You host your own service, which can also federate with other Databag nodes. It is Public-Private key based identity (not bound to any blockchain or hosting domain) and End-to-End encrypted (the hosting admin cannot view sealed topics, default unsealed).
This is not a service for finding friends in your contact list. You, or your organisation, hosts the service, and has completely private and secure chatting amongst yourselves.
Another use-case may be if you are visiting a foreign country which blocks many public messenger services. This app would connect back to your private server, which is very unlikely to have been blocked.
See https://github.com/balzack/databag
#technology #opensource #privacy #selfhosted
i’m cross-posting my comment originally from this thread about some other snakeoil to these two threads about databag i see now:
is the databag protocol/design documented somewhere? does it claim to have forward secrecy?
from a quick glance I see here they’re generating an AES key from a passphrase and using it to encrypt an RSA private key, which is… not a good sign.
fwiw https://simplex.chat is another thing which seems to have similar goals and functionality but is better documented.