40 lines
1.9 KiB
Markdown
40 lines
1.9 KiB
Markdown
# Overview
|
|
|
|
Welcome to the Cwtch Secure Development Handbook. The purpose of this
|
|
handbook is to provide a guide to the various components of the Cwtch
|
|
ecosystem, to document the known risks and mitigations, and to enable
|
|
discussion about improvements and updates to Cwtch secure development
|
|
processes.
|
|
|
|
![](/2.png)
|
|
|
|
|
|
## History
|
|
|
|
In recent years, public awareness of the need and benefits of end-to-end
|
|
encrypted solutions has increased with applications like [Signal](https://signalapp.org),
|
|
[Whatsapp](https://whatsapp.com) and [Wire](https://wire.org) now providing
|
|
users with secure communications.
|
|
|
|
However, these tools require various levels of metadata exposure to function,
|
|
and much of this metadata can be used to gain details about how and why a person
|
|
is using a tool to communicate. [[rottermanner2015privacy]](https://www.researchgate.net/profile/Peter_Kieseberg/publication/299984940_Privacy_and_data_protection_in_smartphone_messengers/links/5a1a9c29a6fdcc50adeb1335/Privacy-and-data-protection-in-smartphone-messengers.pdf).
|
|
|
|
One tool that does seek to reduce metadata is [Ricochet](https://ricochet.im) first released in 2014.
|
|
Ricochet uses Tor onion services to provide secure end-to-end encrypted communication,
|
|
and to protect the metadata of communications.
|
|
|
|
There are no centralized servers that assist in routing Ricochet
|
|
conversations. No one other than the parties involved in a conversation can
|
|
know that such a conversation is taking place.
|
|
|
|
Ricochet isn't without limitations; there is no multi-device support, nor is
|
|
there a mechanism for supporting group communication or for a user to send
|
|
messages while a contact is offline.
|
|
|
|
This makes adoption of Ricochet a difficult proposition; with even those in
|
|
environments that would be served best by metadata resistance unaware that it
|
|
exists [[ermoshina2017can]](www.academia.edu/download/53192589/ermoshina-12.pdf)
|
|
[[renaud2014doesn]](https://eprints.gla.ac.uk/116203/1/116203.pdf).
|
|
|