diff --git a/docs/intro.md b/docs/intro.md index 65f4304c..997c7b8c 100644 --- a/docs/intro.md +++ b/docs/intro.md @@ -2,12 +2,65 @@ sidebar_position: 1 --- -# Cwtch Intro +# What is Cwtch? + +Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app. + +* **Decentralized and Open**: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch. +* **Privacy Preserving**: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services. +* **Metadata Resistant**: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata. + + + +** See also: [Create a profile](/docs/profiles/create-a-profile)** + +# Security, Encryption and Safety + +## Identity, or What exactly is a Cwtch Profile? + +With Cwtch you can create one of more **Profiles**. Each profile generates a random ed25519 keypair compatible with +the Tor Network. + +This is the identifier that you can give out to people and that they can use to contact you via Cwtch + +## Peer to Peer, 2-party Conversions + +![](/img/BASE_3.png) + +In order to chat with your friends in a peer-to-peer conversation both must be online. + +After a successful connection both parties engage in an **authentication protocol** which: + +* Asserts that each party has access to the private key associated with their public identity. +* Generates an ephemeral session key used to encrypt all further communication during the session. + +This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is *offline deniable* +i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the +fact - it is impossible to definitely prove that the exchange happened at all. + +One the authentication process is successful then both you and your friend can communicate away assured that no one else +can learn anything about the contents or the metadata if your conversation. + +## Offline Delivery via Untrusted Routing Servers, and Group Conversations + +**Note: Metadata Resistant Group Communication is still an active research area and what is documented here +will likely change in the future.** + +In order to get around the limitation of being always-online, Cwtch has built in support for hosting +conversations on **Untrusted Servers**. + +These servers can be set up by anyone and are intended to be always online. Most importantly, all communication with a +server is designed such that the server learns as little information as possible about the contents or metadata. + +The risk model associated with servers is more complicated that peer-to-peer communication, as such we currently +require people who want to use servers within cwtch to [opt-in to the Group Chat experiment](/docs/groups/enable-experiment) +in order to add, manage and create groups on untrusted servers. -Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messenging app. ## Getting Started + + ### Install Install on OS of choice: @@ -16,8 +69,3 @@ Install on OS of choice: - Android - MacOS - Linux - -### Use - - **[Create a profile](/docs/profiles/create-a-profile)** - diff --git a/static/img/BASE_3.png b/static/img/BASE_3.png new file mode 100644 index 00000000..8dde1832 Binary files /dev/null and b/static/img/BASE_3.png differ