WireMin FAQs
WireMin: A Private, Secure and Democratized Instant Messenger
This FAQ provides answers to frequently asked questions about WireMin.
WireMin is a tool for personal communication that establishes a social network (the WireMin network) of the people, by the people and for the people. The WireMin network is purely based on people’s devices, without relying on the cloud services of giant companies. It is private in that all messages are end-to-end encrypted like other secure messengers. Beyond that, your identity and social relationships are only known by you and any parties with which you wish to share that information. It is secure in that the network has no data center for collecting user data, routing messages or authenticating users, which eliminates possibilities of massive data breaches, service interruption or unsolicited banning of accounts. It is democratized so that all users in the network share equal rights, including all developers of WireMin, so no one is able to oversee the network for surveillance or censorship, or for the sale of ads.
General Questions
What is WireMin?
WireMin is an instant messaging app based on a fully decentralized computing architecture. It provides a superior secure messaging experience by not only concealing your message content using end-to-end encryption, but also eliminating the possibility of censorship, surveillance or data collecting. Like Bitcoin, WireMin is a peer-to-peer network established by interconnected users with equal rights. It is not cloud-based. Instead, it is a tool that empowers people to connect with each other and establish a democratized digital social network, so that freewill and trustworthiness of communication and expression can be secure.
What is decentralization, and why is it important?
Decentralization is a democratized computing architecture that allows a network to be established by participants with equal rights. No one has the privilege to control others, even the creator or the developer of the network. On the contrary, existing cloud-based instant messaging apps rely on servers for user authentication, message relay and data storage, which naturally grants the privilege to these creators over all users.
Such privileges are exploited for pursuing business advantages and are also being abused for manipulation, surveillance and censorship of users. End-to-end encryption ensures privacy for the message content, while social relationships, activities and profiles are still at risk of data abuse or privacy breach. In the WireMin network, social relationships and other personal data are encrypted in a way that means only the user has the key to reveal the data.
Relying on servers or cloud services introduces vulnerabilities to the network. The entire network would stop working if a few servers are down or banned, while millions of users' devices are still active. This is why most messaging apps experience service interruption due to outage of cloud providers like Amazon. This is also why messaging apps fail in countries that ban their servers. Users’ data is collected and stored in a centralized manner on servers which makes it possible for massive data breaches, even for secure messaging apps like Telegram in mid 2019. Such incidents will never happen in a decentralized network which doesn’t have servers to be banned or attacked in the first place. Bitcoin and BitTorrent networks operated for years without any interruption. WireMin inherits such robustness as well and provides an unstoppable social network.
How is WireMin different from secure messengers like Signal and Telegram?
As a messenger, WireMin offers fast and reliable personal communication like all existing messengers on the market do like Signal, Telegram and WhatsApp. Also, WireMin provides strong privacy protection for messaging like all other secure messengers do by utilizing end-to-end encryption. Beyond that, WireMin differentiate from Signal, Telegram and other cloud-based messengers by its decentralization nature, which offers a new level of privacy and security.
Cloud-based messaging services rely on servers to deliver your message to your recipient’s device, it naturally requires revealing the identities of all social parties and relationships between them. It not only happens to you and your recipients, but also to all users on the platform. Such abilities to control the delivery of every message and to have a global view of the social relationship, are fundamental threats to users' privacy and security. WireMin eradicates those risks by establishing a democratized network that no one has such privileges.
WireMin |
Cloud-based Messenger |
|
What you are talking about |
Protected |
Protected |
Who you are talking to |
Protected |
No Protection |
Who are you |
Protected |
No Protection |
You can be banned |
Not possible |
Yes, at any time |
You can be tracked |
Not possible |
Yes, all the time |
Collects your phone #/contacts |
Don't collect |
Collected |
Service banned in some countries |
Not possible |
Banned in many countries |
WireMin offers a new level of privacy and security
This means a lot to users:
• Your account is unstoppable: No one is able to ban your account nor prevents you from making social connections and communicating with others. While, existing messaging services can ban any user at any time.
