Encrypted message transferwithout networkdependency.

Taftan moves an encrypted message or small file from one phone to another without using the internet. One device plays a sound, shows a coded image on its screen, or hides the message inside an ordinary photograph. The other device captures the signal with its microphone or its camera and reconstructs the original message. Two phones in airplane mode in the same room is the most common situation.

No. The acoustic and optical channels use only the speaker, microphone, screen and camera built into every phone. The steganographic channel uses whatever messaging app you already have to deliver the cover photograph, and that is the only situation in which any network is involved at all. The Taftan application itself never connects to any server.

Yes. The receiving device needs the application to decode the audio signal, the screen frames or the hidden message inside the photograph. Installation is free of charge.

Anything that travels through a network can be observed, recorded or blocked by the operator of that network. An air-gapped channel has no operator. There is no carrier to compel, no platform to suspend the account, no router to log the connection. The acoustic, optical and steganographic channels only require two phones and the physical space between them, or one ordinary photo. That removes the entire category of third-party interception from the picture.

A classic man-in-the-middle attack places an attacker between the sender and a server. Taftan has no server in the path, so the attack surface reduces to the physical environment itself. To intercept an acoustic transmission, an attacker needs a microphone in the same room. To intercept an optical transmission, an attacker needs a camera viewing the screen. Even if either of those is achieved, every payload is encrypted with AES-256-GCM under a password that only the two participants know; the captured signal is meaningless without it.

None. There is no analytics SDK, no crash reporting upload, no telemetry, no usage counter and no identifier of any kind sent off the device. The application does not contact any server for any purpose. Everything required for the app to function lives inside the binary you downloaded.

No. There is no account, no registration, no sign-in screen and no profile. You install the application and use it. Nothing is associated with you on any server because there is no server.

Those applications are internet messengers. They encrypt the content of the message, but a server still has to learn that you exist, who you are talking to and when. They also require a working network connection and a phone number to register. Taftan addresses a different problem: the situation where the network itself is the threat, not just the situation where the content is sensitive. There is no Taftan account, no Taftan server, no phone number requirement and no contact list. It is meant to complement an end-to-end encrypted messenger, not replace it.

None that leaves your device. The sender records nothing about whom the message was sent to. The receiver records nothing about where it came from. There is no message database to seize because there is no server. The only metadata in existence is what you choose to leave on your own device, which you can delete at any time.

For the acoustic and optical channels, nothing. They do not pass through any of those operators at any point in the transfer. For the steganographic channel, an attacker who controls the messaging platform sees the cover photograph, which is indistinguishable from any other photograph. The robust mode is specifically designed to survive recompression and analysis by such platforms. Encryption is applied before the photo is composed, so the platform never sees the underlying message.

Messages are encrypted with a password that you choose at the time of transmission. The password is not stored on the device. Anyone with physical access to the device can see the user interface but cannot decrypt previously transmitted messages without that password. For additional safety, transmit nothing through Taftan that you do not also delete immediately after the exchange.

Use it for short text in the same room, when the only available link is a voice call, or whenever the two people cannot see each other but can still hear or be heard. Two sub-modes are exposed: Basic (a telephony-grade tone burst that passes through a regular phone call or a voice note) and Ultrasonic (inaudible above 17 kilohertz, around 30 centimetres to 1 metre, modern phones only).

Use the optical channel when you need to move something larger than a brief message, such as a document, photo or recovery code. Point one phone's camera at the other's screen. Taftan renders a grid of QR tiles that the camera reads frame by frame.

Use this channel when the two parties are not in the same room and the only available delivery method is an ordinary messaging app that may be observed. The message is encrypted, then hidden inside a normal photograph. Send the photograph through WhatsApp, Telegram or any other platform; anyone monitoring that platform sees a photograph and nothing more.

