Honest status — what is and isn't verifiable today
We deliberately separate claim from evidence. The table below is honest about both. We would rather understate verifiability than overstate it.
- Open-weight model layer is independently reproducible today (see §4).
- Offline-execution claim is reproducible today using free tools (see §3).
- Code-signing posture is reproducible today (run
signtool verify /pa /von Windows orcodesign -dv --verboseon macOS). - SHA-256 checksums and VirusTotal permalinks are scheduled, not yet historically published. Starting with the next release of every product, the value will be published in this page within 24 hours of release. Older releases will be backfilled where the original artifact is still archived.
- We have no independent press coverage and no third-party benchmark report published yet. See §5 for the explicit gap list.
Build manifest
Every shipping product, with the version it was last reviewed against, the platform target, the signing model, and the policy under which checksums and VirusTotal permalinks are published.
| App | Version | Platform | Release | Signing | SHA-256 / VirusTotal |
|---|---|---|---|---|---|
| Nano ImageEnh Pro | 3.0.0 | Windows x64 + macOS Apple Silicon | 2026-04 | Authenticode (Win) + Apple Notarisation (Mac) | Published per release on /verify and in /release-notes/nano-imageenh-pro Each installer is uploaded to VirusTotal at release; permalink shipped in this page within 24h of upload. |
| Nano VideoEnhance | 1.0.5 | Windows x64 | 2026-03 | Authenticode (Win) | Published per release on /verify VirusTotal permalink published within 24h of release. |
| Nano VideoGen | 1.0.x | Windows x64 | 2026-Q2 | Authenticode (Win) | Published per release on /verify VirusTotal permalink published within 24h of release. |
| Nano ImageEdit | 1.0.5 | Windows x64 | 2026-03 | Authenticode (Win) | Published per release on /verify VirusTotal permalink published within 24h of release. |
| Nano FaceSwap | 1.0.x | Windows x64 | 2026-Q1 | Authenticode (Win) | Published per release on /verify VirusTotal permalink published within 24h of release. |
| Nano FacialEdit | 1.0.x | Windows x64 | 2026-Q1 | Authenticode (Win) | Published per release on /verify VirusTotal permalink published within 24h of release. |
| Nano ImageTryon | 1.0.x | Windows x64 | 2026-Q1 | Authenticode (Win) | Published per release on /verify VirusTotal permalink published within 24h of release. |
Code-signing & VirusTotal
We commit to the following posture for every public release:
- Windows. Every installer is Authenticode-signed. Verify with
signtool verify /pa /v <installer.exe>; the certificate's subject must matchCN=NanoPocket(we will publish the exact subject line + thumbprint with the next release; please treat any installer signed by a different subject as untrusted). - macOS. Every DMG is signed with the NanoPocket Apple Developer ID and submitted to Apple notarisation. Verify with
codesign -dv --verbose=4 NanoApp.appandspctl -a -vv NanoApp.app. - SHA-256. Compute with
certutil -hashfile installer.exe SHA256(Windows) orshasum -a 256 installer.dmg(macOS). The expected value is published on this page within 24 hours of release. Mismatch = the artifact is not the one we shipped; do not run it and please email security@nanopocket.ai. - VirusTotal. Every installer is uploaded to virustotal.com (70+ AV engines). The permalink is published on this page within 24 hours of release. VirusTotal's verdict is third-party — we cannot influence it.
Verify the “offline” claim yourself
“100% offline” is meaningless if you can't check it. Use any of the following standard tools to confirm zero outbound traffic during local processing.
Windows — pktmon (built into Windows 10/11)
# In an elevated PowerShell: pktmon start --etw -p 0 # 1) Open the Nano app and run a full image / video export # 2) Stop capture: pktmon stop pktmon etl2pcap PktMon.etl # Open PktMon.pcap in Wireshark; filter: # ip.dst != 192.168.0.0/16 and ip.dst != 10.0.0.0/8 and ip.dst != 127.0.0.0/8 # Expected: 0 packets to public internet during processing # (license activation + update check are separate, opt-outable network calls)
macOS — Little Snitch / Lulu / pfctl
# Option A — Little Snitch / Lulu (graphical): # Run the app, perform a full export, observe network connections panel. # Expected: zero outbound during processing. # Option B — built-in pfctl + tcpdump: sudo tcpdump -i any -n 'not net 192.168.0.0/16 and not net 10.0.0.0/8 and not net 127.0.0.0/8' # Then run an export. Expected: no packet output during processing.
