FAQs
What is Germ DM?
How does Germ work?
How is Germ different from other E2EE messengers?
What does Germ know about me? How do you know it?
Where are my messages saved?
What about backup?
How do you use cryptography?
What cryptographic libraries do you use?
Why is it called Germ?
Who builds Germ?
How do I get more involved?
What is Germ DM?
Germ DM is private chat software that gives you the freedom to
connect securely with anyone, without oversharing. It is currently
available in public beta on iOS.
Our beta is a 1:1 end-to-end encrypted text messenger. This first release lets you build and share multiple profiles to form 1:1 chats with other iOS users, all without phone numbers. We are growing as fast as we can to give you the features and products you expect, like group messaging and an Android product.
Our beta is a 1:1 end-to-end encrypted text messenger. This first release lets you build and share multiple profiles to form 1:1 chats with other iOS users, all without phone numbers. We are growing as fast as we can to give you the features and products you expect, like group messaging and an Android product.
How does Germ work?
Germ DM is an iOS app that lets you create and exchange identities to access
private messaging. Your identities in Germ are the profile cards you make in the
app. You make connections with people by exchanging those cards, and in doing so
set up an end-to-end encrypted (E2EE) messaging channel between the creators of
those cards. Cards are representations of cryptographic keys. When you exchange
cards, you’re exchanging cryptographic keys.
Today, you can exchange text messages in this E2EE channel, but more features are coming.
Germ DM is designed to help you control what information you produce and share—with other users, and with us, the developer. The information you produce is stored on your device, not with us. When you send information to other users, it is end-to-end encrypted: data is encrypted on your device and decrypted on the recipient’s device; we cannot read it as it travels through our servers, nor can we produce it for anyone else. Unlike some other software, we do not know your phone number, e-mail address, location, IP address, when you open or close the app, what you click on, how fast you scroll, who you talk to, or when. You can read a technical description of our data access in our Privacy Policy.
Today, you can exchange text messages in this E2EE channel, but more features are coming.
Germ DM is designed to help you control what information you produce and share—with other users, and with us, the developer. The information you produce is stored on your device, not with us. When you send information to other users, it is end-to-end encrypted: data is encrypted on your device and decrypted on the recipient’s device; we cannot read it as it travels through our servers, nor can we produce it for anyone else. Unlike some other software, we do not know your phone number, e-mail address, location, IP address, when you open or close the app, what you click on, how fast you scroll, who you talk to, or when. You can read a technical description of our data access in our Privacy Policy.
How is Germ different from other E2EE messengers?
In many popular E2EE messengers, your phone number is your identity. Anyone can
message you so long as they know your phone number. The messenger uses the phone
numbers of people you know to provide a translation to these users’ public keys,
facilitating an end-to-end encrypted session between your and the other person’s
phone number.
In Germ, your identities are the cards you create. You control who can reach you and how you present yourself to them, by exchanging cards. No one can contact you on Germ unless you’ve given them permission by exchanging a card with them.
Our unique system not only allows you to control who can contact you, it also lets you connect via multiple identities through a single inbox. Cards and the conversations they open are managed by you from a single inbox, but other users who have one of your cards can’t find the others unless you share them. Read more about how cards work in our User Guide.
In Germ, your identities are the cards you create. You control who can reach you and how you present yourself to them, by exchanging cards. No one can contact you on Germ unless you’ve given them permission by exchanging a card with them.
Our unique system not only allows you to control who can contact you, it also lets you connect via multiple identities through a single inbox. Cards and the conversations they open are managed by you from a single inbox, but other users who have one of your cards can’t find the others unless you share them. Read more about how cards work in our User Guide.
What does Germ know about me? How do you know it?
Germ is designed so that its developers know very little about you and your activity.
Your cards and messages are all end-to-end encrypted so that Germ’s developers and servers cannot see them.
When you install the Germ app, it generates a new signing key, and registers it with Germ’s servers. This key is used to authenticate uploads of encrypted cards, request addresses from the backend, and retrieve messages delivered to those addresses. The app will also upload a device push token, which is an address Germ can use to request that Apple sends a push notification to your device. This device push token is scoped to the Germ app and cannot be used to track you across apps from different developers via your phone.
Germ can observe that devices requested some addresses, uploaded some encrypted cards, and that messages were sent and retrieved for those reserved addresses. Germ does not have information to tie devices or addresses to card identities, unless someone reports the information on a card to Germ.
Your cards and messages are all end-to-end encrypted so that Germ’s developers and servers cannot see them.
When you install the Germ app, it generates a new signing key, and registers it with Germ’s servers. This key is used to authenticate uploads of encrypted cards, request addresses from the backend, and retrieve messages delivered to those addresses. The app will also upload a device push token, which is an address Germ can use to request that Apple sends a push notification to your device. This device push token is scoped to the Germ app and cannot be used to track you across apps from different developers via your phone.
Germ can observe that devices requested some addresses, uploaded some encrypted cards, and that messages were sent and retrieved for those reserved addresses. Germ does not have information to tie devices or addresses to card identities, unless someone reports the information on a card to Germ.
Where are my messages saved?
Your messages reside in the Germ app on your phone. When you send a message, you save
a copy on your phone for your conversation history. The app end-to-end encrypts the
message contents for the recipient on your device, then sends the encrypted message
to Germ for delivery. Germ keeps the encrypted messages only as long as necessary for
delivery, up to 30 days if the recipient is offline. When your messages leave your
device, they’re end-to-end encrypted so that only the recipient can read them. Once
your friend receives and decrypts your message, that message is then saved in the
Germ app on their phone.
