There is not any background on the website. Like who is that society, who is behind it, what is the goal of the app, where comes the funding from. Why for example did you not fund Signal? It has similar goals?
There should be a link to the society website (https://openprivacy.ca/) on the Cwtch site, but I can see that there isn't - we will get that fixed.
Open Privacy Research Society is a Canadian non profit society, founded in 2018, you can find details of our members and operating structure on our website. Most of our funds come from individual donations.
Cwtch started as an extension to the Ricochet Tor messenger which I also contributed back in 2014/2015. Our main goal behind Cwtch was to establish that metadata resistant / p2p communication could be done in a similar form factor to traditional server based / non-metadata private protocols like Signal i.e. to try and push the privacy properties that people can wield beyond end to end encryption, in a way that is still usable.
It's definitely one of the bigger challenges. Currently we don't see a viable way to deploy something like Cwtch on iOS (both in due to how locked down the platform is in general, and the requirement to run a backing onion service for each profile making mobile a hassle in the general case) - we are somewhat hopeful that advances on the Tor front might make it possible one day.
Cwtch requires setting up onion services, and the app currently does that automatically via establishing a control connection with a Tor process (either launched by Cwtch, or provided by the system).
Orbot can be configured to expose the same control port (or at least it could on Android when I last looked a few years back, I'm not sure about this capability on iOS), and Cwtch can be configured to use a custom control port connection - but that imposes much more work on the user, and is somewhat fragile.
That could likely be made to work on iOS in some factor, but the problem of the stability of the services themselves would remain. Its definitely something we'd like to explore.
It can be a bit of a bugbear of mine, when people who’ve never been to wales and certainly don’t siarad cymraeg appropriate welsh words as names, such as the sickmaking LA lifestyle brand Hiraeth. But then again the welsh did give the world the word penguin.
Shwmae, Sarah ydw i. I co-founded the Cwtch project, and yes I was born in Wales, lived there for 20+ years, and as a result learned Welsh in school; and while I no longer live there, I still consider myself, at least in part, Welsh.
I noticed that while the website says /kʊtʃ/, wikipedia's page on Welsh orthography suggests that it should be /kʊtχ/ or /kutχ/, Google Translate's automatic audio seems to produce /kotχ/ [not a typo], and the pages on Welsh orthography/phonology together suggest that /tʃ/ should be spelled "ti" [if a following vowel exists, which it doesn't here] or "ts" [regardless of whether a following vowel exists, with examples, both loanwords from English, of "tsips" [chips] and "wats" [watch]].
But I don't know anything more about Welsh than what wikipedia offers. Do you know what's going on with their suggested spelling/pronunciation?
(Wiktionary has /kʊtʃ/ for the pronunciation of the English word "cwtch"; the Welsh word is given with the same pronunciation, but the spelling "cwtsh", which is equally weird as far as the material above goes. The etymology does tend to support /tʃ/ in cwtsh - it's a loan of the English word "couch".)
> it's pronounced more like "cutch" (well, for me it is anyway)
I would have to pronounce "cutch" as /kʌtʃ/. /ʊ/ exists (put / foot / look / nook ...), but there isn't a conventional way to spell it so it's unlikely to be used for unfamiliar words. But /kutʃ/ "benefits" from not being unfamiliar to anyone... and one of the very few things I did know about Welsh is that "w" represents /u/.
> Do you know what's going on with their suggested spelling/pronunciation?
"Cwtch" was/is more common in casual conversation in South Wales (where fluent spoken Welsh is less common, but Welsh words are still used in both English and mixed language contexts). See: https://en.wikipedia.org/wiki/Cwtch for a summary of the cross-language context.
SimpleX relies on out-of-band key material transfer between clients, in addition to the honesty of routing server to protect privacy and metadata.
Cwtch uses the existing infrastructure of Tor and v3 onion services to establish p2p chat sessions, thus relying on the underlying security of the Tor network. There is some nuances regarding how different kinds of groups work, we have a security handbook that goes into it a deeper: https://docs.cwtch.im/security/intro
Use end-to-end encrypted messaging applications for all your digital communications:
- Ideally, use peer-to-peer and metadata-resistant applications such as Cwtch or Briar. Otherwise, use metadata-resistant applications such as SimpleX or Signal.
- Email is not metadata-resistant and should be avoided if possible. If you must use email, use PGP encryption and register an address with a trusted service provider.
Do not use:
- Delta Chat or Matrix, as they are not sufficiently metadata-resistant.
- Telegram, as not all messages are end-to-end-encrypted.
