feature overlap with onionshare 2.3.2 ? #53

New Issue

Closed

opened 2021-06-28 13:10:28 +00:00 by icwtch · 1 comment

icwtch commented 2021-06-28 13:10:28 +00:00

Copy Link

Hi, was just wondering what more cwtch in its current status would offer over let's say latest version of onionshare, also using hidden services on Tor and having the ability to chat (the latter being fully cross-platform and also allowing for file-sharing though...)

Hi, was just wondering what more cwtch in its current status would offer over let's say latest version of onionshare, also using hidden services on Tor and having the ability to chat (the latter being fully cross-platform and also allowing for file-sharing though...)

sarah added the

question

label 2021-06-28 15:41:19 +00:00

sarah commented 2021-06-28 15:41:24 +00:00

Owner

Copy Link

The simplest answer is that Cwtch is designed to be a metadata resistant messaging platform (see the Risk Model section of the secure development handbook: https://docs.openprivacy.ca/cwtch-security-handbook/risk.html)

In Cwtch p2p chat is not only conducting over onion services those servers are also authenticate to each other, and from that they derive an ephemeral key that provides forward secrecy. As far as I am aware OnionShare has no equivilant to this with the same security properties.

For Group chat the routing server in Cwch is explictly untrusted, and (without collaberation of a group member) can learn nothing about who is participating in a given group, what groups the server is hosting or anything else to do with the contents of the chat.

OnionShare routes all messages plaintext via a (self-hosted)server, as such the server learns a lot about the chats it is hosting, and the identities on the server arebound to that server and cannot be used independently (unlike in Cwtch where you identity is a tor-compatible ed25519 key that can be used to host your own peer node and allow people to connect with you)

The simplest answer is that Cwtch is designed to be a metadata resistant messaging platform (see the Risk Model section of the secure development handbook: https://docs.openprivacy.ca/cwtch-security-handbook/risk.html) In Cwtch p2p chat is not only conducting over onion services those servers are also authenticate to each other, and from that they derive an ephemeral key that provides forward secrecy. As far as I am aware OnionShare has no equivilant to this with the same security properties. For Group chat the routing server in Cwch is explictly untrusted, and (without collaberation of a group member) can learn *nothing* about who is participating in a given group, what groups the server is hosting or anything else to do with the contents of the chat. OnionShare routes all messages plaintext via a (self-hosted)server, as such the server learns a lot about the chats it is hosting, and the identities on the server arebound to that server and cannot be used independently (unlike in Cwtch where you identity is a tor-compatible ed25519 key that can be used to host your own peer node and allow people to connect with you)

sarah closed this issue 2021-08-30 17:46:45 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

