted

    XChaCha20-Poly1305 with X25519 ECDH session keys, bound to Ed25519 identities. The relay forwards opaque ciphertext it cannot read.

  • Works on locked-down networks

    Plain outbound WebSocket over TCP. No WebRTC, no UDP, no STUN, no inbound ports — runs through corporate firewalls that break everything else.

  • Nothing to install on clients

    The relay is one curl on any LAN machine. From there, every sender and receiver just opens a URL — no app, no extension, no account.

  • Two-tier consent

    Friendship is mutually established once per session; every individual file transfer still needs an explicit accept. Either side can refuse at any point.

  • Session-only state

    Identities, friendships, transfers — all in relay memory, all session-scoped. Restart the relay and it's a clean slate. No database, no logs of content.

  • Single binary, cross-platform

    macOS, Linux, and Windows on amd64 and arm64 — plus a multi-platform Docker image. The frontend is embedded in the binary; one file is the whole product.

Trust model

What the relay sees, and what it never sees.

The relay routes envelopes; it does not read them. Trust is rooted in the six-word fingerprint humans verify out-of-band — not in the relay.

The relay sees

  • Routing identitiesSource and destination Ed25519 public keys, so envelopes reach the right peer.
  • Approximate volume and timingBytes through the relay are bytes the relay can count.
  • Friendship-control bitsinvite / accept / reject — needed to enforce two-tier consent.
  • Source IP and ephemeral portUsed for per-IP rate limiting and the discovery row.

The relay never sees

  • Filenames and file sizesEncrypted inside the transfer offer.
  • File contentsStreamed as opaque ciphertext chunks.
  • Per-transfer accept or rejectCarried inside encrypted envelopes after friendship.
  • Accounts, cookies, or display namesNo registration, no analytics — just session-scoped keys.
Install

One command. Then anyone on your network can use it.

Install on a laptop, a Pi, a NAS — anything reachable on the LAN that runs macOS, Linux, or Windows. The relay binds on :8080, prints every URL it’s reachable at, and waits for clients.

curl -fsSL https://lemurpouch.com/install.sh | sh

Verifies the SHA-256 of the release before running. Installs to ~/Library/Application Support/lemur-pouch on macOS, the XDG data dir on Linux. Re-runs are idempotent.