docs.cwtch.im/docs/intro.md

---
sidebar_position: 1
---

# What is Cwtch?

Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app.

* **Decentralized and Open**: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch.
* **Privacy Preserving**: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services.
* **Metadata Resistant**: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata.


# Security, Encryption and Safety

For a more in depth look at the security, privacy and underlying encryption technology used in Cwtch, please
consult our [Security Handbook](https://docs.openprivacy.ca/cwtch-security-handbook/)

##  Identity, or What exactly is a Cwtch Profile?

With Cwtch you can create one of more **Profiles**. Each profile generates a random ed25519 keypair compatible with
the Tor Network. 

This is the identifier that you can give out to people and that they can use to contact you via Cwtch

** See also: [Create a profile](/docs/profiles/create-a-profile)**

##  Peer to Peer, 2-party Conversions

![](/img/BASE_3.png)

In order to chat with your friends in a peer-to-peer conversation both must be online.

After a successful connection both parties engage in an **authentication protocol** which:

* Asserts that each party has access to the private key associated with their public identity.
* Generates an ephemeral session key used to encrypt all further communication during the session.

This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is *offline deniable*
i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the
fact - it is impossible to definitely prove that the exchange happened at all.

One the authentication process is successful then both you and your friend can communicate away assured that no one else
can learn anything about the contents or the metadata if your conversation.

## Offline Delivery via Untrusted Routing Servers, and Group Conversations

**Note: Metadata Resistant Group Communication is still an active research area and what is documented here
will likely change in the future.**

In order to get around the limitation of being always-online, Cwtch has built in support for hosting
conversations on **Untrusted Servers**.

These servers can be set up by anyone and are intended to be always online. Most importantly, all communication with a
server is designed such that the server learns as little information as possible about the contents or metadata.

The risk model associated with servers is more complicated that peer-to-peer communication, as such we currently
require people who want to use servers within cwtch to [opt-in to the Group Chat experiment](/docs/groups/enable-experiment)
in order to add, manage and create groups on untrusted servers.


### Install

Install on OS of choice:

- Windows
- Android
- MacOS
- Linux
test stub 2022-05-11 20:53:53 +00:00			`---`
			`sidebar_position: 1`
			`---`

intro notes 2022-05-26 20:00:37 +00:00			`# What is Cwtch?`

			`Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app.`

			`* Decentralized and Open: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch.`
			`* Privacy Preserving: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services.`
			`* Metadata Resistant: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata.`


			`# Security, Encryption and Safety`

intro 2022-05-31 20:02:39 +00:00			`For a more in depth look at the security, privacy and underlying encryption technology used in Cwtch, please`
			`consult our [Security Handbook](https://docs.openprivacy.ca/cwtch-security-handbook/)`

intro notes 2022-05-26 20:00:37 +00:00			`## Identity, or What exactly is a Cwtch Profile?`

			`With Cwtch you can create one of more Profiles. Each profile generates a random ed25519 keypair compatible with`
			`the Tor Network.`

			`This is the identifier that you can give out to people and that they can use to contact you via Cwtch`

intro 2022-05-31 20:02:39 +00:00			` See also: [Create a profile](/docs/profiles/create-a-profile)`

intro notes 2022-05-26 20:00:37 +00:00			`## Peer to Peer, 2-party Conversions`

			`![](/img/BASE_3.png)`

			`In order to chat with your friends in a peer-to-peer conversation both must be online.`

			`After a successful connection both parties engage in an authentication protocol which:`

			`* Asserts that each party has access to the private key associated with their public identity.`
			`* Generates an ephemeral session key used to encrypt all further communication during the session.`

			`This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is offline deniable`
			`i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the`
			`fact - it is impossible to definitely prove that the exchange happened at all.`

			`One the authentication process is successful then both you and your friend can communicate away assured that no one else`
			`can learn anything about the contents or the metadata if your conversation.`

			`## Offline Delivery via Untrusted Routing Servers, and Group Conversations`

			`**Note: Metadata Resistant Group Communication is still an active research area and what is documented here`
			`will likely change in the future.**`

few more thoughts on untrusted servers / group docs 2022-05-26 20:09:38 +00:00			`In order to get around the limitation of being always-online, Cwtch has built in support for hosting`
			`conversations on Untrusted Servers.`
intro notes 2022-05-26 20:00:37 +00:00
few more thoughts on untrusted servers / group docs 2022-05-26 20:09:38 +00:00			`These servers can be set up by anyone and are intended to be always online. Most importantly, all communication with a`
			`server is designed such that the server learns as little information as possible about the contents or metadata.`
intro notes 2022-05-26 20:00:37 +00:00
few more thoughts on untrusted servers / group docs 2022-05-26 20:09:38 +00:00			`The risk model associated with servers is more complicated that peer-to-peer communication, as such we currently`
			`require people who want to use servers within cwtch to [opt-in to the Group Chat experiment](/docs/groups/enable-experiment)`
			`in order to add, manage and create groups on untrusted servers.`
test stub 2022-05-11 20:53:53 +00:00

cleanup, mroe docs 2022-05-18 00:35:41 +00:00			`### Install`
test stub 2022-05-11 20:53:53 +00:00
cleanup, mroe docs 2022-05-18 00:35:41 +00:00			`Install on OS of choice:`
test stub 2022-05-11 20:53:53 +00:00
cleanup, mroe docs 2022-05-18 00:35:41 +00:00			`- Windows`
			`- Android`
			`- MacOS`
			`- Linux`