There is not any background on the website. Like who is that society, who is behind it, what is the goal of the app, where comes the funding from. Why for example did you not fund Signal? It has similar goals?
There should be a link to the society website (https://openprivacy.ca/) on the Cwtch site, but I can see that there isn't - we will get that fixed.
Open Privacy Research Society is a Canadian non profit society, founded in 2018, you can find details of our members and operating structure on our website. Most of our funds come from individual donations.
Cwtch started as an extension to the Ricochet Tor messenger which I also contributed back in 2014/2015. Our main goal behind Cwtch was to establish that metadata resistant / p2p communication could be done in a similar form factor to traditional server based / non-metadata private protocols like Signal i.e. to try and push the privacy properties that people can wield beyond end to end encryption, in a way that is still usable.
TL;DR: Have you already written about OR off the top of your head what are some of the hard problems in usable decentralised metadata resistant communication that your project and others tackle and intend to tackle in future?
Hi Sarah. My layperson understanding is that Cwtch is where you research and implement metadata-resistant infrastructure for communication tools and by extension where you find the acceptable trade-offs for open questions in usable privacy-enhancements.
My memory might deceive me, but I feel like there used to be an "open questions" section in the documentation that I can no longer find? Anyway, sorry for the rambling but the question I wanted to ask is: have you already written about OR off the top of your head what are some of the hard problems in usable decentralised metadata resistant communication that your project and others tackle and intend to tackle in future? Is there anywhere we can read about these sort of things to keep up to date on developments? Nowadays it is very easy for projects to claim exceptional privacy or absolute privacy partly because accurate awareness of limits, trade-offs and state-of-the-art is not common knowledge in some communities.
It's definitely one of the bigger challenges. Currently we don't see a viable way to deploy something like Cwtch on iOS (both in due to how locked down the platform is in general, and the requirement to run a backing onion service for each profile making mobile a hassle in the general case) - we are somewhat hopeful that advances on the Tor front might make it possible one day.
Any thoughts about direct lan/vpn communications as an option? The use of tor makes a working high quality internet connection a requirement, and potentially makes it more attractive for attackers to DOS attack tor in order to make their targets move off Cwtch and onto less secure communications methods.
It is something we get asked about fairly frequently, its not a high priority for us right now as it requires some thought as to not break or undermine any existing cryptographic/privacy properties that Cwtch does have (see: https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/461#issu...) - but it's also not something that we have ruled out if the right combination of design/effort is available.
Right but on a local network the attacker likely has no surveillance -- and if they do you probably have worse problems.
And because Tor is relatively vulnerable to DOS attack, an attacker can force users off of it and likely on to more vulnerable communications methods.
Tor also has its own vulnerable to traffic analysis which is quite significant. So I think for most users if you can satisfy communications you'd probably prefer it... Though I suppose I could argue it both ways.
It can be a bit of a bugbear of mine, when people who’ve never been to wales and certainly don’t siarad cymraeg appropriate welsh words as names, such as the sickmaking LA lifestyle brand Hiraeth. But then again the welsh did give the world the word penguin.
Shwmae, Sarah ydw i. I co-founded the Cwtch project, and yes I was born in Wales, lived there for 20+ years, and as a result learned Welsh in school; and while I no longer live there, I still consider myself, at least in part, Welsh.
SimpleX relies on out-of-band key material transfer between clients, in addition to the honesty of routing server to protect privacy and metadata.
Cwtch uses the existing infrastructure of Tor and v3 onion services to establish p2p chat sessions, thus relying on the underlying security of the Tor network. There is some nuances regarding how different kinds of groups work, we have a security handbook that goes into it a deeper: https://docs.cwtch.im/security/intro
Use end-to-end encrypted messaging applications for all your digital communications:
- Ideally, use peer-to-peer and metadata-resistant applications such as Cwtch or Briar. Otherwise, use metadata-resistant applications such as SimpleX or Signal.
- Email is not metadata-resistant and should be avoided if possible. If you must use email, use PGP encryption and register an address with a trusted service provider.
Do not use:
- Delta Chat or Matrix, as they are not sufficiently metadata-resistant.
- Telegram, as not all messages are end-to-end-encrypted.
And this[2]:
Since SimpleX requires that users place some trust in the SimpleX servers, we recommend prioritizing Cwtch over SimpleX Chat for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls. Unlike Signal, SimpleX Chat doesn't require a phone number or smartphone.
> Since SimpleX requires that users place some trust in the SimpleX servers
Do you know what they mean by this? I could not understand from the explanation given. My understanding is that the message contents are still not known in any case, so I'm curious what it is they are worried about.
I guess the current thread and this other ongoing one are duals:
Briar: Peer to Peer Encrypted Messaging - https://news.ycombinator.com/item?id=43363031 - March 2025 (48 comments)
Hi! Sarah from the Open Privacy Research Society / Cwtch team here - happy to answer questions.
There is not any background on the website. Like who is that society, who is behind it, what is the goal of the app, where comes the funding from. Why for example did you not fund Signal? It has similar goals?
