User:Zipelkopf/sandbox

TopSecret Chat is a communication platform for top-secret instant messaging that works on Android:. and iOS devices, as well as with modern Web browsers.

This service is opposite to the "free communication apps", where "their product is your personal data" , by offering instead a premium and niche service of "real privacy, anonimity, top-secret level security and untraceable content". This is done through an all-inclusive monthly Subscription plan.

TopSecret Chat has the motto "Your data is nobody else's business" and it has brought to the market a emerging technology technology in information security based on the "Confidential Computing" paradigm : the user's messages are no longer stored on any device or server, but they are handled in a fully encrypted and volatile memory enclave with a set life-span, like the messages never existed. This makes data recovery impossibile, hence communicating with untraceable content.

All communications, covering both data and meta-data, are also protected with additional encryption mechanisms and security measures at each different layer of the service. This includes E2E (End-To-End) encryption with cross-authentication of users to protect the raw content, a proprietary VTI (Virtual Tunnel Interface) for securing and cross-verifying the peer-devices and the TLS (Transport Layer Security) for wrapping everything into the encrypted transport layer.

Also the security around the RTC (Real Time Communication) for audio and video calls is enhanced, addressing the security gaps around the users's data and identity, during the entire lifecycle of the call. The notification channels do not contain any users meta-data or identifiable information, and they are used as an anonymous signalling system only.

While the usage of confidential computing technology and multi-layer encryption in an instant messaging application for the mass market is a "breakthrough technology", it comes with some limitations when applied to real-time and real-world communications for example, there is a high level of computational power and network capacity required for the consumer mobile devices. TopSecret Chat currently sets the life-span of a top-secret message to 24h with a limit to the maximum amount of top-secret messages that each user can send of 100MB in a 24h rolling period (audio and video calls are excluded) : this is called Capacity and users can monitor their level in real-time, with the option to auto-purge older messages. As noted by the company itself, the Capacity will increase thanks to the commercialisation of more powerful mobile devices and a wider coverage of faster mobile network such as 5G.

Architecture & Encryption
The technology that powers TopSecret Chat is developed by the research and technology company TopSecret Chat Limited with headquarters in Ireland, Cork (city).

The data center is located in Amsterdam and it's ISO 9001 and ISO 27001 certified. TopSecret Chat is also committed to a carbon neutral service by operating on only green infrastructures, having the data center engaged in the Climate Neutral Data Centre Pact.

All messages handled via TopSecret Chat are protected with a multi-layer and cross-signed encryption architecture. The message gets encrypted and cross-signed at each communication level, making even the end-to-end encrypted message transparent to the different network components and operators, following the principle of the Zero Trust security model that they adopt.

The core engine of TopSecret Chat is not open source but proprietary and therefore it is not possibile to peer review the entire source code but only the exposed client-side code that can be inspected and evaluated using Source Code Analysis Tools (eg. see OWASP) to cross-check the TopSecret Chat multi-layer encryption:


 * 1) A message gets first end-to-end encrypted using an asymmetric ECC chipher of 256-bit which is cross-signed by the sender and the recipient. The cross-signature guarantees the true identity of the users, the message integrity and it avoids the man-in-the-middle attack . It is possibile to notice that the user's encrypting key and signature changes when the user changes their Password or PIN/Pattern code: this is confirmed by the fact that is not possibile to send and receive messages during these operations. As an additional feature, the user can also changes their signature on demand, which can be publically verified using a QR code.
 * 2) The client-side code inspection reports as well that Group Chats do not use multicast encryption but rather 1:1 encryption toward each group member for extra confidentiality. This means that when the user chats in a group of 5 people, each message gets individually multi-layer encrypted and cross-signed 5 times toward each group member. Group chats are limited to 10 members only, as there is a noticeable high computation power and network capacity required to handle multiple 1:1 encryptions and transmissions at the same time rather than handling a signle multicast, and becasue the top-secret context considers that "the probability of unauthorized disclosure of classified information increases with an increase in the number of persons who know that information".
 * 3) Once the message is fully end-to-end encrypted (aka E2E-Message), this is not yet ready to be sent to the TopSecret Chat (dispatching) server. The TopSecret Chat server initiates first a proprietary VTI (Virtual Tunnel Interface) with the client's device to further encrypt the E2E-Message together with any meta-data related to the communication using an asymmetric ECC encryption of 256-bit, this time cross-signed by the peer-devices. The device's key get's automatically generated on a time-basis or when the network conditions change. The VTI is implemented as part of the Zero Trust security model adopted by TopSecret Chat, where the underneath Transport layer is not trusted even if fully encrypted, because it is controlled by global network operators and mass-monitored by intelligence agencies.
 * 4) The E2E and VTI encrypted message (aka E2E-VTI-Message) is now ready to be transmitted over the encrypted Transport layer using a TLS 1.2 or TLS 1.3 (verifiable using any public network inspection tool) with an ECC Certificate of 384-bit cross-signed by the client's user-agent and the server, so to wrap and mask everything to public eye.
 * 5) The resulting public payload in transit over the public network could be described as a message that has been E2E + VTI + TLS encrypted and 3 times distinctly cross-signed.
 * 6) Nota bene: It is to notice that all service-data necessary to the normal functioning of the application gets VTI + TLS encrypted as well, because of the very same Zero Trust security model.
 * 7) The  audio and video calls are protected using an enhanced RTP protocol, where the data (audio/video stream) is end-to-end encrypted with an asymmetric ECC chipher of 256-bit and all service-data required for initiating, maintaing and closing the call with the TopSecret Chat server are also VTI + TLS encrypted, so nothing is exposed to prying eyes.

Privacy
The TopSecret Chat headquarters is in the EU, Republic of Ireland and the data center is located in the EU, Amsterdam, therefore the service is subject to the EU - GDPR (General Data Protection Regulation).

The service is also free from the CLOUD Act, the PRISM program or any other mass-surveilance programmes

TopSecret Chat offers by default a fully anonymous service, where no PPI (Personally Identifiable Information) is shared. The process is built by using the privacy by design principles where users can register without a mobile-phone number, but using any name (or nickname) and an email or DEA (Disposable Email Address) for complete anonymity. A unique and anonymous identifier with an hashtag format (eg. #A23Y7O) is created when the user registers: this hashtag can be shared with others to connect directly.

Additional security and privacy features are mandatory and independent by the user's device settings, such as a strong authentication when setting up the App on the user's device(s) for the first time (Password + Two-Factor-Authentication) and the usage of an authentication PIN/Pattern code that is requested when unlocking the App on a routine basis.

Subscriptions
TopSecret Chat offers a service that is not for free, as it requires a subscription. The subscription model is available to the general public, while Government Agencies and Multinationals can also engage differently. There are 3 Subscription Plans that users can choose from


 * Personal - Suitable for individuals, with no strings attached.


 * Family - A flat price covering up to 5 Members. Once subscribed, the user has the ability to add and remove the other 4 users under its "Family" at any time and with no additional cost. This plan is particularly convenient also for small or family businesses to save on cost.
 * Business - For business entities up to 1000 Members. This plan offers the ability for companies to publically register their Business Name to protect their brand and to be verified and trusted by other users. Once subscribed, the user gains the Administrator role with the privilege of adding and removing Members as needed. The billing is usage-based (metered), caclulated on the actual number of Members during the past month. In this way the business pays for exactly what they use.

TopSecret Chat partners with Stripe strictly for handling the subscription payments and the billing legal requirements. When subscribing, a user can also preserve their anonymous status in the billing process if a nickname and a DEA (Disposable Email Address) is chosen at signup. All plans are on a monthly basis and users can cancel or switch plan.