There is not any background on the website. Like who is that society, who is behind it, what is the goal of the app, where comes the funding from. Why for example did you not fund Signal? It has similar goals?
There should be a link to the society website (https://openprivacy.ca/) on the Cwtch site, but I can see that there isn't - we will get that fixed.
Open Privacy Research Society is a Canadian non profit society, founded in 2018, you can find details of our members and operating structure on our website. Most of our funds come from individual donations.
Cwtch started as an extension to the Ricochet Tor messenger which I also contributed back in 2014/2015. Our main goal behind Cwtch was to establish that metadata resistant / p2p communication could be done in a similar form factor to traditional server based / non-metadata private protocols like Signal i.e. to try and push the privacy properties that people can wield beyond end to end encryption, in a way that is still usable.
TL;DR: Have you already written about OR off the top of your head what are some of the hard problems in usable decentralised metadata resistant communication that your project and others tackle and intend to tackle in future?
Hi Sarah. My layperson understanding is that Cwtch is where you research and implement metadata-resistant infrastructure for communication tools and by extension where you find the acceptable trade-offs for open questions in usable privacy-enhancements.
My memory might deceive me, but I feel like there used to be an "open questions" section in the documentation that I can no longer find? Anyway, sorry for the rambling but the question I wanted to ask is: have you already written about OR off the top of your head what are some of the hard problems in usable decentralised metadata resistant communication that your project and others tackle and intend to tackle in future? Is there anywhere we can read about these sort of things to keep up to date on developments? Nowadays it is very easy for projects to claim exceptional privacy or absolute privacy partly because accurate awareness of limits, trade-offs and state-of-the-art is not common knowledge in some communities.
It's definitely one of the bigger challenges. Currently we don't see a viable way to deploy something like Cwtch on iOS (both in due to how locked down the platform is in general, and the requirement to run a backing onion service for each profile making mobile a hassle in the general case) - we are somewhat hopeful that advances on the Tor front might make it possible one day.
Cwtch requires setting up onion services, and the app currently does that automatically via establishing a control connection with a Tor process (either launched by Cwtch, or provided by the system).
Orbot can be configured to expose the same control port (or at least it could on Android when I last looked a few years back, I'm not sure about this capability on iOS), and Cwtch can be configured to use a custom control port connection - but that imposes much more work on the user, and is somewhat fragile.
That could likely be made to work on iOS in some factor, but the problem of the stability of the services themselves would remain. Its definitely something we'd like to explore.
Any thoughts about direct lan/vpn communications as an option? The use of tor makes a working high quality internet connection a requirement, and potentially makes it more attractive for attackers to DOS attack tor in order to make their targets move off Cwtch and onto less secure communications methods.
It is something we get asked about fairly frequently, its not a high priority for us right now as it requires some thought as to not break or undermine any existing cryptographic/privacy properties that Cwtch does have (see: https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/461#issu...) - but it's also not something that we have ruled out if the right combination of design/effort is available.
Right but on a local network the attacker likely has no surveillance -- and if they do you probably have worse problems.
And because Tor is relatively vulnerable to DOS attack, an attacker can force users off of it and likely on to more vulnerable communications methods.
Tor also has its own vulnerable to traffic analysis which is quite significant. So I think for most users if you can satisfy communications you'd probably prefer it... Though I suppose I could argue it both ways.
But in general: If any attacker can monitor traffic at both sides of a tor circuit they can with high probably confirm or deny the connection with most traffic patterns after watching for long enough, if they can stimulate transmissions on one side or the other they can do so extremely quickly ( https://mice.cs.columbia.edu/getTechreport.php?format=pdf&te... for one such example).
This is a natural consequence of low latency variable bitrate services. Same sorts of issue exist for I2P.
There are several papers by tor authors (e.g. https://link.springer.com/chapter/10.1007/11957454_14 ) on the idea of a parallel high latency service that would diminish these issues, but it's has never been developed.
It can be a bit of a bugbear of mine, when people who’ve never been to wales and certainly don’t siarad cymraeg appropriate welsh words as names, such as the sickmaking LA lifestyle brand Hiraeth. But then again the welsh did give the world the word penguin.
Shwmae, Sarah ydw i. I co-founded the Cwtch project, and yes I was born in Wales, lived there for 20+ years, and as a result learned Welsh in school; and while I no longer live there, I still consider myself, at least in part, Welsh.
I noticed that while the website says /kʊtʃ/, wikipedia's page on Welsh orthography suggests that it should be /kʊtχ/ or /kutχ/, Google Translate's automatic audio seems to produce /kotχ/ [not a typo], and the pages on Welsh orthography/phonology together suggest that /tʃ/ should be spelled "ti" [if a following vowel exists, which it doesn't here] or "ts" [regardless of whether a following vowel exists, with examples, both loanwords from English, of "tsips" [chips] and "wats" [watch]].
