diff --git a/docs/intro.md b/docs/intro.md index 65f4304c..2b2d45d6 100644 --- a/docs/intro.md +++ b/docs/intro.md @@ -2,12 +2,64 @@ sidebar_position: 1 --- -# Cwtch Intro +# What is Cwtch? + +Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app. + +* **Decentralized and Open**: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch. +* **Privacy Preserving**: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services. +* **Metadata Resistant**: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata. + + + +** See also: [Create a profile](/docs/profiles/create-a-profile)** + +# Security, Encryption and Safety + +## Identity, or What exactly is a Cwtch Profile? + +With Cwtch you can create one of more **Profiles**. Each profile generates a random ed25519 keypair compatible with +the Tor Network. + +This is the identifier that you can give out to people and that they can use to contact you via Cwtch + +## Peer to Peer, 2-party Conversions + +![](/img/BASE_3.png) + +In order to chat with your friends in a peer-to-peer conversation both must be online. + +After a successful connection both parties engage in an **authentication protocol** which: + +* Asserts that each party has access to the private key associated with their public identity. +* Generates an ephemeral session key used to encrypt all further communication during the session. + +This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is *offline deniable* +i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the +fact - it is impossible to definitely prove that the exchange happened at all. + +One the authentication process is successful then both you and your friend can communicate away assured that no one else +can learn anything about the contents or the metadata if your conversation. + +## Offline Delivery via Untrusted Routing Servers, and Group Conversations + +**Note: Metadata Resistant Group Communication is still an active research area and what is documented here +will likely change in the future.** + +**TODO: Expand** + +In many respects communication with a server is identical to communication with a regular Cwtch peer, +all the authentication and encryption steps above are taken however the server always acts as the inbound peer, and the outbound +peer always uses newly generated **ephemeral keypair** as their "longterm identity". + +As such, peer-server conversations only differ in the *kinds* of messages that are sent between the two parties, +with the server relaying all messages that it receives and also allowing any client to query for older messages. -Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messenging app. ## Getting Started + + ### Install Install on OS of choice: @@ -16,8 +68,3 @@ Install on OS of choice: - Android - MacOS - Linux - -### Use - - **[Create a profile](/docs/profiles/create-a-profile)** - diff --git a/static/img/BASE_3.png b/static/img/BASE_3.png new file mode 100644 index 00000000..8dde1832 Binary files /dev/null and b/static/img/BASE_3.png differ