Better overview
This commit is contained in:
parent
06198bc6c4
commit
a95c7bb337
|
@ -4,4 +4,33 @@ Welcome to the Cwtch Secure Development Handbook. The purpose of this
|
|||
handbook is to provide a guide to the various components of the Cwtch
|
||||
ecosystem, to document the known risks and mitigations, and to enable
|
||||
discussion about improvements and updates to Cwtch secure development
|
||||
processes.
|
||||
processes.
|
||||
|
||||
## History
|
||||
|
||||
In recent years, public awareness of the need and benefits of end-to-end
|
||||
encrypted solutions has increased with applications like [Signal](https://signalapp.org),
|
||||
[Whatsapp](https://whatsapp.com) and [Wire](https://wire.org) now providing
|
||||
users with secure communications.
|
||||
|
||||
However, these tools require various levels of metadata exposure to function,
|
||||
and much of this metadata can be used to gain details about how and why a person
|
||||
is using a tool to communicate. [[rottermanner2015privacy]](https://www.researchgate.net/profile/Peter_Kieseberg/publication/299984940_Privacy_and_data_protection_in_smartphone_messengers/links/5a1a9c29a6fdcc50adeb1335/Privacy-and-data-protection-in-smartphone-messengers.pdf).
|
||||
|
||||
One tool that does seek to reduce metadata is [Ricochet](https://ricochet.im) first released in 2014.
|
||||
Ricochet uses Tor onion services to provide secure end-to-end encrypted communication,
|
||||
and to protect the metadata of communications.
|
||||
|
||||
There are no centralized servers that assist in routing Ricochet
|
||||
conversations. No one other than the parties involved in a conversation can
|
||||
know that such a conversation is taking place.
|
||||
|
||||
Ricochet isn't without limitations; there is no multi-device support, nor is
|
||||
there a mechanism for supporting group communication or for a user to send
|
||||
messages while a contact is offline.
|
||||
|
||||
This makes adoption of Ricochet a difficult proposition; with even those in
|
||||
environments that would be served best by metadata resistance unaware that it
|
||||
exists [[ermoshina2017can]](www.academia.edu/download/53192589/ermoshina-12.pdf)
|
||||
[[renaud2014doesn]](https://eprints.gla.ac.uk/116203/1/116203.pdf).
|
||||
|
||||
|
|
Loading…
Reference in New Issue