Discreet Log #20: Cwtch Servers Experiment

11 Nov 2021

Welcome to Discreet Log! A fortnightly technical development blog to provide an in-depth look into the research, projects and tools that we work on at Open Privacy. For our twentieth post Dan Ballard talks about our new Server Hosting experiment in Cwtch

Our 1.4 Release of Cwtch now includes a new experiment: hosting and management of Cwtch Servers inside the Cwtch app.

What are Cwtch Servers and What are They For?

Traditionally messengers have solved offline delivery with centralized servers which, as a side effect, must collect metadata to operate. In a step towards decentralization some federated services like Mastodon or Matrix, do technically allow anyone to run their own server, but the setup is usually a barrier to everyone doing it, and still results in metadata collection by the service operator.

Directly messaging a contact in Cwtch is done peer to peer over Tor v3 onion servers. This is optimal as there are no intermediary services used. However, this comes with a major constraint: both parties must be online. If we want offline message delivery, we need some form of shared infrastructure to support it.

Cwtch servers are designed to be untrusted. Which means that don’t learn anything about the messages they are hosing or the profiles or groups those messages are associated with.

Cwtch servers can be hosted privately, for efficient, small group communication, or shared publicly to allow people without the resources access to private, shared, infrastructure.

If we want groups and other features that make use of offline delivery to become more stable and more widely available, then one of our goals must be to make hosting Cwtch Servers as easy and accessible as possible.

The harder it is, the more directly that created emergent centralization, as more people would rather use someone else’s infrastructure than attempt to set up their own.

The earliest work we did around making running a server more accessible was involved in making it very easy to run without any complex setup. With some contributions from our community we then we able to get a docker container published so that anyone could even more easily drop a Cwtch server onto a docker enabled server. This all helped to lower the barrier for anyone with a server, but that was still very limiting.

With those experiences in mind, it was critical to us to make hosting and managing Cwtch servers as trivial and easy and user accessible as possible. This is also something we hope to see others adopt in the future, there is no good reason setting up a server has to be “hard” or technically prohibitive and restrictive.

Cwtch’s New Experiment: Hosting and Managing Servers

The end goal has always been to integrate hosting and managing Cwtch Servers right into the core Cwtch application so that anyone who could run Cwtch could run a server. So with last week’s release of Cwtch 1.4 we took our first step in that direction by adding a new opt in experiment, Cwtch Server Hosting.

Experiments now with Server Hosting

There is currently a caveat to our “run a server anywhere Cwtch can run” so far in that we’ve currently blocked Android from this experiment as we aren’t confident Android Cwtch connections are stable enough to make this a useful feature there, so it’s Desktop only for now.

Once enabled, a new menu bar item will appear that will take you to the new server management pane.

New Server Management Menu Item

The new server management pane allows you to add new servers.

Add Server Screen

The options are pretty straight forward. You can give the server a description which is just for local use by the user to track what each server they create is intended to be used for, the description is never shared. There are then options for controlling weather the server should be auto started when Cwtch starts, and whether its storage should be password protected.

Servers List

From the manager you can see a list of your servers, edit them, where you can turn them on or off, and change their description, or delete them. You can also copy their server “key bundle”.

In order to use these servers, in order to be able to create groups on them, your profile needs to be made aware of them. In this experiment’s first release, just use the “copy server key bundle” button and then go into the profile you would like to use the server, press the Add (+) button and paste the key bundle. The profile will then be able to create groups on your new server!

Import Server

Next Steps for Distributed Cwtch Features (Groups, Offline Delivery)

We are planning to continue to improve the UI around managing Cwtch Servers in the app over the next releases. We are currently planning to add better profile level server managing UI to Cwtch hopefully for the 1.5 release which would create a more direct flow for importing servers into profiles and managing know servers. We also would like to offer some rudimentary stats on the Server pane in the Server Manager such as “total number of messages on server” for management purposes.

Beyond that, we are currently doing research and design around new “hybrid groups” that would use other building blocks are that we have been and are getting in place to support more P2P style groups, which possibly could run server-less if some core peers are frequently enough online, (or with bot support). Cwtch servers won’t be going away, they are an early component and tool in our future planned toolbox to help enable rich metadata resistant communication.

We’re very excited to make distributed and metadata resistant communication accessible to all with the lowest barrier to entry possible. This work takes time, and we’re delivering it in stages. As we talked about in our Roadmap post, we will be rolling out more building blocks for future work over the next handful of releases. If this work and direction is of interest to you or exciting, please consider donating to support it.

What is Discreet Log?

Discreet Log is a fortnightly technical development blog to give a more in-depth look at the research, projects and tools that we work on at Open Privacy.

More Discreet Log

Donate to Open Privacy



Open Privacy is an incorporated non-profit society in British Columbia, Canada. Donations are not tax deductible. You can Donate Once via Bitcoin, Monero, Zcash, and Paypal, or you can Donate Monthly via Patreon or Paypal. Please contact us to arrange a donation by other methods.