Proof of concept — demo environment, not production. No SLA, no emergency calling (no 911/112), data may be reset without notice. Calls will drop after ~50s as the app is in testing mode.
T9phone

Tips & tricks

T9phone is built to leak as little as possible. The habits below close the gaps that no product can close for you.

Sign up with an address that isn’t tied to your identity

Your email is the only personal identifier we hold. The privacy you get out of T9phone is capped by the privacy of the inbox you registered with. Stronger choices, roughly in order:

  • End-to-end encrypted providers (Proton Mail, Tutanota, Mailbox.org) — even the provider can’t read recovery mail.
  • Aliasing services (SimpleLogin, AnonAddy, Firefox Relay) — every site gets a different address that forwards to your real one, and you can burn it later.
  • A dedicated address used only for T9phone, never reused elsewhere.

Avoid your employer’s mailbox, school account, or any address that already maps to your legal name in public databases.

Pick a nickname that doesn’t identify you

Your nickname is the closest thing to a phone number on T9phone — it determines your dial code and shows up in caller ID inside groups. Avoid your real name, handle from social media, or anything employer- or school-specific. Treat it like a callsign, not a username.

Treat invite links like passwords

An invite link is a bearer token: whoever opens it can join the group. Send invites over a channel at least as private as T9phone itself (Signal, in person, an encrypted email) — not group chats, public Slacks, or anything indexed by a search engine.

If you suspect a link was leaked, revoke it from the group page and issue a fresh one. Old links stop working immediately.

Use a password manager, and a long passphrase

Account credentials are bcrypt-hashed at cost 12, but reused passwords from data breaches still beat every server-side defence. Generate a unique 20+ character passphrase in a password manager (Bitwarden, 1Password, KeePassXC) and never type it in twice.

Lock the device that holds your softphone

Your SIP password is stored locally inside Cloud Softphone (or whichever client you use) so the app can register without a prompt every time. That means anyone with unlocked access to your phone can place and receive calls as you. Enable device PIN, biometrics, and screen auto-lock.

Phone hygiene

The phone is the weakest link in any voice product. Encryption on the wire does nothing if the endpoint is compromised. A short routine:

  • Patch fast. Install OS and softphone updates as soon as they ship. Most real-world phone compromises are old, patched bugs.
  • Use a long PIN, not a 4-digit one. 6+ digits or a passphrase. Biometrics for convenience, PIN as the real secret.
  • Audit app permissions. Only the softphone should hold microphone access. Revoke mic, camera, and contacts from everything else. Re-check after every OS update — permissions sometimes reset.
  • Install from the official store only. Side-loaded APKs and TestFlight betas from strangers are the easiest way to root a phone. Pin the softphone to a known-good version and read changelogs before updating.
  • Mind notification previews. Set the lock screen to hide notification content. A glance at an unlocked-but-screen-off phone can reveal a nickname or invite link otherwise.
  • Disable cloud backup for the softphone. iCloud / Google Drive backups can include the SIP credential blob. If you must back up, ensure end-to-end encrypted backups are enabled (Advanced Data Protection on iOS, end-to-end encrypted Google backups).
  • Beware of MDM-managed devices. A work phone with an employer-installed certificate or MDM profile can have its TLS inspected and apps silently installed. Don’t use the same device for T9phone and an employer’s MDM.
  • Don’t root or jailbreak the phone unless you personally maintain the whole chain. A rooted device with a sketchy custom ROM is worse than a stock locked one.
  • Verify installed certificates and VPN profiles. Periodically open Settings → General → VPN & Device Management (iOS) or Settings → Security → Encryption & credentials → Trusted credentials → User (Android). Remove anything you don’t recognise.
  • Confirm full-disk encryption is on. Default on modern iOS and Android, but only if a screen lock is set. No lock, no encryption.
  • Use a dedicated device for sensitive calls. A minimal phone — no work email, no social apps, no QR scanners — dramatically shrinks the attack surface. GrapheneOS on a Pixel is the gold standard if you go this far.
  • Power-cycle occasionally. A reboot evicts most memory-resident malware. Treat it as a weekly habit, not a yearly one.
  • Airplane mode is not silence. The phone still records when in airplane mode if a recording app is active. If a conversation must stay off-record, leave the phone in another room.

Verify the human behind the nickname

T9phone has no public directory and no presence indicators, but it also has no avatars or display names. The only thing identifying the person you are calling is their nickname. If a friend changes nickname, confirm it through a second channel before adding them to sensitive conversations.

Prune your groups

  • Remove members who no longer need to reach you.
  • Ban anyone you don’t want back even with a fresh invite.
  • Set a member cap that matches the real size of the circle.
  • Check the audit log if something feels off — joins, leaves, and bans are recorded.

Be deliberate about networks

SIP signalling is TLS-encrypted and media flows through coturn with ICE, so a passive Wi-Fi observer cannot read your calls. They can still see that you are connecting to sip.t9phone.com and roughly how long you talked. Hostile Wi-Fi (hotels, conferences, airports) and your home ISP both fall in that category.

Use a VPN you actually trust

A VPN hides the fact that you are reaching T9phone from your ISP and from anyone watching the local network. The tradeoff is that the VPN provider now sees that metadata instead — so the question is not “VPN vs no VPN”, it is “whom do I want to know I use T9phone?”.

  • Pick a paid, audited provider. Free VPNs monetise by logging or injecting traffic. Look for independent no-logs audits and a transparent ownership structure (Mullvad, IVPN, Proton VPN are common picks).
  • Pay anonymously when it matters. Cash, Monero, or gift cards detach the subscription from your identity. An account number with no email attached (Mullvad-style) is the strongest shape.
  • Prefer WireGuard over older protocols. Modern crypto, smaller attack surface, faster reconnects on mobile.
  • Run it on the device, not just the router. A phone that roams off home Wi-Fi loses router-level protection the moment it joins a cell tower.
  • Enable the kill switch. If the tunnel drops, the softphone should fail closed — no traffic to sip.t9phone.com over the bare connection.
  • Self-host if you can. A WireGuard or Tailscale exit on hardware you control removes the provider from the trust chain entirely. The exit IP is still yours, which is fine if you only need protection from local-network observers.

Tor is an option for the portal (registration, group management) but not for live calls — the added latency breaks real-time audio. Use Tor for account setup, a VPN for the calls themselves.

Don’t record calls on the other end

T9phone does not record anything server-side, but a recording app on either device defeats the model entirely. If a call is sensitive, agree up front that nobody is recording.