• You take the ownership of your data: No one has access to your personal data except yourself. Data can only be shared with intended recipients under your control. While, existing messaging services host your data (e.g. identity, profile and social relationship) in the cloud, which is out of your control.
• You won't be tracked: No one is able to discover or collect others' social activities in the WireMin network. While, existing messaging services know who you are talking to and when, since every message is delivered by the services. Identities of you and your recipients are not protected by end-to-end protection, otherwise the services will have no idea how to deliver messages for you.
• You won't be hacked: WireMin doesn't store user credential or personal data in the cloud, which leaves no place for hackers to breach. Massive data breach happened on cloud-based messaging service will never happen to WireMin users.
Will WireMin be free? How will WireMin sustain itself if so?
Yes, WireMin is free and it will stay free. Unlike cloud-based messengers, WireMin doesn't rely on any party to continuously operate the network. Like the Bitcoin network, even after the creator vanished, the network is alive all the time as long as there are a reasonable number of active users.
Will there be user tracking for Ads?
Ads will never be an option within WireMin, as it is against the nature of decentralization. No one has the ability to know others' social activity, not even the developers. In the WireMin network, identities are revealed only to parties that are involved in the particular social activity, which destroys the foundation of user tracking.
Will I be tracked by my IP?
No. WireMin messages are relayed multiple times before eventually reaching the recipient's device. When a message arrives, the IP observed by the receiver is the IP of an intermediate relay device of a random device instead of the original sender.
What about privacy, data protection and GDPR?
Simply, we don’t have a single bit of user data. WireMin set the new standard for privacy and data protection regarding the operation of a social network. It shouldn’t be a promise in terms-of-service or a slogan to claim the protection of user privacy and data. Instead, WireMin proves these through its open-source protocol design and implementation of applications. WireMin is a tool and operates no servers or cloud-based service, so that no single bit of user data will be transferred and stored in any computing facility controlled by us.
GDPR is a strong policy for internet services and protects users well. WireMin goes beyond GDPR by creating a social network without collecting any data from its users. Only data required in a social activity will be shared with involved parties. There is no man-in-the-middle.
Where is my data stored?
Your data is relayed and stored in your friends' devices and other random devices available in the network. All data is protected by strong cryptography algorithms and can be accessed only with the owner's secret seed. Messages and multimedia are relayed and temporarily stored for 48 hours, which allows an offline recipient to receive messages from others when it is back online. Personal data, like lists of contacts, will be stored until it has expired. So, if you stop using an account for a long time (like several months), all your data will vanish permanently from the network.
Like everyone else, you will also relay and store others' data and messages in your device for a period of time. Apart from your own data, all data is represented and indexed in a way that is not correlated with the identity of the data owner. So, you don't know whose data you are storing and, of course, are not able to decrypt the content.
How do you deal with illegal content?
Chats are a private domain. WireMin is not capable of monitoring nor banning any content or any user. Such capability implies surveillance, which WireMin simply doesn't support by design. On the other hand, WireMin messages are unforgeable. If you received illegal content from someone, the digital signature of the message may serve as a strong evidence of the crime.
Do you process data requests or take-down requests?
This is something we are not capable of. WireMin is a fully democratized network, all participants are equal - including us. No one has privileges to access others' data or ban others' accounts.
WireMin Basics
User Account
WireMin doesn't leverage a server to verify usernames/passwords and tell others that you are signed in. Authenticity of a user is proven using digital signing. Each individual message sent by the user can be verified by all recipients. Every user is able to generate digital signatures and verify those from others independently and even without the internet.
To create a new user, WireMin will automatically generate a secret seed, which is a 27-byte globally unique random number. The secret seed is then encrypted and stored in the local device using a passcode provided by the user. The user logs in on the device by providing the same passcode so that WireMin can load the secret seed back. Both processes can be done on the local device, even when it’s offline.
User identity is a 52-character string derived from the secret seed that you will provide to others when making social connections. After the device loads the secret seed with a successful login, every message you send will be digitally signed based on the secret seed, which can be verified by recipients that it is sent by you. So, the secret seed is the only information required to control an account, which must be stored in a device under your control and protected by a passcode.
