About — sTELgano

The Name

sTELgano

stel·GAH·no

A portmanteau: steganography -- the art of hiding messages in plain sight -- fused with TEL, the contact layer it hides inside. Stress falls on TEL: stel-GAH-no.

The name is engineered to mean nothing to a casual observer. If someone scrolls past it on your phone, there is no privacy-app keyword to recognise. If the two of you need to refer to it, you know how to pronounce it. They don't. That asymmetry is the whole point.

The Problem

Privacy Tools Are Obvious

Most privacy tools are visible. An encrypted messaging app on your phone is a red flag to anyone who picks it up. Someone scrolling through your installed apps sees Signal, Wickr, Session -- and immediately knows you are hiding something.

The mere presence of a privacy tool reveals intent. For people facing intimate-access threats -- a suspicious partner, a controlling family member, someone with physical access to your device -- this visibility is the problem itself.

Our Approach

Contact-Layer Steganography

sTELgano hides the encrypted channel inside a phone number saved in your contacts. Someone scrolling through your contact list sees a normal phone number. Nothing unusual. Nothing suspicious.

If they open sTELgano itself, they see a blank entry form with two fields. No messages, no contacts, no chat history. Nothing to see. The channel only opens when you enter the correct steg number and PIN -- credentials that exist nowhere on the device.

Design Philosophy

The Passcode Test

Every feature must pass: "A suspicious partner unlocks your phone and opens sTELgano. What do they see?" Answer: a blank entry screen with two fields. Nothing else. Even the name is designed to be meaningless to anyone who is not looking for it. If a feature fails this test, it does not ship.

N=1

At most one message exists per room at any time. Replies atomically delete the previous message. There is no chat history to scroll through, no archive to discover, no backup to forensically recover.

Zero Knowledge

The server is intentionally blind. No function on the server ever accepts a plaintext phone number or PIN. It sees only opaque SHA-256 hashes and AES-256-GCM ciphertext. It cannot help you even if compelled.

Browser-Native

No app to install. No app store review process. No update notifications that reveal usage. sTELgano runs entirely in the browser with the Web Crypto API. Close the tab and it is gone.

The Protocol

sTELgano-std-1

Open Protocol Specification

sTELgano is built on an open protocol that defines how two parties establish and use an encrypted communication channel hidden inside a phone contact. The protocol specifies hash derivation, key generation, message encryption, and transport -- all designed for independent implementation and self-hosting.

Read the Full Specification

Tech Stack

Elixir & Phoenix

The BEAM VM provides fault-tolerant, massively concurrent real-time communication via Phoenix Channels. Built for systems that must never go down.

Web Crypto API

AES-256-GCM encryption, PBKDF2 key derivation, SHA-256 hashing -- all executed entirely in the browser. Zero external cryptographic libraries.

PostgreSQL

Binary UUIDs for all identifiers. Encrypted-at-rest capable. The database only ever stores opaque hashes and ciphertext -- never plaintext.

Oban

Background job processing for automatic room expiry. Hourly, expired rooms are deactivated and their messages and access records are hard-deleted in the same transaction. Messages replaced by a reply don't wait for the job — they are hard-deleted immediately on reply.

Open Source

Publicly Auditable

sTELgano is licensed under AGPL-3.0. Every line of code is publicly auditable. You can read exactly what runs on the server, verify the cryptographic implementation in the browser, and self-host your own instance with your own salts.

Built by the open-source community. Contributions are welcome -- whether that is code, security audits, translations, or documentation.

Hiding in Plain Sight.