F.A.Q.

Security

What 'end-to-end encryption' means?

A connection has an end-to-end encryption when the information is encrypted and decrypted on the end-users' devices and transmitted in encrypted form. This way even the service provider doesn't know what exactly is being transferred. This ensures that any third-party attackers cannot steal any information via hacking the communication channel or server.

How secure are the encryption algorithms used by TSM?

In order to preserve confidentiality, Salsa20 and Curve25519 with 256-bit key length are employed -- such algorithms have no single reported case of being 'cracked'. Besides that, the key itself is changed each time the chat participants are modified (old members' messages are unavailable for the new members of the chat), as well as being re-generated after exceeding of a certain period of time (usually one hour). This makes the task of hand-picking the key practically impossible.

Why does TSM not use SMS for authentication?

SMS authentication is insecure due to numerous vulnerabilities of the GSM protocol and also SIM card duplication. TSM uses secure identifiers for authorization: mobile phone and app IDs plus a one-time password confirmed with the user's digital signature.

Why TSM does not use person's address book for contact queries?

First and foremost, TSM is a secure messenger, which caters for user's privacy. Therefore TSM does not utilize user's confidential information, including their address book.

Why TSM doesn't send message notifications when the application is switched off?

In order to accomplish such a thing, TSM would have to contact third party services, which may require parts of user's personal information.

How plausible is data leakage if a TSM-enabled device is lost?

In order to get data from TSM, a TSM access passcode in conjunction with user's personal password are required. Chat history is kept encrypted, with the key only known to the user. Under security settings, it is possible to disable history logging completely on both the server and client (thereby having all the data being held on RAM when the app is active, and wiped from it after exiting the app).
Important to note: received files are stored on device unencrypted, hence the best course of action is to find a better way to store them immediately after obtaining them, as far as cybersecurity is concerned.

How to verify that third parties have no access to the information?

The only way to obtain information is through the TSM user application. If an unsanctioned access of a TSM-enabled device occurred and the keys were consequently stolen, then it would be possible to register a hijacker's device to user's account. However, whenever any device logs into the system, the user receives an access notification via email, rendering above-mentioned attack easily detectable.

How does TSM mitigate man-in-the-middle attacks?

TSM has a unique prevention mechanism against manipulating with the public keys. The advantage lies within its automatic key validation done whenever a new chat is created, removing the necessity of key verification via communication channels, compared to alternatives. Verification is done with the technology, which is similar to blockchain. If a fake key or an 'invisible' member is detected, the user's device reports the offense immediately and blocks any further message transmission to the malicious chat session.

If TSM servers get leaked, what kind of personal information will be revealed?

All nick-names and their relations will be uncovered. Since the device identifiers are stored in hash form, it is impossible to determine the real device that one uses though 'deciphering'.

What is done when an account is deleted?

During the account deletion, all chat messages and encryption keys are wiped, access to the user account gets blocked, and cloud storage is removed. Users who have established a contact with the person will see the status 'contact unavailable', additionally depicted by a red circle beside the username.
Notice: after the account gets deleted, the username itself becomes vacant, but completely isolated from its previous owner.

Why is key exportation needed?

The procedure is needed for the registration of a new device. Keys are exported to a file or a QR code, which can be read by the TSM app. In order to restore access to the personal account in case of device loss or malfunctions it is advised to export the keys to a file and put it in a safe place.
Warning: never send keys via web, because packets can always be intercepted. TSM is designed in a way, that even possession of encryption keys is insufficient to access one's account -- user's password is mandatory for that task, accordingly one should keep it in secret, thus being the most important security element.

Features

What do the envelope icon and its various colors represent?

Yellow color of the envelope means that the message has been successfully sent to the server. Once the message has been delivered to the receiver, the green envelope is displayed.

How to display a hint for a TSM element?

After pressing an element for a prolonged period of time, a text-box with a hint should appear.

Can all TSM users communicate with one another?

Only those users who have established a connection (“friendship”) can do. If connections are not confirmed, communication with such parties is only possible in a group chat, where they have been invited by their common friends.

Is it possible to install TSM on multiple devices?

Yes, it is possible. However, only one device can be connected to the network at a time.

How long does the message log stay on the server?

Messages in chats which have 'chat logging' feature turned on are stored on the server for an indefinite amount of time; the ones with 'deletion after reading' mode are kept until recipient fetches them or time runs out, the latter part can be configured; Messages in chats with 'online chat without logging' option activated aren't stored on the server at all.

What is the maximum amount of participants in a group chat?

In the free version, the number of group is limited to six participants.

What is the maximum file size for attachments?

The file should not exceed 5Mb.

How long do the transmitted files stay on the servers?

Files, sent in 'offline mode' are securely stored waiting for its recipient, and if kept for more than a week, are deleted. Files sent in 'online mode' are never stored on the server.

What does the grey color of the TSM title mean?

The grey color of the title with the label "TSM offline" written underneath means that there is no connection to the server at the moment. In this mode, it's possible to view previously received messages, but not to send any.

What does the question mark symbol near contact indicate?

The described symbol near the status field indicates that the user hasn't yet replied to the contact request. A question mark on the right of the contact's name represents that a contact request hasn't been sent at all. In order to do so or to view or delete a contact, click the 'info' menu next to the contact in question.

Up