Onion Service Setup
After the master password is set, Transmitter Program creates an ed25519 private key and stores it into a dedicated database. This private key will be automatically exported to the Relay Program on Networked Computer at the start of every session. The Relay Program uses the private key to start the user's Tor Onion Service. If the user has any existing contacts, their TFC accounts are also sent to the Relay Program, so it is able to connect to the contacts.
Once the Onion Service data is received, Relay Program will launch Tor and the Onion Service. Once the Onion Service is up, Relay Program displays the user their TFC account (Onion URL without http:// prefix and .onion suffix).
Relay Program will also show a confirmation code to the user that they must type to the Transmitter Program. Once the confirmation code has been entered, Transmitter Program allows the user to proceed to the next step.
If you just want to chat with anonymous people, you can share the TFC account anonymously on online forums to talk to random people. You won't be able to verify their fingerprints, but you have TOFU trust based on the pinned TFC account. This way no-one knows who you are, and you don't know who's talking to you.
If you're e.g. a journalist and want to be reachable over TFC, you can publish your TFC account in e.g. Twitter. This allows sources to talk to you anonymously and without leaving traces of metadata. Initially you will only have TOFU on their key authenticity, but you can later verify the public key fingerprints with them.
You can also just give the TFC account to your peers, so they can talk to you securely. You won't be anonymous to them, but you can have end-to-end encrypted discussions that never leave traces of metadata on third-party servers.
Note that the TFC account is again, the address of the Onion Service. It is practically impossible to guess or find amidst all the possible TFC accounts. However, if someone knows your TFC account, they are able to see when your Relay Program is running, i.e. when you are online. This does not leak any other information like who you talk to, however. In the future, TFC will have better control over who can see when your Relay Program is online with something called prop224 client authorization, which is a planned feature not yet available for Tor v3 Onion Services.
The depicted Flask warning Do not use development server in a production environment is not a problem in an application such as TFC, where the number of connections is measured in hundreds at most, not thousands or millions web servers often need to scale to.