No. atcomm uses your existing atproto identity. You publish a small keyPackage
record in your own repository (PDS) that binds your identity to a messaging key.
No separate account, no new username.
Is it really end-to-end encrypted?
Yes. Messages use DIDComm v2 authenticated encryption (ECDH-1PU). Only you and the
recipient can read them; mediators and any other infrastructure see ciphertext
only.
What can the mediator see, then?
Routing metadata: that an encrypted message is moving between certain messaging
keys, and roughly when. It cannot read message content. Minimizing metadata
further is future work.
Where do my keys live?
Your messaging private key is generated on your device and never leaves it. In this
proof of concept there is no key backup: a new device means a new key (and a new
keyPackage). Losing a messaging key never affects your atproto account.
Why is the demo web-only, and can I trust encryption in a browser?
The demo is a hosted web app so anyone can try it instantly, with no install, using
their real atproto identity. That convenience has a real cost: encryption delivered
through a browser is weaker than a native app. Your key lives in browser storage on a
page we serve, and that page is re-fetched on every visit, so each time you are trusting
that the served code has not been altered to leak your key. A native client (atcomm also
has a command-line client) does not have this problem, because a server does not
re-deliver its code on every use. Treat the web demo as a way to evaluate atcomm, not as
a hardened messenger; stronger key custody comes from a native client, or later an
installed extension or hardware-backed keys.
How do I know a message really came from who it claims?
The sender's atproto identity is carried in the message and is meant to be verified
against their published keyPackage. In the current proof of concept this
verification is not yet enforced, so attribution is shown as unverified.
Cryptographic verification is planned. See the spec.
Is anything stored on a blockchain?
No. Identity, keys, and routing use atproto, DIDComm, and DNS/HTTPS. There is no
ledger and no token.
Can I run my own server?
Yes. The mediator is open source (Apache-2.0) and self-hostable. Anyone can run one,
and independently hosted mediators interoperate by construction; you are never
locked into ours.
Can other apps implement this?
Yes, that is the point. The interop contract is the mediator plus two lexicons
(see the spec), not any particular app. Any client, in any
language, that speaks DIDComm and reads the keyPackage interoperates.
How is this different from the built-in direct messages?
The network's built-in DMs are not end-to-end encrypted. atcomm is, and it binds
messaging to your existing identity through an open, published specification that
any client can implement.
Why is the demo invite-only?
It is an early proof of concept running on infrastructure we operate. The protocol
itself is permissionless: anyone can enroll on a mediator they choose. To try the
hosted demo, request access.