Who can I send messages to?
You need to add another WireMin user before you can send messages to them, by scanning his/her QR-code or using an invitation link. Your message will show in the recipient's conversation list after he/she connects with you. Before that, all messages go to the incoming greeting list on their devices.
Who can contact me?
Anyone who has your QR-code or invitation link can send messages to you before the link expires. This is the only way for now. WireMin never reads or links contacts on your phone or asks for your phone number. Without obtaining your invitation QR-code or link, nobody can ever discover you or send messages to you. In the future, WireMin will develop social discovery features based on geolocation or keywords if the user wishes to be found and contacted.
Can I delete my messages?
All or selected messages can be deleted from your conversation history. Deletion affects history on your local device only. The conversation history remains unchanged on your recipient's device.
Can I log into my account on different devices simultaneously?
Yes. When using a new device for the first time, the account needs to be migrated, which requires scanning the login QR-code on the new device using the old device. Then both devices have control of the account for receiving and sending messages. You can also remove the account from a device later on without affecting the account on other devices.
Does a change of passcode affect all logged in devices?
Unlike cloud-based messengers, the passcode in WireMin controls the local device only. Passcode changes don’t affect other devices with the same account. You may have different passcodes for different devices to protect the same account.
When is a passcode required?
Once you have successfully logged in, your passcode will be remembered by the device for 20 hours. Typically, WireMin will require the passcode when a day has passed since it was last used, and then will allow auto-login for the whole day unless the account is logged out by the user.
How can I retrieve my account if I forget my passcode or lose my device?
If you have a second device with the account, you can log into the device that locked you out by scanning the login QR-code and resetting the passcode, or you can migrate the account to a new device as the replacement for the lost one.
If you don’t have a second device, the only way is to login with the mnemonic backup. Every account has a global unique mnemonic representing its secret seed. The mnemonic backup is an array of 18 case-insensitive English words from a 4096-word dictionary. It must be copied, screenshotted or written down and kept in a safe and secret place until it is needed.
Security
How secure is WireMin?
Firstly WireMin offers end-to-end encryption for messages, which is now commonly supported by most state-of-art cloud-based messengers like Signal, Telegram, WhatsApp and etc. Beyond that, the decentralized computing architecture WireMin based on provides a new level of privacy and security by eliminating the possibilities of user monitoring, unsolicited banning and massive data breach.
WireMin doesn't rely on cloud-service or servers, which provides privacy protection not only for the messages but also for your identity and personal data like social relationships. That means WireMin users don’t need to reveal their identity and credentials to anyone. While, cloud-based messenger requires your identity and credential to verify who you are, which implies data collection and user tracking. That also means messages in WireMin are not relayed and delivered by server, users don’t need to reveal the relationship between their recipients when sending/receiving messages. While, cloud-based messengers need to know the relationship among users in the entire network, which grants the messenger provider the ability and privilege to monitor the activities of all users and track them.
Massive data breaches occur from time to time, as a result of a cloud-service or servers being hacked, even for state-of-art secure messengers (e.g. Telegram Leak 2019). Collecting user data in a computing facility centralized controlled is always a threat to user privacy and security, which exposes a single-point-of-failure that is vulnerable and valuable to hackers. WireMin eradicates the possibility of massive data breaches by avoiding having a centralized controlled service. User data is widely distributed in users' devices and only each individual user has the key to access their own data.
Is every message end-to-end encrypted?
End-to-end encryption of messages is the default and is a prerequisite to allow data to be relayed and stored by random devices available in the network. Nevertheless, your personal data and social relationships are end-to-end encrypted as well, which only allow you to access them.
What if my device or network is compromised?
WireMin assumes you don’t have a secure network and protects your communication and data under any risky network environment. It is safe to use WireMin with unencrypted public WIFI, IMSI-catchers and mobile carriers in countries with massive amounts of surveillance.
