[HN Gopher] Cwtch - Privacy Preserving Messaging
___________________________________________________________________
Cwtch - Privacy Preserving Messaging
Author : dp-hackernews
Score : 40 points
Date : 2025-03-14 20:36 UTC (2 hours ago)
(HTM) web link (docs.cwtch.im)
(TXT) w3m dump (docs.cwtch.im)
| kitd wrote:
| Lol, not often you find Welsh in the world of tech naming!
| gizajob wrote:
| Who named this, are the devs welsh?
|
| It can be a bit of a bugbear of mine, when people who've never
| been to wales and certainly don't siarad cymraeg appropriate
| welsh words as names, such as the sickmaking LA lifestyle brand
| Hiraeth. But then again the welsh did give the world the word
| penguin.
| mac-mc wrote:
| yes they are
| gizajob wrote:
| da iawn wedyn
| thaumasiotes wrote:
| Are they worried that their project is going to be called
| "cooch"? It seems likely to severely inhibit uptake.
| erinaceousjones wrote:
| it's pronounced more like "cutch" (well, for me it is
| anyway) :))
|
| if the name bothers, it can be forked. looking forward to
| "yCont" messenger!
| sarahjamielewis wrote:
| Shwmae, Sarah ydw i. I co-founded the Cwtch project, and yes
| I was born in Wales, lived there for 20+ years, and as a
| result learned Welsh in school; and while I no longer live
| there, I still consider myself, at least in part, Welsh.
| youngtaff wrote:
| Dai iawn...
|
| I've often wondered how the rest of the world will
| pronounce Cwtch and Blodeuwedd Labs
| opminion wrote:
| cwm the n3logic interpreter
| jqpabc123 wrote:
| Looks interesting but the lack of an iOS client makes it a non-
| starter for me. I use Android but I have friends and family who
| don't.
| sarahjamielewis wrote:
| It's definitely one of the bigger challenges. Currently we
| don't see a viable way to deploy something like Cwtch on iOS
| (both in due to how locked down the platform is in general, and
| the requirement to run a backing onion service for each profile
| making mobile a hassle in the general case) - we are somewhat
| hopeful that advances on the Tor front might make it possible
| one day.
| mrtesthah wrote:
| would something like Orbot work?
|
| https://apps.apple.com/us/app/orbot/id1609461599
| sarahjamielewis wrote:
| Cwtch requires setting up onion services, and the app
| currently does that automatically via establishing a
| control connection with a Tor process (either launched by
| Cwtch, or provided by the system).
|
| Orbot can be configured to expose the same control port (or
| at least it could on Android when I last looked a few years
| back, I'm not sure about this capability on iOS), and Cwtch
| can be configured to use a custom control port connection -
| but that imposes much more work on the user, and is
| somewhat fragile.
|
| That could likely be made to work on iOS in some factor,
| but the problem of the stability of the services themselves
| would remain. Its definitely something we'd like to
| explore.
| pluto_modadic wrote:
| <3 great work
| Prunkton wrote:
| direct link to the repository:
| https://git.openprivacy.ca/cwtch.im/cwtch
| yamrzou wrote:
| How does it compare to SimpleX Chat?
| sarahjamielewis wrote:
| SimpleX relies on out-of-band key material transfer between
| clients, in addition to the honesty of routing server to
| protect privacy and metadata.
|
| Cwtch uses the existing infrastructure of Tor and v3 onion
| services to establish p2p chat sessions, thus relying on the
| underlying security of the Tor network. There is some nuances
| regarding how different kinds of groups work, we have a
| security handbook that goes into it a deeper:
| https://docs.cwtch.im/security/intro
| yamrzou wrote:
| I found this[1]: Use end-to-end encrypted
| messaging applications for all your digital communications:
| - Ideally, use peer-to-peer and metadata-resistant applications
| such as Cwtch or Briar. Otherwise, use metadata-resistant
| applications such as SimpleX or Signal. - Email is not
| metadata-resistant and should be avoided if possible. If you
| must use email, use PGP encryption and register an address with
| a trusted service provider. Do not use: - Delta
| Chat or Matrix, as they are not sufficiently metadata-
| resistant. - Telegram, as not all messages are end-to-
| end-encrypted.
|
| And this[2]: Since SimpleX requires that users
| place some trust in the SimpleX servers, we recommend
| prioritizing Cwtch over SimpleX Chat for text communication
| with other anarchists, and using SimpleX Chat or Signal for
| voice and video calls. Unlike Signal, SimpleX Chat doesn't
| require a phone number or smartphone.
|
| As well as this comparison chart: _Interactive secure messenger
| feature comparison_ - https://bkil.gitlab.io/secuchart/
|
| [1] https://www.notrace.how/threat-
| library/mitigations/digital-b...
|
| [2] https://www.anarsec.guide/posts/e2ee/
| sarahjamielewis wrote:
| Hi! Sarah from the Open Privacy Research Society / Cwtch team
| here - happy to answer questions.
| Gys wrote:
| There is not any background on the website. Like who is that
| society, who is behind it, what is the goal of the app, where
| comes the funding from. Why for example did you not fund
| Signal? It has similar goals?
| sarahjamielewis wrote:
| There should be a link to the society website
| (https://openprivacy.ca/) on the Cwtch site, but I can see
| that there isn't - we will get that fixed.
|
| Open Privacy Research Society is a Canadian non profit
| society, founded in 2018, you can find details of our members
| and operating structure on our website. Most of our funds
| come from individual donations.
|
| Cwtch started as an extension to the Ricochet Tor messenger
| which I also contributed back in 2014/2015. Our main goal
| behind Cwtch was to establish that metadata resistant / p2p
| communication could be done in a similar form factor to
| traditional server based / non-metadata private protocols
| like Signal i.e. to try and push the privacy properties that
| people can wield beyond end to end encryption, in a way that
| is still usable.
| dang wrote:
| Related:
|
| _Cwtch: Decentralized, privacy-preserving, multi-party messaging
| protocol_ - https://news.ycombinator.com/item?id=27643171 - June
| 2021 (88 comments)
| nullc wrote:
| Any thoughts about direct lan/vpn communications as an option?
| The use of tor makes a working high quality internet connection a
| requirement, and potentially makes it more attractive for
| attackers to DOS attack tor in order to make their targets move
| off Cwtch and onto less secure communications methods.
| some_furry wrote:
| Tor is important for metadata resistance.
| sarahjamielewis wrote:
| It is something we get asked about fairly frequently, its not a
| high priority for us right now as it requires some thought as
| to not break or undermine any existing cryptographic/privacy
| properties that Cwtch does have (see:
| https://git.openprivacy.ca/cwtch.im/cwtch-
| ui/issues/461#issu...) - but it's also not something that we
| have ruled out if the right combination of design/effort is
| available.
| dang wrote:
| I guess the current thread and this other ongoing one are duals:
|
| _Briar: Peer to Peer Encrypted Messaging_ -
| https://news.ycombinator.com/item?id=43363031 - March 2025 (48
| comments)
___________________________________________________________________
(page generated 2025-03-14 23:01 UTC)