Contact Exchange

Exchange contact cards securely by scanning QR codes in person.

How It Works

Vauchi uses in-person exchange to establish contact relationships. Both parties must be physically present to complete an exchange.

 ┌─────┐               ┌─────────┐   
 │ You │               │ Contact │   
 └──┬──┘               └────┬────┘   
    │                       │        
    │     Show QR code      │        
    │───────────────────────▶        
    │                       │        
    │     Scan QR code      │        
    ◀───────────────────────│        
    │                       │        
    │┌────────────────────┐ │        
    ││ Proximity verified │ │        
    │└────────────────────┘ │        
    │                       │        
    │  Scan their QR code   │        
    │───────────────────────▶        
    │                       │        
    │┌────────────────────┐ │        
    ││ Exchange complete! │ │        
    │└────────────────────┘ │        
    │                       │        
┌──────────────────────────────┐     
│ Both have each other's cards │     
└──────────────────────────────┘     
    │                       │        
 ┌──┴──┐               ┌────┴────┐   
 │ You │               │ Contact │   
 └─────┘               └─────────┘

Why In-Person?

The in-person requirement is a privacy and security feature:

Threat	How In-Person Prevents It
Spam	Can't be added by strangers
Impersonation	You verify identity yourself
Man-in-the-middle	Direct device communication
Screenshot attacks	Proximity verification

Exchange Methods

QR Code (Primary)

The main method for exchanging contacts:

Open the Exchange tab
Show your QR code
Have the other person scan it
Scan their QR code
Exchange complete

QR codes expire after 5 minutes for security.

Proximity Verification

On iOS, Vauchi verifies physical proximity using ultrasonic audio:

Both phones emit and listen for an audio handshake (18-20 kHz)
Range: approximately 3 meters
If verification fails, exchange falls back to manual confirmation
This prevents screenshot attacks

Android proximity verification is planned.

Troubleshooting Proximity (iOS)

If proximity verification fails:

Ensure both phones have working speakers/microphones
Move closer together (within 2-3 meters)
Reduce background noise
Disable any audio-blocking apps
Try again — or confirm manually when prompted

On desktop and CLI/TUI, proximity verification is not available — manual confirmation is required instead.

After Exchange

Once exchange completes:

The new contact appears in your Contacts list
You can see their contact card (fields they've shared)
They can see your contact card (fields you've shared)
Future updates sync automatically

Security Properties

Property	Mechanism
Proximity required	Ultrasonic audio handshake (iOS); manual confirmation (other platforms)
No man-in-the-middle	X3DH key agreement with identity keys
Forward secrecy	Ephemeral keys discarded after exchange
Replay prevention	One-time token, 5-minute expiry
Card authenticity	Ed25519 signature on contact card

How to Exchange Contacts — Step-by-step guide
Privacy Controls — Control what they see
Encryption — How exchange data is protected

Vauchi Docs