Use of Third Party Services

We understand that the decision to integrate third party services in to a privacy focused chat client can be a controversial one, however we also believe privacy and convenience do not necessarily have to be mutually exclusive, and strive to create an app which can do both.

Opt-in by default

All third party services - including those which get routed through a proxy - must be explicitly opted in to by the user, either during app onboarding or in app settings. This allows Commet’s default state to be as secure as possible, while giving users the option to enable extra convenience features if so desired.

Minimizing Requests

When integrating third party services, we aim for a minimum viable implementation. That is to say we make the minimum amount of requests to third party services needed to achieve the desired functionality. We explicitly do not provide third party services with any information that is not strictly necessary. Commet will also only make third party requests as a result of direct user input, such as searching for gifs.

Proxy Service

We operate a simple http proxy service which Commet uses when communicating with third parties. This service does not store any logs of user activity. Real time logging may be temporarily enabled while attempting to debug the service but these logs will never be stored permanently.

Built With Privacy In Mind

The Commet client will never include any information in a request which could be used to identify users (unless the user explicity makes it do so, for example: typing your full name and address in to a gif search bar).

How We Do Things Differently

Implementations in the commet client are built to be as private as possible, minimizing the reliance on third parties. For example, when sending a gif sourced from a third party such as Tenor, other chat clients will usually send just a link to the gif. While this makes it faster to send and receive gifs, it also has numerous issues. Sending links like this allows the third party service to correlate traffic between users, and also requires that other clients know how to properly display the link.

Commet does this differently. We opt to reupload the gif to your matrix homeserver from the client side, and send the gif that way. While this makes the initial send of the gif a little slower, it maintains maximum compatibility with other Matrix clients. It also prevents the third party service from getting any information about where the gif has been sent.

Conclusion

We hope this has helped to explain our thought process when it comes to third party services. We are open to any and all feedback on how we can improve, so feel free to get in touch!