And this[2]:
Since SimpleX requires that users place some trust in the SimpleX servers, we recommend prioritizing Cwtch over SimpleX Chat for text communication with other anarchists, and using SimpleX Chat or Signal for voice and video calls. Unlike Signal, SimpleX Chat doesn't require a phone number or smartphone.
> Since SimpleX requires that users place some trust in the SimpleX servers
Do you know what they mean by this? I could not understand from the explanation given. My understanding is that the message contents are still not known in any case, so I'm curious what it is they are worried about.
Because a malicious SimpleX server could run a modified version of the code that allows them to collect metadata, even if they can't see message contents. So, indeed, it assumes trust in the server[1]:
Our open-source code that we are legally bound to use doesn't provide any metadata that could be used to learn who connects to whom. But the privacy of users' connections still depends on us honouring our promises and privacy policy.
But they offer a way out using Flux, as they explain it here[1].
Any thoughts about direct lan/vpn communications as an option? The use of tor makes a working high quality internet connection a requirement, and potentially makes it more attractive for attackers to DOS attack tor in order to make their targets move off Cwtch and onto less secure communications methods.
It is something we get asked about fairly frequently, its not a high priority for us right now as it requires some thought as to not break or undermine any existing cryptographic/privacy properties that Cwtch does have (see: https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/461#issu...) - but it's also not something that we have ruled out if the right combination of design/effort is available.
Right but on a local network the attacker likely has no surveillance -- and if they do you probably have worse problems.
And because Tor is relatively vulnerable to DOS attack, an attacker can force users off of it and likely on to more vulnerable communications methods.
Tor also has its own vulnerable to traffic analysis which is quite significant. So I think for most users if you can satisfy communications you'd probably prefer it... Though I suppose I could argue it both ways.
Hi! Sarah from the Open Privacy Research Society / Cwtch team here - happy to answer questions.
There is not any background on the website. Like who is that society, who is behind it, what is the goal of the app, where comes the funding from. Why for example did you not fund Signal? It has similar goals?
There should be a link to the society website (https://openprivacy.ca/) on the Cwtch site, but I can see that there isn't - we will get that fixed.
Open Privacy Research Society is a Canadian non profit society, founded in 2018, you can find details of our members and operating structure on our website. Most of our funds come from individual donations.
Cwtch started as an extension to the Ricochet Tor messenger which I also contributed back in 2014/2015. Our main goal behind Cwtch was to establish that metadata resistant / p2p communication could be done in a similar form factor to traditional server based / non-metadata private protocols like Signal i.e. to try and push the privacy properties that people can wield beyond end to end encryption, in a way that is still usable.
I guess the current thread and this other ongoing one are duals:
Briar: Peer to Peer Encrypted Messaging - https://news.ycombinator.com/item?id=43363031 - March 2025 (48 comments)
Looks interesting but the lack of an iOS client makes it a non-starter for me. I use Android but I have friends and family who don't.
It's definitely one of the bigger challenges. Currently we don't see a viable way to deploy something like Cwtch on iOS (both in due to how locked down the platform is in general, and the requirement to run a backing onion service for each profile making mobile a hassle in the general case) - we are somewhat hopeful that advances on the Tor front might make it possible one day.
would something like Orbot work?
https://apps.apple.com/us/app/orbot/id1609461599
Cwtch requires setting up onion services, and the app currently does that automatically via establishing a control connection with a Tor process (either launched by Cwtch, or provided by the system).
Orbot can be configured to expose the same control port (or at least it could on Android when I last looked a few years back, I'm not sure about this capability on iOS), and Cwtch can be configured to use a custom control port connection - but that imposes much more work on the user, and is somewhat fragile.
That could likely be made to work on iOS in some factor, but the problem of the stability of the services themselves would remain. Its definitely something we'd like to explore.
Related:
Cwtch: Decentralized, privacy-preserving, multi-party messaging protocol - https://news.ycombinator.com/item?id=27643171 - June 2021 (88 comments)
Lol, not often you find Welsh in the world of tech naming!
Who named this, are the devs welsh?
It can be a bit of a bugbear of mine, when people who’ve never been to wales and certainly don’t siarad cymraeg appropriate welsh words as names, such as the sickmaking LA lifestyle brand Hiraeth. But then again the welsh did give the world the word penguin.
Shwmae, Sarah ydw i. I co-founded the Cwtch project, and yes I was born in Wales, lived there for 20+ years, and as a result learned Welsh in school; and while I no longer live there, I still consider myself, at least in part, Welsh.
Dai iawn…
I’ve often wondered how the rest of the world will pronounce Cwtch and Blodeuwedd Labs
I used to work at Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch Web Solutions Ltd, and I gotta admit we used to have a hell of a time.
