Now with Cwtch Beta release series underway I can get philosophical again about privacy, infrastructure and what I think the future of these technologies should look like and what features I plan to prioritize in the coming months.
Cwtch Beta is deliberately a little bare on features, even compared to the early alpha releases. The only things that made it in were features we had time to iterate on and flesh out. Designing for privacy is hard, and takes time.
The first feature that most people realize isn't there is images, and to a lesser extent file sharing.
All cwtch messages are padded for to a fixed length for indistinguishability prior to encryption and transport and so there are limitations on how data can be sent.
There is also no central server hosting arbitrary files for offline access, and multi-party conversations further complicate sharing images/files - especially in an intuitive way.
Also, image processing libraries used to be fairly notorious vulnerability vectors - and while that may have changed in recent years, I wouldn't let arbitrary image rendering into Cwtch without more thought without dedicate research.
All that being said, I plan to prioritize file sharing as a feature. There were some early designs in ricochet based on hosting files and allowing people to connect to you that have potential when coupled with a UI that can cope with files being offline occasionally.
Another major area I want to focus on is the cwtch bot framework (which is currently in a nascent form: https://git.openprivacy.ca/sarah/cwtchbot )
Lots of people today tried out Fuzz Bot, and got Fuzz Bot to invite them to the Cwtch Testers Group which was awesome and was a great first big outing
overlays already provide a nice action-oriented interface that bots can work with. One of the features I'm excited about is expanding this format to allow a flexible set of structures that bots can (safely) compose to do more than the built in functions like invitations.
Cwtch is designed to be an open platform.
I'm not interested in restricting what people want to do with it. The biggest flaw with privacy preserving tools is how hard it is to extend them and build new tools on top of them. The more ways the better.
Right now there is a single UI for Cwtch, but we provide the main ffi interface as a separate library if you want to build your own.
I'm interested in building compatibility layers with Matrix and Briar to allow cwtch clients to opt into different kinds of risk models for different circumstances.
As much as I think Tor is awesome, I also want to providw support for alternative anonymous communication networks with different latency/privacy guarantees.
I am also interested in researching our own approaches to some of our open problems e.g. Niwl
If any of that sounds amazing, or interesting, then please consider supporting @OpenPriv to allow us to continue working on it (or get in touch with us to volunteer to dev/translate/review!)
It's taken 3 years to get to this point. Which seems like a lot, but to be fair, 2020 was a pandemic year, and in 2019 we were kind of busy ( https://openprivacy.ca/work/swisspost-scytl-evoting/ …)
We do a lot, a punch pretty hard - especially considering our budget.
You can find all of our organizational reports and financial statements on our website: https://openprivacy.ca/reports/
Our 2020-2021 reports will be released later this year.
A common talking point that I've heard from people today, in almost surprised tones, is "no blockchain? no token?" - we are not hear for your money, I'm not trying to sell you anything, you can't purchase Cwtch.
Cwtch is open, decentralized and belongs to everyone, for everyone.
I am incredibly opinionated, especially when it comes to privacy, and will continue to build and design Cwtch features in opinionated ways.
But there is nothing I can do to stop you building your own interoperable clients, bots, features and tools.
You can follow @SarahJamieLewis.
Tip: mention @threader on a Twitter thread with the keyword “compile” to get a link to it.