Coms - Privacy and Security

Coms Privacy and Security

P2P E2EE - Coms Messenger

  Peer-to-peer messaging, also called P2P messaging, is online text chat in which messages are exchanged directly between chat partners - the "peers" - without going via a webserver.
  • Peer-to-peer internet communications require that the "clients" - a client is an app or a web browser - establish a direct channel between each other over which data can be sent and received. In Coms, this is achieved during video calls.
  Coms calls can be conducted with webcam and microphone on or off. Encrypted video, audio and data (text message) streams are transferred peer-to-peer and cannot be intercepted.

Non-P2P Messaging

  When not in a call, Coms relays encrypted messages via the web server. Messages are deleted from the server when the recipent collects them - within 3 seconds if the recipent is connected.
  Messages sent and received are stored locally in the web-browser's "localStorage" cache and can be deleted at any time.
  • Coms software and webservers are coded and configured to be as secure as is technically possible. To minimize any possibility of breaches to privacy and security, we store only usernames and passwords, we do not scan or copy messages and we have disabled logging of webserver traffic such that no records are kept.

WebRTC P2P Security

  In today's modern web browsers, including Chrome, Edge, Firefox and Safari, we can use WebRTC (Real Time Communication) technology to establish peer-to-peer data channels between clients. A webserver is required to set this up, but it does not participate in the P2P communications.
  • Information flowing over webRTC data channels is encrypted end-to-end under the TLS protocol (https://), so it can only be received and understood by the intended recipient. This is the most secure and private form of messaging in existence.
  Non-P2P messaging apps, in which messages are stored on a webserver, are normally secure in the sense that messages are encrypted, as they are in Coms Messenger.
Pragmatically speaking, however, we must acknowledge that secure, encrypted data has indeed on occasion been hacked out of webservers, so the security provided by encryption should not be considered absolute.
  That is why Coms deletes messages from the webserver in the same moment they are read, and stores them instead in the browser on the user's device. When you are logged in, messages are collected every three seconds, minimizing the time they are present on the server. Collect your messages frequently and/or stay online all the time!
  Also, we highly recommend peer-to-peer messaging in calls above all else.
Site pages ...