We Tried Tinfoil Chat So You Don’t Have To

When we talk about secure messaging, we usually think of end-to-end encryption, metadata protection, and easy-to-use mobile apps. But there’s a weak spot that’s often ignored: the endpoint.

It doesn’t matter if the encryption is perfect—if an attacker controls your device, they can read your messages, take screenshots, or steal your private keys. That’s the problem Markus Ottela, researcher at the University of Helsinki, set out to solve with a radical experiment: Tinfoil Chat (TFC).

The result: a messaging system that pushes security to the absolute limit, at the cost of all convenience.

🔗 GitHub repository

The Extreme Architecture of TFC

What makes TFC different isn’t the cryptography itself, but the physical design of the system.

1. Input computer: where you type your messages.

2. Network computer (Tor): the only machine connected to the Internet.

3. Output computer: where incoming messages are displayed.

These machines aren’t connected in the usual way. Instead, they rely on unidirectional hardware gateways built with HCPL-7723 optocouplers, ensuring data can only move in one direction and never back.

This means that even if an attacker takes full control of the Internet-connected machine, they cannot steal the private keys, because those keys never touch that device.

For the less hardware-inclined, Ottela suggests simulating the three roles with QubesOS “cubes” on a single computer. But even in that case, the hardware gateway is non-negotiable.

Modern Cryptography, Rigorous Engineering

TFC combines physical isolation with strong algorithms:

• XChaCha20-Poly1305 → for fast, authenticated encryption.

• X448 → for elliptic-curve key exchange.

• BLAKE2b → as the ratcheting hash function.

The code is written in Python with a rare level of rigor: 99.71% test coverage. That alone is impressive, even compared to many commercial projects.

The Price of Security: An Operational Nightmare

Here’s the catch: using TFC is a pain.

• Three computers must be running at all times.

• Electronics skills required: you’ll need a soldering iron, breadboards, resistors, and patience.

• Zero mobility: no mobile apps, no syncing across devices.

• Bandwidth limitations: forget about large files or fast chat streams.

• Predictable patterns: since you always communicate from the same station, your location and habits are exposed.

The system is so impractical that, outside of a lab or military environment, it’s nearly impossible to use consistently.

Hypothetical Use Cases

So, who might actually benefit from TFC?

• Researchers under repressive regimes: where one endpoint compromise could be fatal.

• Military or intelligence operations: where information leakage prevention outweighs usability.

• Academic and cryptographic labs: as a thought experiment or research tool.

For the average user, however, the operational cost is simply unbearable.

Comparisons With Other Systems

• Signal, Briar, Session: protect the channel, but not the endpoint.

• QubesOS + conventional messaging: provides process isolation, but not hardware-level unidirectionality.

• Air-gapped hardware (military-grade): offers physical isolation but isn’t designed for “real-time” messaging.

• TFC: unique in combining messaging with full hardware separation.

Risks and Limitations

Ironically, the very design that makes TFC secure also introduces new risks:

• Thermal and electrical footprint: three active machines stand out in advanced surveillance contexts.

• Operational complexity: the more complicated the setup, the higher the chance of mistakes.

• Uniqueness as a risk: using TFC itself makes you look “special,” which can raise your profile as a target.

• Lack of independent audits: no academic papers, no CVEs, no reviews by well-known cryptographers.

• No post-quantum cryptography: increasingly a red flag in systems that claim long-term security.

Genius or Madness?

TFC is simultaneously:

• A cryptographic masterpiece, proving that endpoint vulnerability can be completely eliminated.

• An operational nightmare, demanding sacrifices that 99.9% of users will never accept.

You’ll probably never use it. But its very existence highlights a critical truth: real security doesn’t always align with convenience, and sometimes extreme research is what sparks future innovation.

TFC’s Bright and Dark Sides

It’s also worth noting the absence of academic publications or independent audits, despite Python being chosen specifically for readability. There are no CVE records or reviews from top cryptographers either, which makes it hard to trust TFC outside its niche.

That said, the project has drawn a surprising amount of attention: over 1,300 stars on GitHub—not bad for something this esoteric.

The missing piece is post-quantum cryptography. In today’s climate, where the risks of quantum computing are actively debated, that omission could be considered a serious weakness for a project positioning itself as “invulnerable.”