"Cwotch" and "Bloodwed"
yes they are
da iawn wedyn
Are they worried that their project is going to be called "cooch"? It seems likely to severely inhibit uptake.
it's pronounced more like "cutch" (well, for me it is anyway) :))
if the name bothers, it can be forked. looking forward to "yCont" messenger!
I noticed that while the website says /kʊtʃ/, wikipedia's page on Welsh orthography suggests that it should be /kʊtχ/ or /kutχ/, Google Translate's automatic audio seems to produce /kotχ/ [not a typo], and the pages on Welsh orthography/phonology together suggest that /tʃ/ should be spelled "ti" [if a following vowel exists, which it doesn't here] or "ts" [regardless of whether a following vowel exists, with examples, both loanwords from English, of "tsips" [chips] and "wats" [watch]].
But I don't know anything more about Welsh than what wikipedia offers. Do you know what's going on with their suggested spelling/pronunciation?
(Wiktionary has /kʊtʃ/ for the pronunciation of the English word "cwtch"; the Welsh word is given with the same pronunciation, but the spelling "cwtsh", which is equally weird as far as the material above goes. The etymology does tend to support /tʃ/ in cwtsh - it's a loan of the English word "couch".)
> it's pronounced more like "cutch" (well, for me it is anyway)
I would have to pronounce "cutch" as /kʌtʃ/. /ʊ/ exists (put / foot / look / nook ...), but there isn't a conventional way to spell it so it's unlikely to be used for unfamiliar words. But /kutʃ/ "benefits" from not being unfamiliar to anyone... and one of the very few things I did know about Welsh is that "w" represents /u/.
> Do you know what's going on with their suggested spelling/pronunciation?
"Cwtch" was/is more common in casual conversation in South Wales (where fluent spoken Welsh is less common, but Welsh words are still used in both English and mixed language contexts). See: https://en.wikipedia.org/wiki/Cwtch for a summary of the cross-language context.
Chips generally is sglodion, else just siop chips. I’d include the χ but it’s more like a tsh.
cwm the n3logic interpreter
Looks nice, but all my friends care about are stickers and gifs...
direct link to the repository: https://git.openprivacy.ca/cwtch.im/cwtch
<3 great work
How does it compare to SimpleX Chat?
SimpleX relies on out-of-band key material transfer between clients, in addition to the honesty of routing server to protect privacy and metadata.
Cwtch uses the existing infrastructure of Tor and v3 onion services to establish p2p chat sessions, thus relying on the underlying security of the Tor network. There is some nuances regarding how different kinds of groups work, we have a security handbook that goes into it a deeper: https://docs.cwtch.im/security/intro
I found this[1]:
And this[2]: As well as this comparison chart: Interactive secure messenger feature comparison - https://bkil.gitlab.io/secuchart/[1] https://www.notrace.how/threat-library/mitigations/digital-b...
[2] https://www.anarsec.guide/posts/e2ee/
> Since SimpleX requires that users place some trust in the SimpleX servers
Do you know what they mean by this? I could not understand from the explanation given. My understanding is that the message contents are still not known in any case, so I'm curious what it is they are worried about.
Because a malicious SimpleX server could run a modified version of the code that allows them to collect metadata, even if they can't see message contents. So, indeed, it assumes trust in the server[1]:
But they offer a way out using Flux, as they explain it here[1].[1] https://simplex.chat/blog/20241125-servers-operated-by-flux-...
Any thoughts about direct lan/vpn communications as an option? The use of tor makes a working high quality internet connection a requirement, and potentially makes it more attractive for attackers to DOS attack tor in order to make their targets move off Cwtch and onto less secure communications methods.
It is something we get asked about fairly frequently, its not a high priority for us right now as it requires some thought as to not break or undermine any existing cryptographic/privacy properties that Cwtch does have (see: https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/461#issu...) - but it's also not something that we have ruled out if the right combination of design/effort is available.
Tor is important for metadata resistance.
Right but on a local network the attacker likely has no surveillance -- and if they do you probably have worse problems.
And because Tor is relatively vulnerable to DOS attack, an attacker can force users off of it and likely on to more vulnerable communications methods.
Tor also has its own vulnerable to traffic analysis which is quite significant. So I think for most users if you can satisfy communications you'd probably prefer it... Though I suppose I could argue it both ways.
> Tor also has its own vulnerable to traffic analysis which is quite significant.
[citation needed]
Here's a contrary one https://www.theguardian.com/world/interactive/2013/oct/04/to...