Encrypted · Anonymous · No accounts

Talk like
nobody is
listening

End-to-end encrypted messaging with no phone number, no email, and no account — just an identity key you keep to yourself. Private one-on-one chats and large group conversations, encrypted and ephemeral by default.

Open Web App Get Android App Read the threat model
0Accounts
E2EEncrypted
Group size
0Logs
OA
Operation Alpha  3 members · group chat
E2E
Junonoise IK handshake done, session secured
11:42
Ravenkey exchange verified on my end too ✓
11:43
nobody outside this group can read this. keys live in memory only.
11:43
Junoexactly how it should be
11:44
type a message…
E2E Group Ephemeral Anti-leak
01

Built for people who actually need privacy

TunnelTalk is for anyone whose conversations cannot afford to be intercepted, retained, or attributed. No account, no phone number, no metadata trail.

Journalists & Sources

Talk to sources without leaking who they are. No phone number to subpoena, no account to seize, no server-side history to hand over.

Activists & Dissidents

Coordinate under hostile networks. End-to-end encryption hides what is being said; ephemeral storage means there is nothing to find after the fact.

Security Researchers

Discuss vulnerabilities, coordinate disclosure, and share findings on a channel that doesn't persist your work for later.

Privacy-first Teams

Legal, medical, and executive conversations that need real confidentiality — not vendor-trust, not policy-trust, math-trust.

02

A messenger with no compromises

Identity keys instead of accounts. Noise Protocol end-to-end encryption. Memory-only message history. Group chats that scale. Anti-leak posture by default. Every feature exists to keep one promise: nobody but the people in the conversation ever sees it.

No signup, ever

  • No phone number, no email, no SMS code
  • Identity is a keypair, generated on your device
  • Nothing TunnelTalk could leak about you, because we never had it
  • Works without any server we control

Long-term identity keys

  • Ed25519 for signing, X25519 for key agreement
  • Generated locally with @noble crypto primitives
  • Encrypted at rest with your passphrase via Argon2id
  • Rotate or wipe the identity at any time

Simple contact sharing

  • Compact tt1: token fits in an SMS or email
  • QR code for in-person exchange — built-in scanner
  • Paste a token from any message app to add a contact
  • No server-side directory, ever

Passphrase-locked

  • Identity decrypts only when you unlock the app
  • Argon2id stretching against offline brute force
  • Wrong passphrase looks identical to no identity at all
  • Auto-lock on idle, on close, on panic

Panic wipe

  • One tap zeroes identity + contacts + all group keys
  • No backup uploaded, no restore from cloud
  • Storage is overwritten, not just unlinked
  • If the device is gone, the identity is gone

Verification ceremony

  • 6-digit safety code derived from both fingerprints
  • Read it aloud or compare side-by-side to confirm no MITM
  • One-time, mutual — stays verified across sessions
  • Spoofing requires the recipient's secret key

Noise IK handshake

  • Noise IK pattern — mutual authentication, forward secrecy
  • Ed25519 + X25519 + XChaCha20-Poly1305 + BLAKE2b
  • Re-handshake on every new session
  • Keys derived per-direction, never reused

Encrypted text

  • Every message AEAD-sealed before it touches the network
  • Counter-nonce framing prevents replay attacks
  • No plaintext on disk, ever
  • Relay is a dumb forwarder — it cannot read content

Forward secrecy

  • Per-session keys from the Noise handshake
  • Compromise of one session key does not unlock prior messages
  • Long-term keys never encrypt content directly
  • Each conversation re-negotiates from scratch

Authenticated & deniable

  • You know who sent it. Nobody else can prove it later.
  • Cryptographic deniability via Noise's design
  • Spoofing requires the recipient's secret key
  • Mutual auth in both directions simultaneously

Disappearing messages

  • Per-conversation TTL: 5 min, 1 hr, 24 hrs, or keep
  • Purge a conversation without losing others
  • Messages live in RAM only — lock wipes them
  • Both sides see the same clock

No central broker

  • Relay is a dumb WebSocket forwarder — no message storage
  • Nothing to subpoena, no retention, no access logs
  • Both sides must be online simultaneously
  • No presence service, no read-receipt server

Unlimited group size

  • Create a group, name it, invite contacts
  • No hard cap — designed for large groups from day one
  • Groups appear alongside your DMs in the sidebar
  • Switch between group and DM view instantly

Shared group key

  • 32-byte random group key, generated at creation
  • Each message encrypted with XChaCha20-Poly1305
  • Random nonce per message — no sender-counter collision
  • Rotating the key is planned; initial key is forward-secret from join

Secure invites

  • Group invites travel inside your existing DM session
  • The group key is never sent in plaintext
  • Invite requires an established Noise IK session first
  • Accepted invite automatically subscribes to the relay channel

Relay multicast

  • One send, all members receive — relay does the fan-out
  • Relay sees only the group ID and ciphertext, never the key
  • Group subscriptions restore automatically on reconnect
  • Offline members miss messages — no server-side queuing

Encrypted persistence

  • Group list persisted in IndexedDB under a BLAKE2b-derived key
  • Group keys are encrypted at rest with your identity passphrase
  • Messages are ephemeral — they live in RAM only
  • Unlock identity → groups and channels restore automatically

Sender names

  • Each group message shows the sender's nickname
  • Nicknames are local to your device — you name them
  • Your own messages appear as "You" in your view
  • No global identity tied to a name or account

