Hoccer XO Privacy & Security Statement

Hoccer XO is designed as a privacy preserving communication service with a high level of information transfer security.

We do not request any personal data from you right now. In the future we might add some voluntary directory service. But right now your identity is just a random number.

German data protection laws require a service to be used anonymously or pseudonymously if possible, and we comply with this requirement. In order to deliver messages however we have to assign you a pseudonymous identity in form of a random client id.

There is also some other data that is transferred or generated by using the Hoccer XO service.

In particular, when you use Hoccer XO, we can see the following data:

  • the IP-address of your device when you are directly connected to the service, or the IP-Address of a router when you are in a network using NAT, which is typically the case when you connect via WLAN
  • the IP-Addresses of your communication partners when they are connected to the service
  • the amount of data you transfer to them
  • the time when you send and receive messages
  • the time when you log on and log off
  • the public keys used
  • the type of operating system and client version you are running
  • a persistent random number representing your client id
  • the chosen nicknames
  • the chosen avatars

However, the only data we store permanently is the random number representing your client id, the relationship to other client ids (friend, blocked), the group membership and the last time when some of this information was changed. You may change avatars, nicknames and public key at any time.

We use and require this data exclusively for the operation of the service. All other data is only stored for the minimum period required to transmit the data to the receivers. We try hard to minimize the amount of data we have to store at any given time for privacy, cost and performance reasons. Generally we also do not keep log files but may have to temporarily enable logging for troubleshooting and performance optimization purposes.

We do not know anything about the content of the messages you transfer except its size. We cannot read the content of your messages; we do not know the file type, the name or the content of attachments. All this data leaves your device only encrypted with a random 256 Bit AES key, which is transferred to the receiver encrypted with his public RSA key.

We also do not know any phone numbers or E-mail addresses of you or your communications partners. When you send invitations via SMS or E-Mail, this happens outside the scope of our system, so we do not know, store or transmit the phone number or E-Mail address of the people you invite.

Hoccer XO accesses your address book and you location data only to create encrypted attachment data, and no information from your address book or location data is transferred to our servers in a form we can decipher.

Usage of Encryption in Hoccer XO

First of all, we use SSL/TLS encryption for all connections from client to server and between our servers. We use pinned certificates, so we do not rely on the usual trust chain used in web browsers that we consider broken. There are too many certification authorities out there that are either compromised, can be tricked into signing fake certificates or are willing to do so when requested by authorities in many countries with weak privacy laws.

Therefore we believe that the known man-in-the-middle-attacks on SSL-connections using fake certificates will not succeed with Hoccer XO. Even the metadata we see listed above is very probably safe from third parties.

However, there is another layer of encryption that protects the content you transfer. We use RSA2048 (optional up to 4096 BIT) public key encryption in combination with AES256 to encrypt your data so that only the recipient is able to read it. Person-to-Person messages are encrypted with a unique 256 Bit AES key. For every message a new random key is generated. This key is sent along with the message encrypted with a 2048 Bit RSA public key of the receiver. The private key to decrypt it resides only on the device and never leaves it.

For group chats, there is a similar mechanism, although there is an AES key shared by all group members. This key is generated by the admin and transferred to all group members encrypted with their public RSA key. We also use proper random salts in the right places to avoid that repeated messages will result in the same cyphertext.

The RSA key pairs can be renewed at any time. The system takes care to redistribute them automatically. You can see a hash of the public keys (key id) of each contact in the contacts profile. You can verify the key id with you partner over the phone for additional security and mark it as verified, so you will see when a public key of your partner has changed.

You can also import and export RSA keys to inspect them or provide your own keys if you do not trust the ones that are automatically generated. For random AES key generation we combine the output of different generators.

In general we use well known standard cryptographic primitives and a very easy-to-understand protocol for key exchange and message encryption.

For user authentication we use  SRP, the Secure Remote Password Protocol that allows each side of the connection to be authenticated against the other side. You also do not get a chance to screw up security by using a bad password because we use a good random one that you never have to enter. However, you can export your credentials in a password-protected container for backup purposes.

We do our best to make sure that the contents of your communication is safe from being read by anyone except the intended receiver, and we are not aware of any feasible method how an eavesdropper on your internet connection might be able get access to the content of your messages, and the current public state-of-art in cryptography research indicates that although some weaknesses in the RSA and AES encryption exist, a successful attack on the Hoccer XO cryptosystem is very unlikely.

Nevertheless Hoccer XO is not designed to purposely defeat law enforcement or attacks employed by powerful adversaries like well-equipped military or authoritarian governments.