Your account and data remain protected if your device is stolen or if the hard drive is swapped. WireMin leverages the encryption feature of the filesystem provided by the operating system if available. Otherwise, WireMin does the encryption at application-level to protect any personal data stored in your device. For critical information, like the secret seed, a heavy-weight encryption is employed on top of filesystem encryption. It runs very slowly on modern computers and makes brute force guessing of passcodes extremely difficult.
If you lose control of the device when it’s unlocked or give away the passcode, the counterpart will gain full control of your account, dump information from it and send messages on your behalf. In that case, the only option will be a second device or the mnemonic backup so that you can at least inform your friends that your account is compromised to reduce further damage. The counterpart is not able to prevent you from logging in on the second device, and neither are you.
Under the Hood
On what technology WireMin is built?
WireMin uses the distributed hash table and leverages the existing BitTorrent DHT network for peer discovery and swarm joining. WireMin also uses IPv4 broadcast to discover nearby peers in the local network. Each WireMin instance keeps a list of active peers for exchanging information with other instances in the network and also for sending/receiving messages. All information is transferred using user datagram protocol, or UDP, throughout the internet. UDP is much lighter-weight and lower-latency than widely used TCP/HTTP, especially when a node needs to communicate with a large number of peers. This serves as the communication foundation of WireMin.
256-bit AES encryption is employed for data encryption that ensures user messages and data can only be accessed by their owners and permitted parties. WireMin uses Edwards-curve Digital Signature Algorithm, specifically Ed25519, to create the decentralized user accounts and digital signatures. WireMin uses authenticated encryption (Curve25519) for exchanging of per-message secret keys. SHA256 is used for information digestion and secret key creation. An embedded key-value database is employed to store cached messages and things like images and audios as well as user data such as avatars and contact lists. Currently we are using RocksDB Lite for this purpose, which is efficient and robust, especially for mobile platforms on which an app could be killed at any time.
WireMin users jointly created an open computing platform for messaging and data storage that serves each other within the network for personal communication. WireMin protects the public resource from being abused or attacked by requiring proof-of-work, or PoW, for every message sent and each bit of data stored. A tiny piece of PoW needs to be completed by computing SHA256 hundreds of thousand times before you can send a message. Such computing tasks can be done in less than a tenth of a second which is a negligible workload for a user device sending messages at human speed. While this introduces a significant effort for an attack to send overwhelming amounts of messages or data, the actual PoW difficulty requirement of a specific message or bit of data is proportional to its size and the duration for which it is to be stored.
Are there any new protocols or technologies being introduced to build WireMin?
Yes, and a lot of them! A new message representation and encapsulation format is introduced to carry the message without leaking the identities of senders and recipients or tracking them, while allowing only the sender and recipients to filter them out among all other messages efficiently. A new protocol for replicating the actual data of messages, like images and audio. A new protocol for distributed key-value storage with access control for saving and publishing user data was also used.
All those new technology stacks are designed and optimized for transmission and access patterns of social networks. Protocols are all built on top of connectionless and unreliable UDP, which takes much more effort to design and develop but allows deep customization and optimization for better security and efficiency. Those new technology stacks are undergoing continuous intensive experimentation and iteration. We will release the design and/or reference code to the public when the initial version is stabilized.
Is Blockchain technology used?
No. WireMin’s messaging protocol is inspired by the Blockchain system (transaction signing, replication and mempool), but WireMin is not based on Blockchains. Blockchains, such as Bitcoin, are also fully decentralized systems like WireMin. The problem that blockchain systems try to solve is global consensus. Basically, an activity between any two users will be verified and acknowledged by all other users in the network. This reaches a globally agreed state by applying activities of all users which can be observed by anyone. Making such global agreements synchronized and secured takes tremendous effort, which makes blockchain systems costly and inefficient.
Instant messaging systems exhibit strong locality and need no global agreement. Each conversation happens only between the involved parties and has nothing to do with others. Instant messaging requires isolation and privacy, and it is almost the opposite to what Blockchains deal with. Without the burden of global consensus, WireMin is able to scale to a massive number of active users and support a high volume of messaging traffic.
Is the BitTorrent protocol used for data transfer?
