Self-hosted: Download & Install
Run your own Mailbox server on Linux / Raspberry Pi / VPS. Choose key protection mode: TPM 2.0, Passphrase, or legacy plaintext.
One-line installer (Linux / RPi):
curl -fsSL https://raw.githubusercontent.com/FialkaApp/fialka-mailbox/main/deploy/install.sh | sudo bash
Docs: README · Security policy: SECURITY.md
Two Mutually Exclusive Operating Modes
User Mode
The phone functions as a standard messaging client.
- ✓ Creates a Fialka account (BIP-39 seed)
- ✓ Generates a deterministic .onion address
- ✓ Sends and receives E2E encrypted P2P messages
- ✓ Receives offline messages via a Mailbox
- ⚠ Only ONE User Mode per device
Mailbox Mode
The phone becomes a storage and message transport service.
- ✓ Exposes a permanent .onion Hidden Service
- ✓ Stores encrypted blobs (zero decryption)
- ✓ Auto-purges after 7-day TTL
- ✗ Cannot send or receive chat messages
- ⚠ Requires 2 devices to use alongside User Mode
Three Sharing Models
Personal Mailbox
Used solely by the owner's User-mode phone. Each user account has one Personal Mailbox. Accessible only by the owner — "my Mailbox for when I'm offline".
Private Mailbox (whitelist)
Shared with a restricted group — family, friends, colleagues. The owner alone manages the whitelist and permissions. Only authorized users can deposit messages. Granular control: add/remove access anytime.
Public Mailbox
Accepts messages from all Fialka users. No whitelist, no authentication. Useful for bots, open services, and community relays.
Delivery Modes & Privacy
| Mode | Description | Privacy |
|---|---|---|
| 0 — Direct P2P | .onion to .onion directly | ★★★★★ |
| 1 — Personal | Your own device (old phone, RPi) | ★★★★★ |
| 2 — Private Node | Friend hosts for trusted group (whitelist) | ★★★★☆ |
| 3 — Public Node | Community volunteers, auto-selected (default) | ★★★☆☆ |
Security Guarantees
Blobs are completely opaque to the Mailbox — it stores encrypted bytes it cannot read.
No metadata extraction — no recipient, no timing, no actual size, no content type.
All undelivered blobs are automatically purged after 7 days.
Mailbox only tracks cumulative counters (totalDeposited, totalFetched) — no message-level analytics.
10s base interval, 5s after messages received, 60s backoff on network error.
Mode, TTL, whitelist — all configurable in Settings.
Push Notifications (opt-in)
Phone A → sendMessage() → Tor Hidden Service → Phone B
↓ (if offline)
Fialka Mailbox stores ciphertext
↓
UnifiedPush + ntfy.sh
↓
Phone B wakes up → connects to Mailbox
→ retrieves + decrypts messages
"New message received"
(ZERO content, ZERO metadata) UnifiedPush + ntfy.sh are used as a zero-content wake-up signal only. Push notifications carry no message content or sender metadata whatsoever.
Real-World Use Case
📱 Your main phone runs User Mode — normal Fialka messaging.
🔌 Old spare phone or tablet stays plugged in permanently at home on power + WiFi — running Mailbox Mode.
📬 While you're offline, contacts send you messages → stored as encrypted blobs in your home Mailbox.
🔄 When you come back online, your main phone connects to the Mailbox and retrieves all pending messages.
Configure via: Settings → Mailbox → Personal Mailbox → enter your Mailbox .onion address