TanMesh
Tor-routed P2P messenger
Free • No signup Get TanMesh

Frequently asked questions

Quick answers about what TanMesh is, what problems it solves, and how to use it responsibly.

Is TanMesh a replacement for Signal/WhatsApp/etc.?

TanMesh lives in a different category than mainstream messengers. Signal and WhatsApp optimise for contacts, stickers and phone-number onboarding. TanMesh optimises for Tor-routed, peer-to-peer encrypted channels, no central server, and a transparent, inspectable protocol.

You can absolutely use TanMesh as your primary secure channel with people who share your threat-model: you exchange node IDs and onion addresses instead of phone numbers, run your own node, and keep your metadata and keys under your control. It’s built for people who care more about control, anonymity and protocol clarity than about social-network features.

What does “no central server” actually mean?

There is no TanMesh cloud to register with. When you run TanMesh, your machine becomes a node that listens on a local port and exposes a Tor v3 onion service. Peers connect directly to your onion address. No TanMesh-owned backend ever sees your metadata or keys.

Do I have to use Tor?

Tor is the default and the recommended transport – it gives you location hiding and onion addressing. For local testing and special setups, you can connect directly via IP/hostname using the /connect command, but this exposes your IP and is not anonymous.

What kind of encryption does TanMesh use?

Long-term identity is based on X25519 keys. Each session creates fresh ephemeral X25519 keys and uses a 4-way DH (ss, se, es, ee) combined via HKDF-SHA256 to derive a root key and directional chain keys. Every message advances the chain and gets its own AES-GCM key and nonce.

Does TanMesh store my messages?

TanMesh focuses on live sessions. Messages are processed in memory and printed to your local terminal or GUI. If you log or persist the output, that happens locally on your device under your control – there is no central database or remote log.

Can I verify I’m talking to the right person?

Yes. Each contact entry stores a node_id derived from the static public key. When you use /connect-id, TanMesh checks that the peer’s advertised node_id matches what you saved. If it doesn’t, the connection is treated as suspicious and closed.

Is TanMesh anonymous?

TanMesh does not collect identity information, and Tor hides your IP from peers. However, anonymity and privacy depend heavily on your operational security: device hygiene, OS hardening, network environment, and how you share your identifiers. Treat TanMesh as a building block in your privacy posture, not a magic cloak.

Can I use TanMesh for illegal activities?

No. TanMesh is intended for legitimate use only – research, privacy-preserving communication, education, and defensive security work. You are fully responsible for how you use it and for complying with the laws in your jurisdiction.

Is the GUI required?

No. The GUI is optional. If PySide6 is not installed or you start TanMesh with --cli, it runs entirely in the terminal, exposing the same commands and crypto behavior. This is often preferable on headless servers or hardened boxes.

Can I integrate TanMesh into my own tooling?

TanMesh is built as a standalone node with a clean core and a well-defined command-line interface. You can orchestrate it via scripts, wrap it in systemd services, or pair it with your own monitoring and sandboxing. For deeper embedding, you’d adapt the core Python code directly.

Next steps