Chatto: Open-source team messenger with privacy at its core

In an era where teams are increasingly seeking alternatives to commercial messaging platforms, self-hosted solutions are gaining traction. Chatto has recently joined this burgeoning landscape with the release of its software under an open-source license, allowing users to run the application on their own hardware. Designed to compete with established team messaging services, Chatto ensures that message data remains under the control of the operator’s infrastructure.

Installation is straightforward, requiring only a single executable. Users can simply drop the binary onto a machine, execute it, and voilà—a fully operational chat server complete with its own web frontend. The software supports builds for Linux on x86_64 and ARM64, macOS, and Windows. A basic setup does not necessitate a separate database, while larger deployments can easily scale using Docker Compose or Kubernetes.

What the encryption covers

At the core of Chatto’s design is a robust privacy framework that begins at the account level. The application encrypts message text and selected durable account fields using per-user keys. This means that each user’s data is locked to keys specific to their account, ensuring that the plaintext is accessible only to the individual. When a user decides to delete their account, the server engages in crypto-shredding, effectively destroying the keys associated with that account. Consequently, the data becomes unreadable, and recovery is no longer feasible, even from backups that may still contain the encrypted information.

This encryption model provides a tangible impact on account deletion. When a user departs, they take the readability of their content with them, as the keys that once unlocked it are permanently removed.

It is important to note that certain fields and assets remain outside the encryption boundary and are stored in plaintext. The per-user keys specifically cover message text and selected durable account fields, which comprise the encrypted data set. Operators can access a record detailing which data is protected by keys and which is stored in the clear, allowing them to assess the adequacy of their protection measures against their own requirements.

One server, one community

Each Chatto server is dedicated to a single community, housing its own users and messages while keeping that content isolated from others. This design choice restricts the reach of any particular conversation, as messages reside solely on the server operated by a single entity. Users who belong to multiple communities can connect directly to each server from the client. Operators managing more than one community will need to initiate a separate process for each. Notably, Chatto does not incorporate third-party tracking or analytics.

Additionally, built-in voice and video calls, complete with screen sharing capabilities, utilize end-to-end encryption, ensuring that call media remains accessible only to participants. The capacity for calls is determined by the operator’s hardware capabilities.

A hosted option on European infrastructure

For teams that desire the privacy benefits of self-hosting but prefer to delegate server management, a hosted service is on the horizon. Chatto Cloud is set to enter public beta soon, offering paid hosting for Chatto servers. This service will operate on European and European-owned infrastructure, a significant consideration for organizations with data residency obligations in the region. Plans are in place to expand to additional regions by early 2027. Importantly, servers on Chatto Cloud will maintain compatibility with self-hosted versions, allowing operators the flexibility to transfer their data into or out of the service as needed.

Chatto is currently available for free on GitHub.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!

AppWizard
Chatto: Open-source team messenger with privacy at its core