Memory-only history

  • Messages live in RAM, never written to disk during a session
  • Browser tab close = clean slate
  • Reload or lock to wipe all in-memory messages
  • Opt in to TTL-based expiry per conversation

Session-end wipe

  • Lock, close, or idle-timeout zeroes session memory
  • Noise session keys destroyed before unload
  • Group keys zeroed on lock
  • What you persist, you persist deliberately

Disappearing messages

  • Per-conversation TTL: 5 min, 1 hour, 24 hours, or keep
  • Sensible expiry on by default
  • Voice and video clips obey the same clock (coming soon)
  • Both sides see the same expiry behaviour

What stays on disk

  • Identity keys (encrypted with passphrase)
  • Contact public keys + nicknames (encrypted)
  • Group list + group keys (encrypted)
  • That is the entire on-disk surface — no message content

Idle timeout

  • Configurable: 1, 5, 15, 60 minutes
  • Re-enter passphrase to come back
  • In-memory buffers wiped on lock
  • Connections torn down, not just paused

Per-conversation purge

  • Wipe one chat without losing the rest
  • Works for both DMs and group chats
  • Conversation re-opens empty; the session stays intact
  • No recovery once wiped — no server copy to fall back on

Screenshot defence

  • Android: FLAG_SECURE blocks system screenshots and recents thumbnails
  • Web: content watermarked with viewer fingerprint — deterrent only
  • Honest disclosure: web cannot truly prevent screenshots
  • Screenshot-sensitive? Use the Android app

Per-viewer watermark

  • The screen is overlaid with the viewer's fingerprint
  • Any leaked screenshot identifies the device that leaked it
  • Watermark is rendered, not stored as a file artifact
  • Visible enough to deter, faint enough to read through

Blur on focus loss

  • App content blurs the moment focus leaves the window
  • Keeps shoulder-surfers and recording software guessing
  • Re-renders cleanly when you come back
  • Configurable per conversation

Hardened client

  • CSP locked down; devtools shortcuts blocked in release
  • All crypto runs in pure JS — no server-side crypto calls
  • No third-party analytics, no crash reporting, no remote flags
  • No source maps in release builds

No copy, no save

  • Selection disabled on message content
  • Clipboard write blocked by default
  • Right-click context menu disabled in message area
  • Inconvenient? Yes. That is the security promise.

What we won't promise

  • "Unhackable" — no software is
  • "Source-secret" — client code is always reverse-engineerable
  • Web screenshot prevention — the browser OS does not allow it
  • If you read it on a screen, it can be photographed off the screen
03

How the security actually works

Three layers, each doing one job. Identity keys prove who you are. Noise sessions encrypt what you say. The relay routes without ever reading the content. None of them depend on TunnelTalk being trustworthy — that is the point.

L1

Identity

Long-term Ed25519 + X25519 keypair generated locally on first launch. Encrypted at rest with your passphrase under Argon2id and stored in IndexedDB. The public-key fingerprint is the only thing you ever share. There is no account on any server.

Ed25519X25519Argon2id@noble/curves
L2

Conversation

Each DM runs a Noise IK handshake between the two identity keys, producing forward-secret session keys. Every message is sealed with XChaCha20-Poly1305 before leaving your device. Group messages use a shared symmetric key with a random nonce per message. Keys live in memory only.

Noise IKXChaCha20-Poly1305BLAKE2b@noble/hashes
L3

Transport

Encrypted bytes are routed through a WebSocket relay that acts as a dumb forwarder — it sees routing headers only, never content. The relay cannot decrypt anything. I2P transport for full network anonymity is on the roadmap as a future upgrade layer on top of the same crypto.

WebSocket relaydumb forwarderI2P (roadmap)
04

What we will not pretend

Privacy software has a culture of overclaiming. We won't. These are the honest limits of what TunnelTalk can do right now — documented up front so you can decide whether the tradeoff is acceptable.

Web cannot prevent screenshots

Browsers have no API to block OS-level screen capture. We watermark the view with the viewer's fingerprint to make a leaked image identifiable, but we cannot stop the capture itself. If screenshots matter, use the Android app.

Source code is never truly hidden

Anything that runs on your device can be read. We minify and ship clean release builds to raise the cost of reverse engineering, but the security is in the protocol, not in source secrecy.

Transport anonymity is coming, not live

The current release routes messages through a WebSocket relay. The relay cannot read content, but it can see routing metadata. Full I2P transport that hides who is talking to whom is on the roadmap. We will not claim anonymity we haven't built yet.

Endpoint compromise wins

If the device is rooted, key-logged, or under malware, no encrypted messenger saves you. TunnelTalk minimises damage with passphrase locking and ephemeral storage, but it cannot replace endpoint security.

05

Web app & Android app — both free

Two ways to run TunnelTalk. The same protocol, the same encryption, the same UI — with the strongest anti-leak posture each platform can actually deliver.

Web App

Open directly in any modern browser. No install required. Works on any device with a browser. Screenshot prevention is watermark-only on web.

Live — v0.0.2
Open Web App

Android App

Native APK. FLAG_SECURE blocks system screenshots and recents thumbnails. Strongest anti-leak posture. Android 7.0+ required.

Live — v0.0.2
Download APK

Talk like nobody is listening.

No account. No phone number. No metadata trail. Identity keys, end-to-end encryption, and group chats — the way private messaging should have been from the start.

v0.0.2 — Web and Android available now. I2P transport coming soon.

Open Web App Download Android APK Read the docs Privacy policy