With the Normal mode there is zero change to the image: the pixels are untouched and the encrypted payload is appended into the file structure (a PNG IDAT chunk or a JPEG COM segment, both inert to rendering). With the Robust mode, which survives recompression by mainstream messaging platforms, there is a very faint pattern that only close inspection of the cover photo can reveal.

Yes. The carrier sits in the 17 to 19 kilohertz band at sound levels no higher than ordinary music. It does not damage hearing and it does not work over long distances. Some young people and some animals can perceive faint signals at the lower end of the band. The mode requires modern broadband speakers and microphones at both ends (iPhone X or newer, Pixel 4 or newer, recent Samsung Galaxy S or Note flagships, and most 2018-or-newer mid-tier handsets). Older budget phones whose audio response rolls off below 17 kilohertz cannot carry the signal.

Only if they capture what they see or hear. With encryption enabled, the recording is useless without the password. Without encryption, anyone who captures the same signal can decode the same content. Always enable encryption when the message is sensitive.

The message cannot be recovered. The password never leaves your device, so there is no recovery option. Choose something you can remember and share it with the other person through a separate channel before transmission.

The source meets the journalist in person, opens Taftan, and transfers a document or short briefing through the optical channel directly from one device to the other. Nothing crosses any network at any point. There is no carrier record of the exchange, no platform record and no server-side copy.

During a deliberate internet blackout or an emergency that takes down infrastructure, two people in the same building or neighbourhood can still exchange short messages with the acoustic channel. No SIM card, no Wi-Fi and no contact between the phone and a tower is required.

A delegate carrying a confidential briefing crosses a border where phones may be inspected. With Taftan, the document was never on the phone during transit. It is transmitted on arrival from a trusted colleague's device to the delegate's device through the optical channel, after the inspection has been completed.

A lawyer needs to communicate a settlement number to a client without leaving a record on any communications platform. They meet briefly; the number is transmitted through the acoustic channel in a few seconds. The same approach applies to medical results, internal business decisions and any other information that should not be retained by a third party.

When the network is down, a short message between two phones in the same building or down a corridor still travels through the Basic acoustic sub-mode. A 5 to 50 character message arrives in 10 to 15 seconds. No SIM card, no Wi-Fi and no contact between the phone and a tower is required.

When the source and the journalist cannot meet, the source encrypts the disclosure and embeds it inside an ordinary photograph using the Robust steganographic mode. The carrier photo is sent through whatever messaging platform is available. On inspection of the device or the platform, only a benign photo is visible; the encrypted payload travels inside its pixels.

When the steganographic channel is used through a messaging app, the recipient receives only a photograph. There is no visible marker and no metadata flag. Demonstrating the presence of hidden data requires a specialised forensic tool, and the robust mode is designed to resist that kind of analysis on common platforms.

The optical (QR mosaic) channel carries arbitrary binary files up to roughly six megabytes per transfer at around one megabyte per minute, and up to 4096 characters of plain text per send. The acoustic channel is short-message oriented: about 5 to 8 bytes per second on Basic and 10 to 15 bytes per second on Ultrasonic. The steganographic channel is text-only and its capacity depends on the mode: Normal carries tens of kilobytes when the carrier image is shared as a file or document (PNG IDAT or JPEG COM segment), Robust carries 500 to 2000 characters when the image is shared as a photo through platforms that recompress. The cover image itself must be between 4 kilobytes and 6 megabytes.

Android 9 and later. iOS 15 and later through TestFlight. Desktop builds for macOS, Windows and Linux are in development.

Taftan is software for the private transfer of messages between two people who have agreed to communicate. It uses standard microphone, camera and display hardware and applies encryption that is legal in the vast majority of jurisdictions. The user is responsible for the content of every message that is sent.

The code is proprietary. The cryptographic primitives are public standards (AES-256-GCM, PBKDF2-SHA256) drawn from the open academic and standards-body literature; the channel and encoding specifications are documented separately so an independent researcher can verify a complete end-to-end transfer without access to the source.