Frequently Asked Questions

General

What is Passcode?

In StealthTalk, passcode is a security measure that enables authorization and protects your in-app information against unauthorized access.

What is StealthTalk?

StealthTalk is a private messaging application purposely designed to fulfill the high privacy demands of business professionals.

StealthTalk implements patented technology originally invented to secure the communications of emergency response services in the US, Europe, and the Middle East during mission-critical operations. It ensures privacy of communication, protection from interception and wiretapping.

What makes StealthTalk special?

Instead of transferring sensitive data over a single encrypted channel (which has become a common practice among secure messaging services), StealthTalk uses a combination of data packet splitting, mixing and scrambling, and then routes separated data packets over multiple encrypted channels.

The sophisticated approach provides protection against wiretapping, man-in-the-middle and SIM-swapping attacks.

Additionally, StealthTalk does not store any sensitive user data on its servers. All user communication, information and metadata are encrypted and securely stored on the user's device.

Why does registration require a phone number?

A phone number was deliberately chosen as the key element for StealthTalk account registration for two main reasons.

First, a phone number offers better security than email, which is typically used in account registration.

Second, unlike a username-based registration, a phone number registration allows to guard StealthTalk users who are looking to communicate privately with their trusted contacts from unverified personas who seek anonymity.

Why do I need to fill out Recovery information?

As StealthTalk does not store any of your sensitive data on its servers—including passcode information—your Recovery information is required to verify your identity upon resetting your StealthTalk account passcode.

Please note: By refusing to provide any or providing unauthentic information in your Recovery information, you risk locking yourself out of your StealthTalk account in case you lose or forget your passcode.

Will my address book information be sent to StealthTalk servers?

Contact information always stays exclusively on your device. StealthTalk does not send, store or upload phone number information anywhere under any circumstances.

StealthTalk uses secure one-way hash functions to create phone number hashes based on original information in your address book. These hashes allow to match you with your contacts within StealthTalk all the while making it impossible to obtain the information about the original phone number.

Who is StealthTalk for?

The patented technology behind StealthTalk was originally invented to secure the communications of emergency response services in the US, Europe, and the Middle East. The technology was then adapted for StealthTalk to enable equally private communication for business professionals.

When do I need to use my Passcode?

You need to use your passcode in the following cases:

  1. Each time you enable Stealth mode.
  2. Access security-sensitive account categories and important settings (e.g., Change recovery information).
  3. Exchange Personal keys via Call or Bluetooth.
  4. Make Stealth calls.

What is Stealth mode?

Certain features and private conversations require an even stricter approach to privacy. StealthTalk enables that extra privacy with a passcode-protected section of the application called Stealth mode.

Only while in Stealth mode you are authorized to make Stealth calls and send Stealth messages that cannot be viewed in default mode and require the recipient to enter their StealthTalk passcode to access the content.

Stealth mode also prevents unauthorized users from tinkering with the application settings when the device is left unattended.

What is a Self-destruct message?

The Self-destruct message feature lets you set a lifetime for your messages and have them automatically erased on read. You can set Self-destruct timeout for messages and attachments.

To set a self-destruct timer:

  1. In chat, tap the Clock icon.
  2. Select a Self-destruct timeout value.
  3. Compose and send a message.
Once the recipient reads your message, the countdown will start. When the countdown reaches zero, your message will be erased automatically for you and the recipient.

What files can I send?

At this moment you can send only .jpg files in StealthTalk. Support for other files types is in the works.

Why are StealthTalk conference calls limited to three people?

The current limitation exists to ensure communication security lives up to StealthTalk security standards. Extending the number of call participants exponentially increases the strain put on bandwidth and cannot be implemented without a compromise in security. We will continue looking into solutions to extend the maximum number of participants.

How-to’s

How do I add a new contact?

There are two ways you can add a new contact to StealthTalk:
By scanning the QR code when meeting in person:

  1. Open the StealthTalk application and click the QR code icon.
  2. Scan the QR code of the person you want to add.
  3. Have the person scan your QR code.
This will automatically add a new contact to StealthTalk and your address book as well as generate a pair of personal encryption keys.

Alternatively, you and the person you want to add to StealthTalk need to add each other manually in your phones’ address books. Then, upon installing the StealthTalk application, StealthTalk will automatically recognize you as contacts.

How do I remove a contact?

In order to remove your StealthTalk contact, you need to remove the contact manually in your address book and StealthTalk will automatically recognize the change in the application.

How can I change the name of a contact?

StealthTalk does not store information about your contacts, including their names. The same name assigned to a contact in your phone’s address book is used to display a corresponding contact in StealthTalk.