trunk

arm64pt1

flutter-3.19.3-fixes

themeFixes2

lastFixes

drone-3.19.3

flutter-3.19.3

sonoma

splashFix

deb

android_foreground_fix

android_notif_fix

fixThemes

theme-loading-fix

themeFixes

themeName

0.0.12

dart-analyzer

fix-images

streams

hideblud

fixchat

themeBits

fixGoMobile

themeImport

theme

fixdate

themeImage

post-stable-fixes

settingsPanesFiles

assetsPath

i10nupdate

settingsPanes

themeImgDir

pubspecVer

updateTor

undoFetchTor

tor-expert

mactest

fixmacdrone

yamlthemes

1.13.1

winemoji

fixSyncTime

stable-blockers

addAutoloadDef

andro33

scalingLabel

search

repbuilds-additional

repbuilds

1.12-rc

f10lin

deploy-fixes

dep-upgrades-3.10.0

ui-many-fixes

win-fixes

macos-3.10

ui-many

sw-and-sv

font-scaling

detectNetwork

ui-updates

tails-fix

performance

fixinstsys

pkg

status

tails

blodeuwedd

android_export_fix

savequotes

autobindings

testtest

profile_mgmt

unicode

integtest2

slovak

flutter3.7.1

fix-release

release-builds

uitests

fixurls

scrollbars

failonfetch

fixmacbuilds

fixDeactivate

noDisable

glic231

newjson

saveAutostart

serverOfflineIcon

notiFocus

formatfixes

lcgBump

69nicefixes

fixes

fix_linux_install

lcg1.10

android_export

replying_to

juniper_theme

smodepriv

unlockflow

pt_BR

cwtchicons

fix-mac

update-cwtch

update-translations

fixAntispam

torBump

qrcode

antispam

savedrafts

load_messages_sync

noAddContactDup

debug_access

locale_tr

fixquote

pinned

winInstructions

viewreplies

filesharing-persist

invite-fix

android-modal

ru-update

androidExported

1.8.0

newwincert

fuzzbot-fixes

default_message_formatting

macarm

intl_fix

fixFirstSync

fix_308

flutter3_notify

snackbars

formatting_toolbar_tooltip

formatting_toolbar

intl

marcia_fixes

show_down

reply_links

pl_intl

fix457

pubspecBump

cache3.0

fix-settings

replyFix

file-fixes

perf

winUninstall

cachefixes

kotlinResult

linuxNotif

debuginfo

androidFlags

power

theme-updates

add_contact_hook

message-formatting

mainActivityPort

unreadSync

androMessage

ns

small_edits

import_export

splashExit

file_bubble_pop_fix

state

message_row_fixes

da

es

cy

messagedate

i18n

no

de

lb

ro

macNotifications

fix297

cwtch1.6.1-fixes

ps160

lcg160

droneGherkin

cwtch_prefix

maclcg

notificationSettings

custom_profile_fixes

custom_profile_images

profile_images

gherkin

profileNotify

wintoasts

fastercwtch

serverProgress

winFocus

winNotify

androTor

sender_size

cache

torcache

models

getinfo

android-fix

fix_debug_error_add_contact

custom_tor_config

fix_295

v152

fixSaveHist

fixLeave

fixAndroidAttrInv

fixAcceptBlock

appbarColor

1.5-upgrades

messageCache

1.4.0-release

l10nup

ios_build_port

quote

v1.14.7

v1.14.6-nightly

v1.14.5-nightly

v1.14.4-nightly

v1.14.3-nightly

v1.14.2-nightly

v1.14.1-nightly

1.14.1-nightly

v1.14.0

v0.1.14-rc

v1.13.2

v1.13.1

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.1

v.1.7.0

v1.6.2

v1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.1

v1.1.0

v1.0.0

Labels

Clear labels   

android

  

arch

  

backlog

  

blocked-on-external

This issue requires effort from an external organization to move forward

  

bug

Something is not working

  

bugbash

  

component/bindings

  

component/bine

  

component/connectivity

  

component/cwtch

  

component/tapir

  

component/ui

  

cwtch-1.14

  

cwtch-1.15

  

cwtch-beta-1.1

  

cwtch-beta-1.10

Changes Planned for Cwtch Beta 1.10

  

cwtch-beta-1.11

  

cwtch-beta-1.12

  

cwtch-beta-1.13

  

cwtch-beta-1.2

  

cwtch-beta-1.3

  

cwtch-beta-1.4

  

cwtch-beta-1.5

  

cwtch-beta-1.5.x

point release vug fixes for 1.5

  

cwtch-beta-1.6

  

cwtch-beta-1.7

  

cwtch-beta-1.8

  

cwtch-beta-1.9

  

design

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

flutter

  

funding-needed

  

help wanted

Need some help

  

hybrid-groups

  

in-nightly

  

in-progress

  

invalid

Something is wrong

  

ios

  

linux

  

mac

  

need-replication-or-investigation

  

ops

  

packaging

  

post-stable

These issues won't be considered until after Cwtch Stable ships.

  

question

More information is needed

  

questionable

there is an open question as to whether this is an issue at all / if we can even fix this

  

requires-more-effort-than-we-can-spare

The amount of work involved to solve this issue would occupy our entire development team for a significant period of time and/or provide little benefit to the rest of the project

  

rust

  

scheduled

  

stable-blocker

  

tails

  

testing-needed

  

tests

  

tor

  

waiting-on-fix-confirmation

  

waiting-on-new-flutter-feature

The cause of this issue is a bug in the underlying flutter framework.

  

whonix

  

windows

  

wontfix

This won't be fixed

No Label

android

arch

backlog

blocked-on-external

bug

bugbash

component/bindings

component/bine

component/connectivity

component/cwtch

component/tapir

component/ui

cwtch-1.14

cwtch-1.15

cwtch-beta-1.1

cwtch-beta-1.10

cwtch-beta-1.11

cwtch-beta-1.12

cwtch-beta-1.13

cwtch-beta-1.2

cwtch-beta-1.3

cwtch-beta-1.4

cwtch-beta-1.5

cwtch-beta-1.5.x

cwtch-beta-1.6

cwtch-beta-1.7

cwtch-beta-1.8

cwtch-beta-1.9

design

duplicate

enhancement

flutter

funding-needed

help wanted

hybrid-groups

in-nightly

in-progress

invalid

ios

linux

mac

need-replication-or-investigation

ops

packaging

post-stable

question

questionable

requires-more-effort-than-we-can-spare

rust

scheduled

stable-blocker

tails

testing-needed

tests

tor

waiting-on-fix-confirmation

waiting-on-new-flutter-feature

whonix

windows

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cwtch.im/cwtch-ui#53

No description provided.