From a95c7bb337ada60847c5d36c511147e3e5d4561c Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Mon, 6 Jul 2020 13:37:52 -0700 Subject: [PATCH] Better overview --- src/overview.md | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/src/overview.md b/src/overview.md index 4d51339..024df46 100644 --- a/src/overview.md +++ b/src/overview.md @@ -4,4 +4,33 @@ Welcome to the Cwtch Secure Development Handbook. The purpose of this handbook is to provide a guide to the various components of the Cwtch ecosystem, to document the known risks and mitigations, and to enable discussion about improvements and updates to Cwtch secure development -processes. \ No newline at end of file +processes. + +## History + +In recent years, public awareness of the need and benefits of end-to-end + encrypted solutions has increased with applications like [Signal](https://signalapp.org), +[Whatsapp](https://whatsapp.com) and [Wire](https://wire.org) now providing + users with secure communications. + +However, these tools require various levels of metadata exposure to function, +and much of this metadata can be used to gain details about how and why a person +is using a tool to communicate. [[rottermanner2015privacy]](https://www.researchgate.net/profile/Peter_Kieseberg/publication/299984940_Privacy_and_data_protection_in_smartphone_messengers/links/5a1a9c29a6fdcc50adeb1335/Privacy-and-data-protection-in-smartphone-messengers.pdf). + +One tool that does seek to reduce metadata is [Ricochet](https://ricochet.im) first released in 2014. +Ricochet uses Tor onion services to provide secure end-to-end encrypted communication, +and to protect the metadata of communications. + +There are no centralized servers that assist in routing Ricochet +conversations. No one other than the parties involved in a conversation can +know that such a conversation is taking place. + +Ricochet isn't without limitations; there is no multi-device support, nor is +there a mechanism for supporting group communication or for a user to send +messages while a contact is offline. + +This makes adoption of Ricochet a difficult proposition; with even those in +environments that would be served best by metadata resistance unaware that it +exists [[ermoshina2017can]](www.academia.edu/download/53192589/ermoshina-12.pdf) +[[renaud2014doesn]](https://eprints.gla.ac.uk/116203/1/116203.pdf). +