In order to change the name of your StealthTalk contact, you need to change the name of the contact manually in your address book and StealthTalk will automatically recognize the change.

How do I make a group call?

StealthTalk group calls support up to three participants. To make a 3-person call, follow these steps:

  1. Start a call with one of the participants.
  2. During the call, tap the Add button.
  3. Choose the contact you want to add to the call.

How do I exchange personal encryption keys?

You can generate new encryption keys to use in Stealth mode and exchange them with your contacts via a call, using Bluetooth, or by scanning a QR code.

To exchange encryption keys, tap the profile of the contact you want to exchange the keys with and select encryption key exchange.

How do I send an attachment?

To send an attachment, tap on the “+” button at the right hand side in StealthTalk secure chat.

Security and Encryption

What is the difference between Default keys and Personal keys?

Default encryption keys are the encryption keys that the application generated when you first registered in StealthTalk. Default keys are used to encrypt all messages and calls and provide high security (Stealth mode disabled).

Personal keys are the encryption keys that users generate and exchange via secure call or bluetooth. Personal keys are used to encrypt all messages and calls and provide advanced security (Stealth mode enabled).

What makes StealthTalk secure?

StealthTalk uses a combination of data packet splitting, mixing and scrambling, and then routes separated data packets over multiple encrypted channels to make data interception and decryption unachievable.

How does StealthTalk route and transmit data?

StealthTalk uses the patented Secure Dynamic Communication Network and Protocol (SDNP) technology to ensure data routing and transmission security. SDNP allows to transmit data packets of the same session via different routes (multiple channels).

SDNP uses scrambling, splitting, and mixing techniques to fragment information flow into independent data packets. On their own, these data packets do not contain reconstructable pieces of data.

Only when delivered to the verified recipient, these packets are merged back together into original packets that carry encrypted data. Due to this distinctive feature of the SDNP technology the analysis, interception, and decryption of data contents becomes virtually impossible.

How does StealthTalk protect communication channels/data transmission?

StealthTalk relies on Elliptic-Curve Diffie–Hellman (ECDH) ephemeral (temporary) key exchange protocols rather than on traditional key exchange methods (a pre-master secret verification, or RSA-based key exchange) used for authentication between the server and the client. Based on mathematical computations, ephemeral key exchange protocols allow to generate a new, unique session key every time a new session starts, and encrypt data.

Since session keys are calculated from mathematical values the client and the server exchange with each other, keys are never transferred. Such key-agreement protocols ensure data protection, maintain the confidentiality of communication in the past/future sessions, and minimize potential damage.

For enhanced security, StealthTalk also applies a Two-Factor authentication method (SMS-code confirmation) to protect user authentication sessions and communications from Man-in-the-Middle (MITM) attacks.

Are all messages and calls end-to-end encrypted?

In StealthTalk all messages and calls (when Stealth mode is enabled or disabled) are end-to-end encrypted. This means that (a) encryption/decryption of sensitive data takes place entirely on the user device and (b) that StealthTalk servers do not store or have access to encryption keys and cannot ‘read’ user messages or 'listen in' on their calls.

How does StealthTalk handle encryption keys?

For encryption/decryption to happen, StealthTalk needs both Client-Side and Server-Side key materials. Client-Side key material is stored on the user device. Server-Side key material is provided by the StealthTalk server every time the user is successfully authorized. Combined together, Client-Side and Server-Side key materials produce the encryption key. This means, knowing only single key material does not allow access to user data.

What encryption algorithms are used in StealthTalk?

StealthTalk uses a combination of different cryptographic methods, which are part of ECIES (Elliptic Curve Integrated Encryption Scheme). Strong encryption algorithms ensure maximum data protection and security of communication:

  • Advanced Encryption Standard (AES) with 256-bit keys for data encryption and data storage. AES provides data confidentiality and integrity as well as data authenticity (only the key owner is able to encrypt data).
  • Elliptic-Curve Cryptography (ECC) with 512+ bits for encryption key generation.
  • SHA3-512 for data integrity and verification of message content.
  • Key Derivation Function (KDF) for creating a longer cryptographic key derived from a password. Not only does KDF ensure passwords are NOT stored on servers in plain text, but it also enhances passwords’ cryptographic immunity.
  • Elliptic-Сurve Diffie–Hellman (ECDH) protocols for secure single-session key exchange and data encryption.
  • Message authentication code (MAC) is used to additionally guarantee data integrity and message authenticity. MAC allows recipients to (a) verify the sender and (b) detect any modifications to the message content.
  • Perfect Forward Secrecy (PFC) and Backward Secrecy discount the possibility of corrupting the keys of the future and the past sessions by creating a new key for each new secure session and by encrypting data.

What makes StealthTalk different from other secure messengers?

