Cwtch FTP://CON

class: center, middle

# Cwtch

---

# Introduction

## Dan Ballard (he/him)

- Co-founder of Open Privacy Research Society
- Developer at Tor Project on Tor Browser

.center[![dan with pink hair](pink_art.jpg)]

---

# History / OnionScan

[onionscan.org](https://onionscan.org/) created by Sarah Jamie Lewis to study "dark web" privacy to help hidden services fix possibly leaks and to study wider dark web trends.

![onion scan logo](onionscan.png)

[This One Weird Trick Can Reveal Information from 25% of the Dark Web](https://mascherari.press/onionscan-report-this-one-weird-trick-can-reveal-information-from-25-of-the-dark-web-2/)

Instead it found that grafting old and traditional web servers (apache, nginx) to Tor had pitfalls, and that many http/web apps on top of could be a very poor match for privacy preserving apps and tor.

![onion website slice](onionscan-slice.png)

???

- image metadata
- apache localhost stats page

---

# History / Queer Privacy

.left[https://mascherari.press/] .left[https://leanpub.com/queerprivacy]

![queer privacy cover](queer_privacy.png)

---

# History / Open Privacy

![open privacy eye logo](op-header.png)

- Founded Feb 2018 based on the previous research that led us believe the future should be new Tor native privacy preserving apps. 
- Build decentralized tor native privacy preserving apps for marginalized communities
- Laws protection for rights can come and go, we need technology that protects rights and cannot be compromised

![discreet log banner privacy is consent](31_Privacy_Is_Consent.png)

---

# History / Cwtch 2018

![cwtch heart knot logo](cwtch.png)

- 2018: 
	- Start in 2018 as a Ricochet clone in Go as libricochet-go
	- Cwtch built on top with testing CLI interface

---

# History / Cwtch 2019-2020
	
![screenshot of QT Cwtch from 2019](cwtch2019.png)	
	
- 2019: 
	- Settled on QT for UI via Go bindings
- 2020:
	- GO/QT bindings became abandonware at a crucial time: play store requiring arm7 and arm64 builds which it didn't support
	
---

# History / Cwtch 2021-2022
	
![screenshot of Flutter Cwtch from 2022](cwtch2022.jpg)		
	
- 2021:
	- New Flutter UI and Beta

---

# History / Cwtch Beta

- 2021 June 25th The Launch of Cwtch Beta 1.0
- 1.1 - Quoted Replies and Multiline messages
- 1.2 - Mac OS support
- 1.3 - File Sharing
- 1.4 - Server Hosting and Management
- 1.5 - Image Previews, new themes, and Clickable Links Experiment
- 1.6 - custom Profile Images and advanced Tor configuration
- 1.7 - Profile Import/Export, Android Stability Improvements, and Message Formatting experiment
- 1.8 - a new Message formatting toolbar and Apple Silicon support

---

# Cwtch / Design Principals

- consentful design - https://www.andalsotoo.net/wp-content/uploads/2018/10/Building-Consentful-Tech-Zine-SPREADS.pdf
	- "we turn to Planned Parenthood’s FRIES acronym
		- Freely given
		- Reversable
		- Informed
		- Enthusiastic
		- Specific
- accessible 
- good defaults
- design for the margins
- distributed / decentralized control
- local first - https://www.inkandswitch.com/local-first/
- privacy through transparency
- privacy preserving & metadata resistant

???

local first 
	- No spinners: your work at your fingertips
	- Your work is not trapped on one device
	- The network is optional
	- Seamless collaboration with your colleagues
	- The Long Now
	- Security and privacy by default
	- You retain ultimate ownership and control

---

# Cwtch / Core P2P IM

- https://docs.cwtch.im/
- starts with TAPir - https://git.openprivacy.ca/cwtch.im/tapir
	-  Tiny Anonymous Peer - is a small library for building p2p applications over anonymous communication systems
![picture of a tapir](tapir.png)
- multi profiles, no metadata, just handle and password,  onion
	- identity is an onion v3 hidden service address, which is a ed25519 key pair
- p2p only online  & forward secure IM
- metadata resistant

---

# Cwtch / Experiments / Groups

- https://docs.openprivacy.ca/cwtch-security-handbook/groups.html
- already "legacy groups"
- intro as harm reduction 
	- solving: offline delivery + multiparty
	- facilitated by "untrusted servers"
	- group session key
	- no forward security (hence experimental)

---

# Cwtch / Experiments / Untrusted Servers
	
- https://docs.openprivacy.ca/cwtch-security-handbook/server.html
- Untrusted servers
	- solving: offline deliver + multiparty in safe way
	- all messages encrypted
	- naive PIR - Private information retrieval
		- full sync or time based
		- small metadata risk
	- servers act as drops, metadata resistant
		- get messages, post message
	- delivered and retrieved by ephemeral onions
	- storage and bandwidth of sync, potentially all or a lot of messages
	- stand alone, docker, and in app 
		- accessibility for usage, friction of many federated services
- group 2.0 work
	- bot mediated key rotation, server migration
	- ACL / moderation / roles
	- beyond bots, peer roles
	
---

# Cwtch / Experiments / more

- filesharing
	- distributed share modeled
	- files chunked and hashes determined 
	- planned ability for others to share, for swarm sharing
- autodownloads for some types, image previews
- profile pics

![profile pic](profpics.png)

---

# Cwtch / Programming

- Go
	- tapir, cwtch, libcwtch-go
- C, usable with FFI 
	- libcwtch-go
- Flutter/Dart
	- cwtch-ui
- Rust
	- libcwtch-rs
	- imp
- bots
	fuzzbot, update bot
	
![update bot chat](updatebot.png)	
	
---

# Cwtch / Community and Translations

- Cwtch
	- French, German, Italian, Russian, Polish, Spanish, Welsh, Danish, Norwegian, Turkish, Romanian, Luxembourgish, Greek, and Portuguese 
- User Handbook
	- German, Spanish

---
	
# Cwtch /  The Future

https://openprivacy.ca/discreet-log/30-future-plans/

- Moving from Legacy Groups, to Managed Groups, to Hybrid Groups
- Profile Proxying for Lightweight Clients
- Microblogging
- Bots
- Bulletin Boards and Forums

---

# Cwtch / Live Demo Time?

https://cwtch.im/download/

https://docs.cwtch.im/

![cwtch handbook witch book](handbook-banner.jpg)