cairde/docs/nlnet.md

Towards a more robust Cwtch protocol implementation

Introduction

Cwtch is a protocol for building surveillance resistant digital infrastructure. It's designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata. The threat model places the context, not the content, at the center of the technical challenge.

The Cwtch protocol is open and provides a foundation for decentralised metadata resistant application developers who want to avoid reinventing low-level protocol functionality.

Cwtch is also the name of the flagship graphical user interface (GUI) client, developed alongside the protocol and available for general public use. The GUI client is Beta quality software and is approaching a stable release.

Cwtch is a project initiated by Open Privacy and has been under development since 2017.

Project

Within the context of NGI Zero Entrust, the Cwtch protocol positions itself as a "trustworthy technological building blocks for the next generation of the internet". Trustworthy, by design, as explicit consent is built into the protocol from first principles.

However open and stable the project proposes itself at this current time, it still requires additional projects to adopt it, in order to ensure implementation robustness in practice.

Earlier this year, an announcement was published on the Cwtch development log about the release of developer focused documentation and an open call for developers to build on Cwtch.

The result has been the start of a new community-based client implementation called Cairde, a fullscreen, interactive text-based user interface (TUI).

With the support of NLNet & the NGI Zero Entrust call, we can realise this client implementation and bring it to public alpha release.

We see 3 advantages to a community-based alternative Cwtch client which will strengthen the Cwtch ecosystem at this time.

1. Supporting several clients applies pressure to the Cwtch protocol implementation to scale in different directions and will assure the core libraries are robust by supporting different use cases.

2. Supporting several clients builds confidence in the Cwtch protocol and the idea that it can support diverse use-cases for metadata resistant applications. We see this is an active approach towards developing trust within the decentralised internet developer communities. These communities will ultimately lead adoption and deployment of the Cwtch protocol in their own applications.

3. Cairde can provide expanded platform portability where the flagship Cwtch GUI cannot. The GUI is built using the Flutter framework which is ideal for supporting mainstream consumer platforms. However, other widely deployed platforms, e.g. FreeBSD, all non-graphical user interfaces and older machines that run x32 architecture are not supported.

Outcomes

We aim to launch a public alpha of the Cairde client within 3 months of development.

Cairde will support the core functionality that the flagship Cwtch GUI provides: profile, settings and contact and conversation management delivered in a usable & reliable interface.

The GUI also allows the user to enable "experiments". These are optional, opt-in features that add additional functionality to Cwtch that may have different privacy considerations than traditional 1:1 metadata resistant chat.

Cairde will follow the same approach. We aim for feature parity with 3 experiments: group chat, relay server management and file sharing. This will involve significant usage of the Cwtch core library API surface.

The release will include a public blog post announcement, client documentation and getting started and contribution guides.

Amount

€9216

Use

The proposed budget will be used for the following tasks:

• Development work & bug fixing
• Support meetings with Open Privacy
• End-user testing & design discussions
• Community organising (PR, socials, blog post writing)

The breakdown of the budget calculation is as follows:

• Hourly rate: 24 EUR
• Working time: 4 day weeks, 8 hrs / day: 128 hrs / month
• Total amount: 3072 EUR / month * 3 = 9216 EUR

The hourly rate has been determined using the current hourly rate of Open Privacy. This is currently 34.50 CAD which converts to 24 EUR / hour. The aim is to be paid the same rate for the same work during this collaboration.

Comparison

In recent years, public awareness of the need and benefits of end-to-end encrypted solutions has increased with applications like Signal, Whatsapp and Wire now providing users with secure communications.

However, these tools require various levels of metadata exposure to function, and much of this metadata can be used to gain details about how and why a person is using a tool to communicate.

One tool that did seek to reduce metadata is Ricochet first released in 2014. Ricochet used Tor v2 onion services to provide secure end-to-end encrypted communication, and to protect the metadata of communications.

There were no centralized servers that assist in routing Ricochet conversations. No one other than the parties involved in a conversation could know that such a conversation is taking place.

Ricochet wasn't without limitations; there was no multi-device support, nor is there a mechanism for supporting group communication or for a user to send messages while a contact is offline.

This made adoption of Ricochet a difficult proposition; with even those in environments that would be served best by metadata resistance unaware that it exists.

Additionally, any solution to decentralized, metadata resistant communication faces fundamental problems when it comes to efficiency, privacy and group security (as defined by transcript consensus and consistency).

Modern alternatives to Ricochet include Briar, Zbay and Ricochet Refresh - each tool seeks to optimize for a different set of trade-offs e.g. Briar seeks to allow people to communicate even when underlying network infrastructure is down while providing resistant to metadata surveillance.

The Cwtch project began in 2017 as an extension protocol for Ricochet providing group conversations via untrusted servers, with an eye to enabling decentralized, metadata resistant applications (like shared lists and bulletin board)

An alpha version of Cwtch was was launched in February 2019, and since then the Cwtch team (run by the Open Privacy Research Society) has conducted research and development into Cwtch and the underlying protocols and libraries and problem spaces.

Challenges

We expect that the majority of the technical challenge will come from the need to adapt the core Cwtch libraries for an alternative client implementation.

The API surface for experiments are more technically involved than the core 1:1 chat surface. This will be the first time that a third-party implementation makes extensive use of the public API surfaces.

Cwtch clients must also be usable. Despite many of the foundational UI/UX questions being already solved in the Cwtch flagship GUI, a TUI environment does provide a new challenge for layouts and interactivity.

Ecosystem

Cwtch has a growing community of volunteer developers, testers, and translators. See the 2021 Open Privacy end of year report for more details.

Progress on developments will be published on the Cwtch development log in collaboration with Open Privacy.

Updates will be published further via established social media channels, e.g. hachyderm and fosstodon.

Open Privacy also has additional publishing channels such as the official blog or via the Discreet Log.

Within the community release candidate testers group, there is interest to participate in end-user testing and design discussions. This will be invaluable to help smoke out bugs and stabilise a release from the start.