TECHNOLOGY

Security & Privacy

Last updated: August 2, 2024

We were tired of Silicon Valley companies telling us that they "take our privacy and security very seriously", while having regular data breaches and storing our personal data unencrypted in their databases — ripe for the picking by hackers and rogue employees. We were tired of fake "privacy settings" that offered no real privacy.

So we decided to completely reinvent how Internet software is built.

Our team of information security veterans spent several years designing and implementing a completely different approach to building web-based software.

Group Income does not have a traditional database to speak of. We do not use cookies. In Group Income, most of the activity that traditionally occurs on the backend instead occurs on the frontend, and everything is end-to-end encrypted by default.

Your data is encrypted on your device with a key that doesn't leave your device. This encrypted data is stored encrypted on our servers. We do not have access to your keys. Data is decrypted locally, by your device. This means we cannot read your encrypted data.

To do this, we created a brand new end-to-end encrypted, federated protocol called Shelter Protocol.

How Does Group Income Protect My Data?

We use end-to-end encryption

  • In layman's terms: Group Income's privacy and security is better than websites like Facebook, Twitter, Google, and even your bank's website, as these services do not even attempt to end-to-end encrypt your data because it undermines their business model (see "surveillance capitalism").
  • In geek terms: your data is end-to-end encrypted using keys derived from your password, a hardening algorithm (scrypt), and a random salt. See the Shelter Protocol for details. Note that although we do take steps to strengthen your password, using a weak password can still undermine your security, so pick a strong, unique password.

Every part of Group Income, not just the frontend, is open-source. Because the protocol is a federated protocol, anyone can run a Group Income server if they do not trust ours (and can still interact with users on other servers).

In addition to the end-to-end encryption offered by the Shelter Protocol, our server for Group Income uses full-disk encryption. Please note, full-disk encryption may not exist on other community-run servers.

By default, all chatrooms in Group Income are end-to-end encrypted. However, we provide the option for users to create public chatrooms to give communities options when it comes to building open and inclusive communities. As their name suggests, public chatrooms are not end-to-end encrypted to make it easy for users of Group Income to bridge them with other services, should they choose to do so. Please see the section titled "Note On Public Chatrooms" below for more details.

We do not have Third Party Service Agreements in place

Group Income does not share your data with any third-party service, and therefore we have no need of such agreements.

As mentioned in previous sections, the data in public unencrypted chatrooms is public and should be treated with the same care and expectations of privacy that you should have with normal social media: that is, you should have zero expectation of any privacy for the content you post to public chatrooms. By default, chatrooms are non-public, and like direct messages, they are end-to-end encrypted.

Certain possible future features might necessarily require some of your data passing through third-party servers. For example, while we can end-to-end encrypt some types of notifications (push notifications), other types such as email are more difficult to encrypt. We will update this privacy policy in the future as necessary to give any disclosures should we choose to implement email notifications (or other notifications) that cannot be encrypted. In all cases, such notifications will be opt-in on the part of the user.

Note On Public Chatrooms

By default, all chatrooms in Group Income are end-to-end encrypted and are private to group members only. Really private - not even the server admin can read them.

However, Group Income has the ability to let users create public chatrooms. The data in public chatrooms is intended to be completely public and should be treated with the same care and expectations of privacy that one has with normal social media: that is, you should have zero expectation of any privacy for the content you post to public chatrooms.

For this reason, public chatrooms are moderated by both the group admins and the server admins. Each server and group can have its own moderation rules. Posting illegal content to such chatrooms could get your entire group banned. Admins may choose to completely disable the option of public chatrooms to avoid moderation headaches.

Note On Metadata

The following metadata is visible to us and not anyone else:

  • Usernames registered
  • IP addresses (useful in case our servers come under DoS attack)
  • How many groups are on our server
  • For each group, how many invites have been created and used (but not who has used them)
  • Server log information such as the URL requested, time of request, and user agent
  • Any billing-relevant information

The following metadata is public:

  • If you already know the username of someone on a server, you can get their identity contractID. This doesn't tell you anything about them (as the contents of an identity contract are encrypted by default), but perhaps it could be useful for something.

If you'd like to use Group Income completely anonymously, pick a unique username that you've never used on any other service before, sign up with a completely fake/made up email (we do not verify them), access our website over a VPN or Tor, and avoid exposing any information about yourself in an unencrypted, public chatroom.

Additional notes on emails, password, and billing details

  • Currently, we do not use your email for anything. In the future, we might use it to send you notifications that you've requested (e.g. "please let me know when a new group member has joined").
  • Your password is used to decrypt your data locally on your device. We combine your password with a random server-generated salt, and a password strengthening algorithm (scrypt) to encrypt your data.
  • We do not have billing implemented. We plan to use the Bitcoin Lightning Network for billing and user-to-user payments in the future. Other payment options are possible, but our focus is on Bitcoin at the moment.

Note On Analytics

Group Income is a federated system with multiple independently run servers. As far as our server goes, we have access to basic analytics like how many groups and how many users our server is hosting. We know how much space the data takes up. Like all web servers, we know the IP address that is used to access our servers. The IP address is useful in case our servers come under DoS attack (that way we can block malicious IPs).

As far as independent federated servers go, we have no access to the data stored on them at all. If and when analytics are implemented (to collect basic information about the health and size of the federation), then server operators might be able to share that information with us. Such information sharing will be up to the discretion of each server administrator. This page will be updated with information about any such analytics if and when they are implemented. Any such hypothetical analytics features will be managed and stored by us only — the first-party — and never by a third-party (e.g. "Google Analytics", etc.).

Currently, we do not have any federated usage statistics, so we only know what you tell us via our community forums. We'd very much appreciate it if you do share your Group Income experiences with us, as it's always nice to hear from our users.

Note on Third-party Servers

If you are using Group Income on a third-party server (one not hosted by us), please be advised that we have absolutely no control over that server, we cannot guarantee its integrity, we cannot guarantee that it's running the same code, we are not responsible for anything on it, and you should only use servers run by someone you trust.

We maintain a list of third-party servers on our website, but we cannot verify the integrity of any of them. Only use a server you trust, or run your own. We will remove any server from the list for which we receive a lawful order.

Who we share this information with

Nobody. If we are forced by a court to share information with a government body, the data we can share with them is described above in the section "Note On Metadata".

Future features that cannot avoid using third-party services (e.g. some types of notifications) may necessarily expose limited data to some third-party providers should users choose to enable such features. See the section above on third-party agreements for more details.

Please bear in mind, everyone you've authorized to read your messages (e.g. the other people in your group), clearly have access to whatever information you choose to disclose or share with them, and information shared in public chatrooms is… public (see section "Note On Public Chatrooms").

Group members can read the information in the group because they share a secret key. Again, this secret key is available only to group members, not us. Similarly, direct messages can only be read by sender and recipient.

Data Risks

Every online service, no matter what type of encryption is used, no matter how it's designed, has data risk. There is always a chink in even the best armor — attacks that cannot be protected against.

The same is true of our service. While we have significantly raised the burden necessary to achieve data disclosure, we have not eliminated it. Potential security holes in the software that we use, or bugs in our software, may exist that would allow a determined attacker to break the security and exfiltrate data. To the best of our ability we have mitigated against this. We can say that Group Income protects your data better than the vast majority of software services out there, but we cannot guarantee that your data will never be exposed, and anyone who does give you such guarantees is deceiving you.

The only real way to guarantee data safety is to avoid using online services entirely. Even better would be to avoid using computers altogether.

Questions

If your question wasn't answered on this page, please ask it on our community forums.