A connection has an end-to-end encryption when the information is encrypted and decrypted on the end-users' devices and transmitted in encrypted form. This way even the service provider doesn't know what exactly is being transferred. This ensures that any third-party attackers cannot steal any information via hacking the communication channel or server.
In order to preserve confidentiality, Salsa20 and Curve25519 with 256-bit key length are employed -- such algorithms have no single reported case of being 'cracked'. Besides that, the key itself is changed each time the chat participants are modified (old members' messages are unavailable for the new members of the chat), as well as being re-generated after exceeding of a certain period of time (usually one hour). This makes the task of hand-picking the key practically impossible.
SMS authentication is insecure due to numerous vulnerabilities of the GSM protocol and also SIM card duplication. TSM uses secure identifiers for authorization: mobile phone and app IDs plus a one-time password confirmed with the user's digital signature.
First and foremost, TSM is a secure messenger, which caters for user's privacy. Therefore TSM does not utilize user's confidential information, including their address book.
In order to accomplish such a thing, TSM would have to contact third party services, which may require parts of user's personal information.
In order to get data from TSM, a TSM access passcode in conjunction with user's personal password
are required. Chat history is kept encrypted, with the key only known to the user. Under
security settings, it is possible to disable history logging completely on both the server and
client (thereby having all the data being held on RAM when the app is active, and wiped from it
after exiting the app).
Important to note: received files are stored on device unencrypted, hence the best course of action is to find a better way to store them immediately after obtaining them, as far as cybersecurity is concerned.
The only way to obtain information is through the TSM user application. If an unsanctioned access of a TSM-enabled device occurred and the keys were consequently stolen, then it would be possible to register a hijacker's device to user's account. However, whenever any device logs into the system, the user receives an access notification via email, rendering above-mentioned attack easily detectable.
TSM has a unique prevention mechanism against manipulating with the public keys. The advantage lies within its automatic key validation done whenever a new chat is created, removing the necessity of key verification via communication channels, compared to alternatives. Verification is done with the technology, which is similar to blockchain. If a fake key or an 'invisible' member is detected, the user's device reports the offense immediately and blocks any further message transmission to the malicious chat session.
All nick-names and their relations will be uncovered. Since the device identifiers are stored in hash form, it is impossible to determine the real device that one uses though 'deciphering'.
During the account deletion, all chat messages and encryption keys are wiped, access to the user
account gets blocked, and cloud storage is removed. Users who have established a contact with
the person will see the status 'contact unavailable', additionally depicted by a red circle
beside the username.
Notice: after the account gets deleted, the username itself becomes vacant, but completely isolated from its previous owner.
The procedure is needed for the registration of a new device. Keys are exported to a file or a QR
code, which can be read by the TSM app. In order to restore access to the personal account in
case of device loss or malfunctions it is advised to export the keys to a file and put it in a
Warning: never send keys via web, because packets can always be intercepted. TSM is designed in a way, that even possession of encryption keys is insufficient to access one's account -- user's password is mandatory for that task, accordingly one should keep it in secret, thus being the most important security element.
Yellow color of the envelope means that the message has been successfully sent to the server. Once the message has been delivered to the receiver, the green envelope is displayed.
After pressing an element for a prolonged period of time, a text-box with a hint should appear.
Only those users who have established a connection (“friendship”) can do. If connections are not confirmed, communication with such parties is only possible in a group chat, where they have been invited by their common friends.
Yes, it is possible. However, only one device can be connected to the network at a time.
Messages in chats which have 'chat logging' feature turned on are stored on the server for an indefinite amount of time; the ones with 'deletion after reading' mode are kept until recipient fetches them or time runs out, the latter part can be configured; Messages in chats with 'online chat without logging' option activated aren't stored on the server at all.
In the free version, the number of group is limited to six participants.
The file should not exceed 5Mb.
Files, sent in 'offline mode' are securely stored waiting for its recipient, and if kept for more than a week, are deleted. Files sent in 'online mode' are never stored on the server.
The grey color of the title with the label "TSM offline" written underneath means that there is no connection to the server at the moment. In this mode, it's possible to view previously received messages, but not to send any.
The described symbol near the status field indicates that the user hasn't yet replied to the contact request. A question mark on the right of the contact's name represents that a contact request hasn't been sent at all. In order to do so or to view or delete a contact, click the 'info' menu next to the contact in question.