7. Metadata and Privacy
This chapter is part of an initial draft specification. Enkrypted Chat has not been independently audited. Content may change.
7.1 What this chapter covers
Metadata is data about communication, not the message plaintext. Enkrypted Chat minimizes metadata where practical but cannot eliminate all leakage in a WebRTC + broker architecture.
7.2 Metadata inventory
| Metadata | Who may observe | Intentional? | Mitigation |
|---|---|---|---|
| Peer IDs | Signaling server, peers | Required for connectivity | Random IDs; self-hosted broker |
| IP addresses | TURN, peers, ISP | Unavoidable for WebRTC | VPN (user); TURN policy |
| Connection times / online | Peers, possibly broker | Partially unavoidable | — |
| SDP / ICE details | Signaling server | Required for setup | WSS, self-host |
| Message timing & size | Network, TURN in relay mode | Unavoidable | Padding (future); traffic analysis awareness |
| Typing indicators | Peers if enabled | Optional feature | Disable where implemented |
| Read receipts | Peers if enabled | Optional feature | Disable where implemented |
| Static asset fetch logs | CDN operator | Unavoidable for web delivery | Self-host bundles |
| Analytics (if enabled) | Site operator | Product-dependent | Documented separately |
7.3 Intentional vs unavoidable
- Intentional (product choices): Optional UX metadata (typing, read receipts), federated module telemetry if configured, nLevel analytics on website (see deployment docs).
- Unavoidable (protocol): IP exposure, traffic timing, signaling presence while connected to broker.
7.4 Privacy-by-design and regulation
Positive Intentions aligns design with common privacy principles:
| Principle | How architecture supports it |
|---|---|
| Data minimization | No central message archive |
| Purpose limitation | Brokers used for connectivity, not content mining |
| Storage limitation | Ephemeral sessions; local persistence user-controlled |
| Integrity & confidentiality | Layered E2EE (experimental, unaudited) |
| Transparency | This specification and public docs |
GDPR / CCPA / HIPAA: Mentioned as design alignment only. Enkrypted Chat is not certified for regulated health or enterprise compliance. Organizations MUST perform their own DPIA and legal review before use.
7.5 Comparison to “no metadata” claims
Marketing language implying zero metadata is inaccurate for this system. Accurate statement:
Message content is not stored on Positive Intentions message servers because none exist; metadata may still be visible to peers, relays, signaling operators, and network observers.
7.6 User controls
Users SHOULD:
- Self-host signaling and static assets when threat model requires it.
- Configure trusted TURN servers; understand relay-mode implications.
- Disable optional metadata features where available.
- Not clear site data without backing up recovery material (when at-rest encryption ships).