While even powerful adversaries with the capability of intercepting and manipulating the whole internet traffic leaving or entering a country very probably can not gain access to the content of your messages, they might deduce who you are communicating with by traffic analysis, observing the timing and size of the data you and your communication partners exchange with a Hoccer XO server. Traffic analysis probably will not succeed when communication partners exchange only text messages and are never online at the same time.

Hoccer XO also is only as secure as your device and the devices of your communication partners, including the security of your backups. If the integrity of a device is compromised by malware, manufacturer backdoors or gets lost or seized, the content of your communications might be compromised. So keep in mind that everything that is written down, recorded, filmed or photographed has the inherent potential of becoming public. If you absolutely do want to keep something secret, do not record it in the first place.

XO Nearby Mode

Within the “nearby” mode of Hoccer XO, your client transfers its location data to our server using transport encryption. This information will only be used for the purpose of this feature: to identify people around you (who are also in nearby mode) to start a public conversation. The moment you leave the “nearby” mode, all location information will be deleted immediately from the Hoccer servers. All messages and attachments you send in “nearby” mode are protected by Hoccer’s usual end-to-end security standards. However, when sending into a nearby group you should keep in mind that other participants might join at any time and receive your message. If you want want to avoid this, you can enter into a chat with a specific “nearby” contact listed below the nearby group.

Server Security

First of all, we do collect as little data as possible. There simply is not much data on our servers an attacker might be interested in for financial or intelligence gathering reasons. The only message data stored on our servers is the data that is currently in transit, and even this data is encrypted.

The most valuable data would be the user accounts. But as the passwords are automatically generated random strings, even a leak of this database would not help anyone to gather access to other services like it often happens when user databases are stolen because many people use the same password with many other services on the net.

Nevertheless we don’t want anyone tampering with our servers, so we take all reasonable precautions to secure our servers, keep the system software up to date, run no unnecessary services on them, use automated tools to track software and configuration changes, keep system logs somewhere else, do not run services as superuser, have only personalized logins requiring client certificates, monitor activities on our servers and do many other things that are just good practice when running servers on the internet. However, we are neither a military operation nor a bank, so we have no armed guards securing our servers, but….

The only successful attack on our infrastructure in order to get access to your messages would be if someone would tamper with the client code, but this would be even more difficult to do undetected, and quite expensive.

The most probable scenario would be an attack on your device, installing malware onto it that would be able to transfer data from your device and screenshots to the attacker. In this case you would have a much bigger problem because such malware could also eavesdrop on whatever you are saying in the presence of your phone.

Therefore we believe that an attack on us is not very likely to happen at all and even less likely to succeed.

Can you trust us?

We use a proprietary communication protocol, the source code is not public, and all messages pass our servers, so why should you trust us? How can you be sure that there are no backdoors in our system and we do not directly pipe your messages into some government database? Well, frankly, you can’t be sure. At some point, you have trust us, and we hope you will. One motive for us to develop Hoccer XO was the lack of chat systems that are trustworthy, offer a good feature set, performance and are simple to use at the same time. There would be no reason for Hoccer XO to exist if we compromise the privacy and security of our users. Here are a number of reasons why you might decide to trust Hoccer XO more than most other products:

  1. You do no have to provide any personal information to us that reveals your identity
  2. We are engineers, and we take proud in designing a secure system and would simply refuse to spend a lot of effort on making the system secure, and then make all this efforts worthless by intentionally putting in backdoors
  3. The future of our company depends on the trustworthiness of Hoccer XO, so we try hard to earn your trust
  4. German data privacy laws and competition laws are very strict, and according to German penal law (§ 202a) we might even face prison penalty if we gain unauthorized access to your data
  5. Keeping the system secure and preserving privacy also reduces our burden and risks. If we had access to the message content, there would be a higher risk that an attacker might gain access to the data of our users, and we prefer to be safe than sorry. We cannot lose what we don’t have. An additional advantage for us is that with the Hoccer XO mandatory end-to-end encryption we do not need to worry about the kind of content passing our servers because we simply cannot know what it is. Any content that leaves your device is just unreadable gibberish for us, and only the intended recipient can make sense of it. You can be sure that we are happy to keep it this way.

Is Hoccer XO a tool for Terrorist, Criminals and Copyright Infringers?

We believe that almost all of our users will use our service for harmless and legitimate purposes, but we cannot rule out that some users also might use the service for illegal activities. However, this is the same case with any E-Mail service, the Telephone and the postal service that can even be used to send physically harmful content to people, but despite of the abuse potential of all these services the benefits for the legal users outweigh the abuse potential to such a degree that no one would propose to shut them down or make the providers liable for abuse.

