Comment by sarahjamielewis
4 years ago
Hi Sarah from Open Privacy / Cwtch team here - the main major difference is that Cwtch servers are completely untrusted under the risk model - they don't learn anything about the groups they are hosting, who is a member of which group, or who each message is for.
The design for groups is still in flux, and they are marked experimental but there are a few more details in our Secure Development Handbook https://docs.openprivacy.ca/cwtch-security-handbook/groups.h...
Metadata resistant group comms is still a fairly large open research problem, and we are also working on the research side to reduce some of the bandwidth requirements that are currently required by our group protocol: https://git.openprivacy.ca/openprivacy/niwl
Interesting project! I've been looking for something to replace Signal, and this scratches an itch.
I see that you're using Tor to route messages? How would mobile devices fair with Tor connections when they go to sleep?
On Android we implement a background service that will wake up periodically and either use the active tor connection or start a new one if the kernel has stopped it for any reason - and also reconnects the UI. This makes Cwtch connections fairly stable on android devices - even for p2p.
However, it also means that Cwtch on Android is fairly battery intensive. We provide a way to easily shutdown Cwtch completely for this reason - and we are researching ways to minimize power consumption (both through tor optimizations and alternative anonymous communication networks)
how will it compare to P2P Matrix?