Updated on: 2 May, 2021
Technitium Mesh Privacy Policy
This document will help you understand what personal information we collect, what we don't collect/know, who can view it and how its used.
Information We Collect
Mesh does not require any user registeration and thus no personally identifiable information is collected except that the mesh.im web server maintains logging and will log your IP address and web browser details (which are usually logged by any web server) when you download the software from the website. You may use Tor Browser to download the software if you wish to mask your real IP address and web browser details.
We keep basic web server logs for statistical purpose.
Mesh uses HTTPS secured connections for queries to mesh.im to check for updates and for finding initial peers for DHT bootstrapping process. At no point the software transmits data in clear text over the network.
Information We Don't Collect/Know
The profile that you create with Mesh is encrypted using the encryption password that you set and stored locally on your computer. Technitium does not have access to this password and if you forget this password you will lose all your data including messages in that profile.
The Mesh encrypted profile that you create contains your RSA key pair. The user identifier is generated using your RSA public key and a random number such that the identifier can be used to verify the public key. The public key is also transmitted to peers you communicate with for establishing an end-to-end encryption channel.
When using peer-to-peer Mesh profile, peers in a group connect with each other directly over the Internet or LAN using TCP protocol in a full mesh network form. Anyone, who comes to know about the name of the chat group and its shared secret/password, that you are using to chat with your peers, can find out IP address of most of the peers. Thus, care should be taken not to disclose the name and password of the chat group.
When using anonymous Mesh profile, all the peer-to-peer activity occurs over Tor Network and thus your IP address and identity is protected. However, anyone knowing the chat group name and its shared secret would be able to connect to the group and read any new messages being sent.
Who Can View Your Info
The profile you create contains details like name, display image and status. All these details are shared with your peers to help identify you.
When using peer-to-peer profile, Mesh will be connecting directly to your peers over the Internet or LAN using TCP and thus your peers know your IP address and so do you know their IP address.
How We Use Your Information
Mesh is designed such that we do not have any information about you. So, we can do pretty much nothing with your non-existing data.
Other Privacy Considerations
Mesh is designed as a peer-to-peer, anonymous, instant messenger that provides end-to-end encryption with prefect forward secrecy so that, user's instant messages are protected from passive network surveillance. However, it should be clear that Mesh cannot protect you against active attacks like malware/keyloggers infecting your computer or active surveillance that can find out which peers you are communicating with. If your computer is hacked or infected with malware/keylogger then, it will be able to read all the keys that you type on your keyboard and read all files on your computer. You should use a good anti-virus solution to protect your computer from common threats. If you doubt that your computer is infected, you should immediately format and reload the operating system. Always keep backup of your important data on external storage devices and encrypt the whole device with a strong password.