There should be a link to the society website (https://openprivacy.ca/) on the Cwtch site, but I can see that there isn't - we will get that fixed.
Open Privacy Research Society is a Canadian non profit society, founded in 2018, you can find details of our members and operating structure on our website. Most of our funds come from individual donations.
Cwtch started as an extension to the Ricochet Tor messenger which I also contributed back in 2014/2015. Our main goal behind Cwtch was to establish that metadata resistant / p2p communication could be done in a similar form factor to traditional server based / non-metadata private protocols like Signal i.e. to try and push the privacy properties that people can wield beyond end to end encryption, in a way that is still usable.
TL;DR: Have you already written about OR off the top of your head what are some of the hard problems in usable decentralised metadata resistant communication that your project and others tackle and intend to tackle in future?
Hi Sarah. My layperson understanding is that Cwtch is where you research and implement metadata-resistant infrastructure for communication tools and by extension where you find the acceptable trade-offs for open questions in usable privacy-enhancements.
My memory might deceive me, but I feel like there used to be an "open questions" section in the documentation that I can no longer find? Anyway, sorry for the rambling but the question I wanted to ask is: have you already written about OR off the top of your head what are some of the hard problems in usable decentralised metadata resistant communication that your project and others tackle and intend to tackle in future? Is there anywhere we can read about these sort of things to keep up to date on developments? Nowadays it is very easy for projects to claim exceptional privacy or absolute privacy partly because accurate awareness of limits, trade-offs and state-of-the-art is not common knowledge in some communities.
-----
I saw a minor accident while skimming the documentation. Briar's summary in https://docs.cwtch.im/security/intro#a-brief-history-of-meta... says, "while providing resistant to metadata surveillance". Looks like resistance would fit better there.
Looks interesting but the lack of an iOS client makes it a non-starter for me. I use Android but I have friends and family who don't.
It's definitely one of the bigger challenges. Currently we don't see a viable way to deploy something like Cwtch on iOS (both in due to how locked down the platform is in general, and the requirement to run a backing onion service for each profile making mobile a hassle in the general case) - we are somewhat hopeful that advances on the Tor front might make it possible one day.
would something like Orbot work?
https://apps.apple.com/us/app/orbot/id1609461599
1 reply →
Related:
Cwtch: Decentralized, privacy-preserving, multi-party messaging protocol - https://news.ycombinator.com/item?id=27643171 - June 2021 (88 comments)
Any thoughts about direct lan/vpn communications as an option? The use of tor makes a working high quality internet connection a requirement, and potentially makes it more attractive for attackers to DOS attack tor in order to make their targets move off Cwtch and onto less secure communications methods.
It is something we get asked about fairly frequently, its not a high priority for us right now as it requires some thought as to not break or undermine any existing cryptographic/privacy properties that Cwtch does have (see: https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/461#issu...) - but it's also not something that we have ruled out if the right combination of design/effort is available.
Tor is important for metadata resistance.
Right but on a local network the attacker likely has no surveillance -- and if they do you probably have worse problems.
And because Tor is relatively vulnerable to DOS attack, an attacker can force users off of it and likely on to more vulnerable communications methods.
Tor also has its own vulnerable to traffic analysis which is quite significant. So I think for most users if you can satisfy communications you'd probably prefer it... Though I suppose I could argue it both ways.
2 replies →
Lol, not often you find Welsh in the world of tech naming!
Who named this, are the devs welsh?
It can be a bit of a bugbear of mine, when people who’ve never been to wales and certainly don’t siarad cymraeg appropriate welsh words as names, such as the sickmaking LA lifestyle brand Hiraeth. But then again the welsh did give the world the word penguin.
Shwmae, Sarah ydw i. I co-founded the Cwtch project, and yes I was born in Wales, lived there for 20+ years, and as a result learned Welsh in school; and while I no longer live there, I still consider myself, at least in part, Welsh.
7 replies →
yes they are
10 replies →
cwm the n3logic interpreter
direct link to the repository: https://git.openprivacy.ca/cwtch.im/cwtch
Looks nice, but all my friends care about are stickers and gifs...
<3 great work
How does it compare to SimpleX Chat?
SimpleX relies on out-of-band key material transfer between clients, in addition to the honesty of routing server to protect privacy and metadata.
Cwtch uses the existing infrastructure of Tor and v3 onion services to establish p2p chat sessions, thus relying on the underlying security of the Tor network. There is some nuances regarding how different kinds of groups work, we have a security handbook that goes into it a deeper: https://docs.cwtch.im/security/intro
I found this[1]:
And this[2]:
As well as this comparison chart: Interactive secure messenger feature comparison - https://bkil.gitlab.io/secuchart/
[1] https://www.notrace.how/threat-library/mitigations/digital-b...
[2] https://www.anarsec.guide/posts/e2ee/
> Since SimpleX requires that users place some trust in the SimpleX servers
Do you know what they mean by this? I could not understand from the explanation given. My understanding is that the message contents are still not known in any case, so I'm curious what it is they are worried about.
1 reply →
[dead]