Communications metadata is known to be exploited by various adversaries to undermine the security of systems, to track victims and to conduct large scale social network analysis to feed mass surveillance. Metadata resistant tools are in their infancy and research into the construction and user experience of such tools is lacking.
We present Cwtch, and extension of the metadata resistant protocol Ricochet to support asynchronous, multi-peer group communications through the use of discardable, untrusted, anonymous infrastructure.
It is important to identify and understand that metadata is ubiquitous in communication protocols, it is indeed necessary for such protocols to function efficiently and at scale. However, information that is useful to facilitating peers and servers, is also highly relevant to adversaries wishing to exploit such information.
For our problem definition, we will assume that the content of a communication is encrypted in such a way that an adversary is practically unable break, as such we will limit our scope to the context of a communication (i.e. the metadata).
We seek to protect the following communication contexts:
Beyond individual conversations, we also seek to defend against context correlation attacks, whereby multiple conversations are analyzed to derive higher level information:
More Information: https://cwtch.im
Development and Contributing information in CONTRIBUTING.md
This repository contains a
Dockerfile allowing you to build and run the server as a docker container.
To get started issue
docker build -t openpriv/cwtch-server:latest, this will create 2 temporary docker containers, one to build the Tor daemon and one to build Cwtch. The compiled binaries will then be bundled into a new image and tagged as
To run Cwtch in the foreground execute
docker run openpriv/cwtch-server:latest, you will see a small amount of output from Tor and then Cwtch will output your server address. When you
Ctrl + C the container will terminate. To run Cwtch in the background execute
docker run --name my-cwtch-server -d openpriv/cwtch-server:latest. To get your Cwtch server address issue
docker logs my-cwtch-server.
The image creates 3 volumes, for /etc/cwtch, /etc/tor, /var/lib/tor
To upgrade with continuity
# Stop current container/service docker stop my-cwtch-server docker pull openpriv/cwtch-server # Create a new container and copy the volumes (cwtch/onion keys, message store) docker create --name my-cwtch-server-2 --volumes-from my-cwtch-server openpriv/cwtch-server:latest # Resume service with the new container docker start my-cwtch-server-2