Sadly, no. We wish BitTorrent could be used for data transferring in WireMin, for which BitTorrent is designed. BitTorrent suits file transfer well if the file is large and takes at least several minutes to download. However, for small data like a few kilobytes, the prerequisite steps for peer discovery, swarm joining and establishing TCP connections may take tens of seconds or even minutes. This introduces a significant overhead and latency in transferring a large number of small data interactions, which are typical cases in social networks.
The deep reason is that BitTorrent organizes swarms in a way that is addressed by the hashing of data content. A node has to join different swarms and establish connections to different lists of peers before downloading a different file, or any data. That results in a delay of at least tens of seconds when downloading each message if BitTorrent is used for a social network. That will be a nightmare for messaging back-and-forth. In WireMin, swarms are organized by social activities. Once a swarm is joined and peers are discovered, all data involved are transferred within the swarm which introduces no overhead to each individual message.
How does Proof-of-Work defend against denial-of-service attack?
Every message carries a nonce, a few random bits, that makes the hash value of the entire message smaller than a target value, by treating the 32-byte hash values as large integers. Since it is not feasible to derive the original data from its hash value, to find such a nonce, one has to perform brute force guesses of different nonces until they find a suitable one. Each guess requires recomputation of the hash function over the message, and so carrying a suitable nonce proves the amount of computation is done. Such proof can be easily verified by a recipient with just a single execution of the hash function. In WireMin, by setting a proper target value, the effort of proof-of-work is negligible for normal message senders (i.e. humans) but requires massive computing power for an attacker (or a bot) to send an overwhelming amount of messages in a short period of time.
This idea was first proposed in 1997 by Adam Back to protect a remailer system from denial-of-service attack and later used by Microsoft’s Hotmail to reduce email spam. Bitcoin and many successor crypto currencies like Litecoin, Bitcoin Cash and Ethereum leverage the similar idea to pick up the winner among all competing creators for the new block. Who solves the proof-of-work faster wins, that is called Mining. Unlike Blockchains, WireMin uses a fixed, non-competing proof-of-work target, which is a result of the trade-off between the workload of normal senders and the strength of the defense.
The Road Ahead
Will more social options be developed, like Telegram’s groups and channels?
Absolutely! WireMin starts with 1:1 direct messaging, which is the most fundamental scenario of social activities. The decentralized messaging infrastructure we built is able to support other common types like private group chats, Twitter-like status publishing and Instagram-like media sharing.
Will any kind of micropayment system be supported?
Yes, but this may take some time. WireMin won’t sacrifice decentralization for user features. Integrating a centralized payment service like PayPal or Venmo is not an option. A possible way out is digital signature-based e-check, which can be issued directly from the WireMin app. This allows WireMin to integrate with the centralized payment service in a decentralized manner.
On the other hand, crypto currencies are naturally a good choice for WireMin, but currently none of the time-tested blockchain systems can handle the traffic of social micropayments with a large user base. It may take years for the blockchain system to scale out eventually. We are aware that layer-2 accelerations are an option, but we are worried about their fundamental assumption of high cohesion payment traffic in sub-graphs, which may not be valid for social micropayments. The only pattern of social payment traffic we observed are large point sinks and point sources.
Will audio/video chats and conferences be supported?
Absolutely! Those are planned in the near future. This does require a considerable amount of research for a new protocol to be designed and tested so that a smooth and robust live experience can be achieved while still keeping fully decentralized. We also plan to support live streaming as a natural extension of that.
Can I use WireMin to share large files?
WireMin will soon offer an extraordinary experience for large file transferring by directly connecting devices of sharing parties, especially when they happen to be in the same local network.
Will WireMin have locations, live position sharing and customized emoticons?
Absolutely! These are great features that are widely supported, and so WireMin will also support them.
Can I translate WireMin?
Of course. WireMin is currently in English only. Translations to any language are definitely welcomed. The only wish is that we look for a long-term collaboration for you to continuously work with us.
Can I help?
Absolutely! We welcome researchers, developers, designers and testers, as well as white-hats, critics, evangelists and investors. Any help to improve the WireMin design and implementation or to accelerate adoption will be greatly appreciated by the community and our team.