Network assertions per product
| Product | Expected during processing | Documented exceptions |
|---|---|---|
| Nano ImageEnh Pro 3.0 (local) | Zero outbound traffic during image processing. | License activation (one-time HTTPS POST to license.nanopocket.ai) and update check (HTTPS GET, opt-out via Settings → Updates). |
| Nano VideoEnhance (local) | Zero outbound traffic during video processing. | Same activation + update check exceptions as above. |
| Nano VideoGen (local) | Zero outbound traffic during generation. | Same activation + update check exceptions as above. |
| Nano ImageEdit (local) | Zero outbound traffic during edit. | Same activation + update check exceptions as above. |
| Nano FaceSwap (legacy desktop) | Zero outbound traffic during swap. | Same activation + update check exceptions as above. |
| Image / Video FaceSwap Pro online demos | Outbound HTTPS to the Cloudflare demo tunnel is required by design — these are explicitly online services, not local ones. | n/a — this is the contract. |
Model provenance — every weight, every upstream
Every model in the NanoPocket pipeline is open-weight. Anyone can clone the upstream repository, run the official inference script on the same input, and compare the output to ours. This is the strongest form of independent verification available today: we cannot fake which model produced an output if you have the original weights.
| Component | Used by | Upstream | License | How to reproduce |
|---|---|---|---|---|
Identity (face)ip-adapter.bin + ControlNetModel | Nano FaceSwap Pro 2.0 (Image / Video) | InstantX / InstantID | Apache-2.0 (model card terms) | git lfs clone the upstream repo + run the diffusers pipeline on the same input — output identity embedding distance should match within numerical noise. |
Identity (face)pulid_v1.x.bin | Nano FaceSwap Pro 2.0 | ToTheBeginning / PuLID | Apache-2.0 | Clone PuLID and run the inference notebook on the same source / target pair. |
Identity (face) — legacyinswapper_128.onnx | Nano FaceSwap (desktop) | InsightFace / inswapper_128 | Non-commercial research (inswapper_128) | Run the InsightFace face_swap example on the same crop and compare outputs. |
Image generationflux1-dev.safetensors | Nano ImageEdit | Black Forest Labs / FLUX.1-dev | FLUX.1-dev Non-Commercial License (community), FLUX.1-pro for commercial | Use diffusers FluxPipeline with the same prompt + seed and compare to our output. |
Video generationltx-video-2b.safetensors | Nano VideoGen | Lightricks / LTX-Video | LTX-Video Open License (research / commercial-with-terms) | Run the official LTX inference script with the same seed / fps / resolution and compare frame-level PSNR. |
Image super-resolutionRealESRGAN_x4plus.pth | Nano ImageEnh Pro 3.0 | ai-forever / Real-ESRGAN | BSD-3-Clause | Run the upstream Real-ESRGAN CLI on the same low-res input and compare PSNR/SSIM. |
Image restorationdiffbir_v2.x.ckpt | Nano ImageEnh Pro 3.0 | Xinntao / DiffBIR | Apache-2.0 | Use DiffBIR's reference inference script on the same degraded input. |
Background mattingu2net.pth | Nano ImageEnh Pro 3.0 | xuebinqin / U²-Net | Apache-2.0 | Run the reference U²-Net colab on the same image and compare alpha mattes. |
Video super-resolutionvrt_x4.pth, basicvsrpp_x4.pth | Nano VideoEnhance | JingyunLiang / VRT + open-mmlab / BasicVSR++ | Apache-2.0 | Run the VRT inference script on the same input clip and compare per-frame PSNR. |
Optical flow (video stability)raft-things.pth | Nano VideoEnhance | princeton-vl / RAFT | BSD-3-Clause | Run RAFT on the same frame pair and compare flow magnitude EPE. |
What we do not yet have — explicit gap list
We list these openly because pretending they exist would be worse than acknowledging they don't.
- Independent press coverage: none yet. No major outlet (The Verge, Engadget, Tom's Hardware, PCMag, Wirecutter) has reviewed NanoPocket as of the date at the top of this page.
- Independent benchmark report: none yet. We have not commissioned or appeared in a third-party benchmark study (e.g. a VBench / GenEval / DAVIS-evaluation paper that names NanoPocket as a system).
- SOC 2 / ISO 27001 audit: not in scope for our current operating size. We follow OWASP ASVS Level 1 and document our posture on /security, but we do not claim a formal certification we don't hold.
- App-store presence: NanoPocket apps are distributed directly from nanopocket.ai. We are not currently in the Mac App Store or Microsoft Store; therefore there are no app-store privacy nutrition labels to cite. Apple notarisation is the closest equivalent we ship today.
- User-volume disclosure: we do not publish download counts or active-user counts as marketing. The closest public signal is the Discord member count on /community, which is fetched live from Discord's widget API.
For reviewers, journalists, and academic researchers
If you are writing a review, a benchmark study, or a security analysis: we will cooperate fully. Specifically:
- Free reviewer license keys for any of the paid apps — email press@nanopocket.ai with the publication and the apps you'd like to cover.
- Raw demo footage / sample inputs / sample outputs on request, no NDA.
- On-the-record interviews with the engineering team for technical follow-ups.
- For security researchers specifically: see the Security & Vulnerability Disclosure policy (researcher safe-harbor included).