Comment by udia

4 years ago

How does this compare with something like Matrix, which also does decentralized encrypted communications? https://matrix.org/

17 comments

udia

Reply
sarahjamielewis  4 years ago

Hi Sarah from Open Privacy / Cwtch team here - the main major difference is that Cwtch servers are completely untrusted under the risk model - they don't learn anything about the groups they are hosting, who is a member of which group, or who each message is for.

The design for groups is still in flux, and they are marked experimental but there are a few more details in our Secure Development Handbook https://docs.openprivacy.ca/cwtch-security-handbook/groups.h...

Metadata resistant group comms is still a fairly large open research problem, and we are also working on the research side to reduce some of the bandwidth requirements that are currently required by our group protocol: https://git.openprivacy.ca/openprivacy/niwl

  • bjt2n3904  4 years ago

    Interesting project! I've been looking for something to replace Signal, and this scratches an itch.

    I see that you're using Tor to route messages? How would mobile devices fair with Tor connections when they go to sleep?

    • sarahjamielewis  4 years ago

      On Android we implement a background service that will wake up periodically and either use the active tor connection or start a new one if the kernel has stopped it for any reason - and also reconnects the UI. This makes Cwtch connections fairly stable on android devices - even for p2p.

      However, it also means that Cwtch on Android is fairly battery intensive. We provide a way to easily shutdown Cwtch completely for this reason - and we are researching ways to minimize power consumption (both through tor optimizations and alternative anonymous communication networks)

remram  4 years ago

I'm not sure if Cootch is federated, like Matrix, or peer-to-peer. I assume the first, if Tor is being used?

Berry also sounds similar, although it is not released yet: https://berty.tech/