Dcomms.org - fully decentralized and secure communications
What is Dcomms?
Dcomms.org is a non-profit organization. We develop an open source framework
to build decentralized communication systems with full privacy.
The framework is designed to build various customized messengers and applications; it also includes its own messenger.
- Users communicate without servers. No server is able to sniff contact book, by tracking sender and receiver IDs
- There is no link between user ID and phone number / email
- The protocol and implementation is done by a single developer with no rush and with high quality.
The developer has 100% control and responsibility for the system
- The project is developed with help of various cryptographers, penetration testers and security engineers. We discuss vulnerabilities and countermeasures since the very beginning
- The project is open source, under MIT license. Everyone is able to create his own messenger, with own brand and customizations, and the messengers will be interoperable
- Implementation is done in C# programming language, it avoids memory corruption vulnerabilities that are common to C++ implementations
- User's personal data (private keys and contact book) is stored only at his own device
- Users or organizations can run same messenger via private IP networks and rendezvous peers, physically separate from public P2P network
- The protocol includes automatic QoS tests, when the software checks quality of network and peers to select best path for messages across P2P network
How it works
The messenger is based on "Decentralized Routing Protocol". Here is general explanation:
- Users A and B generate key pairs: private key to sign messages, public key to verify messages
- Users A and B exchange public keys over some secure channel and store them in contact book. There is also a special mode of key exchange over insecure channel.
- Users get connected via a peer-to-peer (P2P) network (P2P like bittorrent, bitcoin, I2P)
- The P2P network delivers "INVITE" requests between users. The "INVITE" requests do not contain any information about the users
- When both users agree to communicate, they authenticate each other using public key (stored in contact book),
generate a temporary session key, set up direct (serverless) communication channel, encrypt real communication with the session key
- It is user's responsibility to store his personal data (keypair and contact book) in safe place, make backups and transfer the personal data to another device
A more detailed explanation is in technical whitepaper (draft)