Hoccer XO even with its privacy preserving properties is not substantially different regarding abuse potential. You can use Hoccer XO pseudonymously, but you can also drop a letter in a mailbox or make a call on a public phone without identifying yourself, and you can also obtain anonymous E-Mail accounts or use most systems on the Internet without providing your identity.

End-to-End encryption can be easily used with E-mail employing PGP, and you can also encrypt your file transfers over the Internet with a large number of tools. Every office program offers the option to encrypt you files.

Therefore we do not see that Hoccer XO specifically gives criminals a technological advantage over what is already available, and it can be assumed that people with evil intent also will be more inclined to make the additional effort of securing their communication.

Why do I need end-to-end security?

Normally we do not want to make special efforts to communicate securely. We most of the time assume that nobody will be interested in our communication anyway, and we take for granted that the security of the system we use is good enough for our purposes.

This is often true, but also often false. With most other chat systems, the messages and the files you transfer can not be only read and stored by the service provider, but in some cases also by any computer or device your data is passing through. Also storage capacity is cheap, and it is possible that a message you send today might appear twenty years later in the public.

It is our position that you should not have to worry about whether your loveletters, your grieving, your personal sorrows, your rage, your appointments, your financial concerns, your pictures, your personal movies, your political opinions, your religious beliefs and whatever else you might share with friends and family members will be stored in databases operated by people you do not know.

We do not claim that Hoccer XO is absolutely secure. Everybody who makes such a claim about any system is lying. However, when using Hoccer XO you can reasonably expect that only the intended recipients will see what you send, and neither we nor any eavesdropper on the Internet can access your messages.

What price do I pay for this additional security?

We do not mean that you have to pay us for enabling the security features of Hoccer XO. They are an integral part of Hoccer XO and will stay this way, and while we intend to offer you additional paid services in the future, there always will be a secure and free Hoccer XO client.

However, additional security does never come for free. Normally the price you have to pay is that secure systems are harder to operate, you have to remember and change passwords, and there is a performance penalty. We tried very hard to make Hoccer XO simple to use and secure at the same time, so you typically will not be aware of XO’s security features.

The only place where you will encounter the security features in the user interface is the Profile view, where a key id is shown, and the function to renew your own key.

The real penalties you pay is that connecting to the Hoccer XO server might take slightly longer than with less secure services. The key negotiation for the transport layer and a secure login takes some time, but with a good connection you will hardly notice it. With a bad connection however this process may take a couple of seconds.

The second penalty is a slightly higher power consumption when transferring content, and with very fast connections attachment transfers can be slightly slower compared to other systems without encryption because during the transfer in fact the data is encrypted twice, the transport layer encryption and the end-to-end encryption.

You have to judge yourself whether the security is worth these performance penalties for you.

And finally, you might be aware that on Apple iOS no message text will be in a notification when the Hoccer XO App is not running – you just get a text that a number of messages have been sent to you, and you need to launch Hoccer XO to read them. The reason for this is that we cannot use end-to-end encryption when one end is not running our code, which is typically the case when receiving system notifications Apple iOS. Apples Terms of Service explicitly state that you must not use their notification service to pass confidential data. Therefore, if you receive a message via the notification service of a competing chat service, this service is either violating Apples Terms of Service or considers your message not to be confidential.

We hope that in the future Apple will make it possible for Apps to execute own code when a notification arrives so we can offer you seeing the message text in the notification. Until then you can see an advantage in the fact that you will be made aware that a message has arrived, but someone sitting next to you will not be able to read the message text.

Where is my password and login?

Password and login are both random strings that are stored in your system keychain. When you delete the Hoccer XO App both are preserved, so when you reinstall it, you will be asked if you want to use your old identity or create a new one.

Why can’t I find friends using their phone number or E-Mail Address like in other chat services?

First of all, if you have your friends’ phone number or E-Mail Address, you can send them a message with an invitation code from Hoccer XO. However, we at Hoccer do not want to collect phone numbers or E-Mail addresses, especially not contact data about people from your address book who probably would not like it when you upload their contact data to some service without their consent.

The way Hoccer Invitations work the E-Mail Addresses and Phone numbers of the people you invite stay on your phone. The invitation is send directly from your phone to the invited person. It has the additional benefit that we do not have to pay for the short messages.

In a Nutshell

Among comparable messaging and chat systems Hoccer XO is one of the most privacy preserving and secure systems for information exchange in the market. We believe it is a good compromise between functionality, user friendliness and the level of security and privacy it offers.