But I don't know anything more about Welsh than what wikipedia offers. Do you know what's going on with their suggested spelling/pronunciation?
(Wiktionary has /kʊtʃ/ for the pronunciation of the English word "cwtch"; the Welsh word is given with the same pronunciation, but the spelling "cwtsh", which is equally weird as far as the material above goes. The etymology does tend to support /tʃ/ in cwtsh - it's a loan of the English word "couch".)
> it's pronounced more like "cutch" (well, for me it is anyway)
I would have to pronounce "cutch" as /kʌtʃ/. /ʊ/ exists (put / foot / look / nook ...), but there isn't a conventional way to spell it so it's unlikely to be used for unfamiliar words. But /kutʃ/ "benefits" from not being unfamiliar to anyone... and one of the very few things I did know about Welsh is that "w" represents /u/.
> Do you know what's going on with their suggested spelling/pronunciation?
"Cwtch" was/is more common in casual conversation in South Wales (where fluent spoken Welsh is less common, but Welsh words are still used in both English and mixed language contexts). See: https://en.wikipedia.org/wiki/Cwtch for a summary of the cross-language context.
I'd expect English speakers to approximate it with /k/ in preference to /ʃ/. (That obviously can't be done when it's following a /t/, but in that case what I'd expect is to just elide the sound completely.)
I've been interested for a long time in the concept of speakers of different languages disagreeing on which sounds in one language match which sounds in the other language. I don't know of any examples, but do you think it's true that Welsh speakers find English /ʃ/ to be a better approximation of Welsh /χ/ than English /k/ is, while English speakers find /k/ to be a better approximation of Welsh /χ/ than /ʃ/ is?
You pose a great question, perhaps complicated by the fact that pretty much Welsh speakers will also have more-or-less native English (if somewhat Cambricised).
Unfortunately I am merely a Q-Celt and not qualified to comment, though I'd love to see an answer from someone else.
I would venture that if there is a difference it may arise from the relative differences in phoneme classifcation that result from the mother tongue (c.f. linguistic relativity of colour perception). It might even be possible to divine some of those differences by looking at tables of regional accents like those you can find on Wikipedia/Wiktionary, e.g. https://en.wiktionary.org/wiki/Appendix:Welsh_pronunciation
I’ve sometimes wondered if there are any welsh speakers who don’t speak any English at all. My welsh father didn’t learn English until he was about 8, and his mother’s English was extremely rudimentary when she used to speak to me when I visited as a child. This is in a village near Caernarfon where really nobody speaks English on a day to day basis, everything is done in welsh. Naturally nowadays the younger generation is completely native-level in English, just strange to think about that even 70 years ago there were a lot of British people who couldn’t speak English.
SimpleX relies on out-of-band key material transfer between clients, in addition to the honesty of routing server to protect privacy and metadata.
Cwtch uses the existing infrastructure of Tor and v3 onion services to establish p2p chat sessions, thus relying on the underlying security of the Tor network. There is some nuances regarding how different kinds of groups work, we have a security handbook that goes into it a deeper: https://docs.cwtch.im/security/intro
Use end-to-end encrypted messaging applications for all your digital communications:
- Ideally, use peer-to-peer and metadata-resistant applications such as Cwtch or Briar. Otherwise, use metadata-resistant applications such as SimpleX or Signal.
- Email is not metadata-resistant and should be avoided if possible. If you must use email, use PGP encryption and register an address with a trusted service provider.
Do not use:
- Delta Chat or Matrix, as they are not sufficiently metadata-resistant.
- Telegram, as not all messages are end-to-end-encrypted.
And this[2]:
Since SimpleX requires that users place some trust in the SimpleX servers, we recommend prioritizing Cwtch over SimpleX Chat for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls. Unlike Signal, SimpleX Chat doesn't require a phone number or smartphone.
> Since SimpleX requires that users place some trust in the SimpleX servers
Do you know what they mean by this? I could not understand from the explanation given. My understanding is that the message contents are still not known in any case, so I'm curious what it is they are worried about.
Because a malicious SimpleX server could run a modified version of the code that allows them to collect metadata, even if they can't see message contents. So, indeed, it assumes trust in the server[1]:
Our open-source code that we are legally bound to use doesn't provide any metadata that could be used to learn who connects to whom. But the privacy of users' connections still depends on us honouring our promises and privacy policy.
But they offer a way out using Flux, as they explain it here[1].
Briar: Peer to Peer Encrypted Messaging - https://news.ycombinator.com/item?id=43363031 - March 2025 (48 comments)