6min

Data encryption

Messaging

Glacier leverages the OMEMO (OMEMO Multi-End Message and Object Encryption) protocol, an adaptation of the Signal Protocol for all messages (text, media, audio, video).

Glacier supports multiple devices associated to the same account. A Glacier session is set up between each device. Messages are encrypted and authenticated with a random key and the encryption of that key is sent as message content of a Glacier message.

Double Ratchet algorithm to establish secure sessions between every combination of devices for you and your contact(s). The Double Ratchet Algorithm uses Curve25519AES-256, and HMAC-SHA256. These sessions are then being used to communicate secure keys to all devices. Glacier will generate a new key for every message. That key is used to encrypt your message with AES-GCM.

Glacier end-to-end encryption provides the following guarantees:

Guarantees

Description

Confidentiality

Nobody else except sender and receiver is able to read the content of a message.

Forward Secrecy

Compromised key material does not compromise previous message exchanges. It has been demonstrated that OMEMO provides only weak forward secrecy (it protects the session key only once both parties complete the key exchange).

Break-in Recovery

A session which has been compromised due to leakage of key material recovers from the compromise after a few communication rounds.

Authentication

Every peer is able to authenticate the sender or receiver of a message, even if the details of the authentication process is out-of-scope for this specification.

Integrity

Every peer can ensure that a message was not changed by any intermediate node.

Asynchronicity

The usability of the protocol does not depend on the online status of any participant.

Video and Voice calls

Media shared in voice and video calls is encrypted end-to-end and can never be accessed by Glacier. Each participant negotiates a separate DTLS/SRTP connection to every other participant. All media published to or subscribed from the call is sent over these secure connections, and is encrypted only at the sender and decrypted only at the receiver.

Glacier does not mediate in the media exchange, which takes place through direct communication among the Glacier users. The only exception is when media exchange requires TURN. In that case, a TURN server will blindly relay the encrypted media bits to guarantee connectivity. The TURN server cannot decrypt or manipulate the media.

Calls made outside (external) of Glacier using Glacier Dial are encrypted with TLS/SRTP to our servers. Calls are then routed on your behalf to the Public Switched Telephone Network (PSTN). The call data from Glacier servers to the non-Glacier user is unencrypted.

Message privacy

Your messages are secure and private. They can only be read by you and the recipients of your messages. We cannot prevent someone from using a camera to take a picture of a message on a screen, so we recommend practicing safe message handling, using Disappearing Message Timers, and keeping your device locked with a strong passcode. 

In addition, Glacier cannot read or decrypt any messages. Messages are encrypted by the sending device and go through our servers in encrypted form, and are then decrypted by the receiving device using Glacier Chat. Our servers do not have access to decrypted messages or keys, which ensures your privacy and security.

Logging

Minimal logs are kept for the purpose of continued operation and maintaining system integrity. None of our logs contain user communications, message content, or message tracking information. What little they do record contains only sender and receiver device information, and only while encrypted messages are routing through the system.

Updated 11 Nov 2021
Did this page help?
Yes
No