Besides the field-proven technology that originated in professional telecommunications, StealthTalk features a unique approach to encryption key generation and exchange. In StealthTalk, encryption keys are generated only on user devices, while traditional secure messengers often have their encryption key server sharing the keys with user devices, which opens them up to attacks.

Where does StealthTalk store my data?

Your conversations, metadata and other sensitive information are encrypted with the device-specific keys and stored on your own device only. StealthTalk does not store any sensitive information on its servers.

Are messages stored in encrypted form on my device?

All encryption happens locally on your device, and your data and communication information stay encrypted at all times. StealthTalk even stores the encrypted data in the app protected memory to restrict access of other apps and device operating system.

What if my encryption keys would be compromised?

StealthTalk provides perfect forward secrecy, meaning that its encryption system frequently changes the keys to encrypt and decrypt information. You can also manually generate new encryption keys with individual contacts in the StealthTalk application.

What if my device is compromised?

StealthTalk user data, such as messages and settings, is encrypted with device-specific keys and stored on the device.

Encryption keys required for decrypting data consist of Client-Side and Server-Side key materials.The Server-Side key material is provided by the StealthTalk server after successful user authorization only. Client-Side key material is stored on the user device.

If the device is cloned or its backup is stolen, such an encryption key material separation prevents the adversary from decrypting and previewing user data.

If the device is stolen, then the content still cannot be accessed as the Server-Side key material cannot be obtained without a successful authorization on the StealthTalk server.

What happens to my data if I lose my device?

If you lose your device, in order to prevent unauthorized access and secure your data, you can file a request for StealthTalk to remotely remove all data from your device.

The StealthTalk server will send a signal message to your lost device. As soon as the device is connected to the internet, the StealthTalk app will receive the signal message and erase all StealthTalk data from the device. In this case, StealthTalk server will block any authorization attempts and won’t provide Server-Side key material.

Can StealthTalk decrypt my messages if, hypothetically, required by law enforcement?

No, StealthTalk simply does not have data to share. All your communication and metadata is encrypted and stored on your device. The information is never stored on StealthTalk servers.

Troubleshooting

What do I do if I am not getting the SMS verification code?

Some mobile carriers offer inconsistent delivery of SMS verification codes required for registration. We are already looking into solutions. In the meantime, please contact support@stealthtalk.com and we will provide assistance with the registration.

How do I reset my passcode?

If you forget your passcode, please use the ‘Forgot Passcode’ option that can be found below the passcode entry field.

You will be required to answer your security question. Upon successfully answering the security question a code will be sent to your recovery email which allows you to reset your current passcode.

What if I forgot the answer to my security question?

If you forgot the answer to your security question, please contact us at support@stealthtalk.com from your recovery email address.

In your message, please specify the phone number your StealthTalk account is registered to.

After verifying that your phone number is indeed linked to a StealthTalk account that matches the recovery email, we will send an SMS with a code. You will need to send this code back to the StealthTalk support representative who will then manually reset your security question.

What do I do if I forget my passcode and don’t have Recovery information?

If you forgot your passcode and do not have Recovery information, please contact us at support@stealthtalk.com.

In your message, please specify the phone number your StealthTalk account is registered to.

Payments

How does the free trial work?

When first registering your StealthTalk account, you automatically start your free 30-day trial. You get unlimited Stealth Mode outgoing calls and messages during the free trial. At the end of the free trial period, you will be reminded to renew your StealthTalk subscription in order to continue to be able to make secure calls and send secure messages.

How does the payment work?

StealthTalk is a subscription-based private messaging service. At the end of subscription duration, the subscription needs to be manually renewed.

There is no recurring billing. As your subscription approaches expiration date, you will receive in-app notifications reminding you to extend your subscription.

What payment methods do you accept?

For transactions, StealthTalk accepts PayPal and types of payment the platform supports in your region.

How do I cancel my StealthTalk subscription?

StealthTalk does not automatically renew your subscription. At the end of subscription duration, your subscription will be canceled automatically unless renewed manually.

Miscellaneous

Is StealthTalk available in my language?

The application is currently only available in English, but StealthTalk plans to offer support for more languages in the future.

Can I use StealthTalk on multiple devices simultaneously?

For security purposes, StealthTalk is restricted to one device only. This feature will not be added in the future as syncing between multiple devices would require StealthTalk to save communication history in order to sync it which goes against the privacy standards StealthTalk stands for.

Why is StealthTalk not open source?

StealthTalk is built on a patented closed source technology which has proven itself in professional telecommunications. Being implemented in mission-critical communication solutions used by the military and emergency response services, its reliability and security have been field-proven.

With that being said, there is little benefit to be gained from going open source.