What about backup?
You have many options with which to backup your phone, and the Germ app tries to match
your expectations for the particular option(s) that you choose to use. In most cases,
including the recovery mechanisms that Apple provides, your messages are protected by
a secret only you know, and can only be recovered by you.
Sensitive data in the Germ app – private keys, symmetric keys, and message contents — are protected on device with keys stored in the iOS keychain. If you use iCloud Keychain, these keys are recoverable by you, but cannot be accessed by Apple.
What does this mean? Your cards and message contents will be restored, and you can continue your conversations, if you transfer or restore your phone data in a way that preserves the contents of the iOS keychain, such as:
Sensitive data in the Germ app – private keys, symmetric keys, and message contents — are protected on device with keys stored in the iOS keychain. If you use iCloud Keychain, these keys are recoverable by you, but cannot be accessed by Apple.
What does this mean? Your cards and message contents will be restored, and you can continue your conversations, if you transfer or restore your phone data in a way that preserves the contents of the iOS keychain, such as:
- direct transfer from device to device at setup time
- encrypted local backup on a Mac or PC
- iCloud Backup, only if you also use and recover the iCloud Keychain
How do you use cryptography?
Each card has a corresponding root signing key (Ed25519), which asserts the user-facing
data (name, photo, etc) that should be associated with the key, and its connection to
additional scoped signing keys for each connection you make.
When you share a card, you’re sharing
With a decrypted card that contains public keys and addresses, you can send a message asymmetrically encrypted to the creator of the card.
In sum, when exchanging cards and messaging on Germ:
When you share a card, you’re sharing
- the root public key and its assertions about your name, photo, and other information on the face of the card, and that you can setup a channel using an additional scoped key.
- a scoped public key that is used to set up a single E2EE channel with a recipient - it asserts addresses and encryption keys that should be used for this channel.
With a decrypted card that contains public keys and addresses, you can send a message asymmetrically encrypted to the creator of the card.
In sum, when exchanging cards and messaging on Germ:
- The first card is symmetrically encrypted with ChaCha20-Poly1305
- A reply to the card is asymmetrically encrypted to the first card using HPKE in base mode
- Subsequent messages, depending on both parties possessing each other’s cards, are sent using HPKE in authenticated mode
What cryptographic libraries do you use?
The Germ app performs all cryptographic operations with the built-in CryptoKit library
from the iOS SDK. For message encryption, it uses HPKE with the cipher suite comprised
of X25519 key agreement, SHA-256 key derivation, and ChaCha20_Poly1305 symmetric
encryption.
HPKE is only available in iOS 17 and later. With recipients on iOS 16, the app negotiates a session where it directly performs similar operations using available CryptoKit operations.
HPKE is only available in iOS 17 and later. With recipients on iOS 16, the app negotiates a session where it directly performs similar operations using available CryptoKit operations.
- For the first reply, the app performs an X25519 Diffie-Hellman key exchange with an ephemeral sender key, then derives a ChaCha20-Poly1305 symmetric key (using SHA-256 HKDF) from both X25519 public keys.
- For subsequent messages, the app performs an X25519 Diffie-Hellman key exchange with an ephemeral sender key, then derives a ChaCha20-Poly1305 symmetric key (using SHA-256 HKDF) from both X25519 public keys, the sender’s public signing key, and entropy exchanged within the E2EE channel.
Why is it called Germ?
Our name irreverently invokes a new paradigm of social media and digital connection
that prioritizes care, community, research, public health, and natural growth.
Who builds Germ?
Germ is built and managed in California by two co-founders, Tessa and Mark, and sometimes
some wonderful interns. We release software updates regularly and hang out in our Discord
and around the Bay Area and LA.
Germ Network, Inc. is a Delaware Public Benefit Corporation (PBC). That means we are a for-profit corporation that can accept investment capital to grow our business and reward our shareholders. It also means that beyond our fiduciary, or financial, duty to our shareholders, we have chartered for ourselves a public benefit duty to “create a material positive impact on society and the environment.” Specifically, our chosen public benefit is “to help people communicate in healthy ways, achieved by prioritizing transparency, privacy, user control, accessibility, and empathy in our products, services, governance, and partnerships.” We believe that serving this mission will lead us to build the best digital social products ever while growing a gigantic, successful business, and that this giant business will protect our ability to bring our mission to as many people as possible.
Germ Network, Inc. is a Delaware Public Benefit Corporation (PBC). That means we are a for-profit corporation that can accept investment capital to grow our business and reward our shareholders. It also means that beyond our fiduciary, or financial, duty to our shareholders, we have chartered for ourselves a public benefit duty to “create a material positive impact on society and the environment.” Specifically, our chosen public benefit is “to help people communicate in healthy ways, achieved by prioritizing transparency, privacy, user control, accessibility, and empathy in our products, services, governance, and partnerships.” We believe that serving this mission will lead us to build the best digital social products ever while growing a gigantic, successful business, and that this giant business will protect our ability to bring our mission to as many people as possible.
How do I get more involved?
Please join our Discord community; follow us on
LinkedIn,
Mastodon,
or TikTok, or send
us an email at hello@germ.network. If you send us a card, one of us will DM you back!