What it is

QRTalk is a mobile messaging platform designed to defend information exchange from unauthorised access, disclosure, inspection or recording. QRTalk is private, secure, temporary and anonymous.

privatePrivate: everything is in your hands

QRTalk consists of a server and a mobile app. You can run your own server, or connect to a server run by someone else you trust. You are in control of data storage, physical server access and service life-span.

secureSecure: strong end-to-end encryption

All exchanged messages are encrypted end-to-end on your device. Encryption is done using a serial combination of symmetric-key and public-key cryptography, much like PGP does. A new random symmetric key is generated for each message and plain-text is encrypted using generated key. Symmetric key is then encrypted using recipient’s public key and sent to server for delivery along with encrypted message. Asymmetric key pairs are generated on your device.

Public key fingerprints can be exchanged to double-check the identity of other users (recipient certification). Once you verify a public key you are guaranteed that nobody but the verified user will ever be able to read your messages. You can sign messages with your own private key (sender certification). Message forging (using stolen public keys) and man-in-the-middle attacks are totally impossible when exchanging signed messages.

temporaryTemporary: user selected time-to-live

All exchanged messages are tagged with a user selected time-to-live. When time-to-live expires messages are deleted from server, from your device and from all destination devices.

anonymousAnonymous: no personal info

QRTalk uses anonymous random IDs to identify users and groups. User IDs are used to route messages from sender to recipient devices. The only information stored on server is anonymous userIDs group IDs and public keys. Avatar pictures and nicknames are local to your device.