For the fourth year, I take the question of privacy and conversation security extremely important. Many marketing slogans about security in messengers can often be simply ignored, but in the case of Crypvisor I was struck by the apparent contradiction of what was stated and the actual so I decided to make a warning in a few points.

Let’s start from the Legal one.

“Crypviser Secure Messenger — is the secure private messaging solution of Crypviser GmbH.”

“Crypviser GmbH develops the revolutionary technology that powers the world’s first Decentralized, Blockchain Authenticated, Anonymous, Instant Messenger.”

Crypviser positions itself as a protected, decentralized and anonymous messenger with identification via blockchain.

In fact, it is not decentralized and doesn’t work ‘via blockchain’. This is a classic P2P messenger. Unlike Bitmessage, the blockchain in Crypviser is used only for identification (storage of public keys). The correspondences take place directly between users with the IP-addresses disclosure.

Why is anonymity in Crypviser a lie?

The confirmation of the below can be found in Crypviser’s privacy policy:

Besides, the app uses some “Third Party Content” that can do anything at all, and Crypviser denies all responsibility. For example, if the application starts to use Google Captcha, you will sell your soul to Google. That is in the privacy policy as well.

The subscription is paid and obligatory after the 30 days free period, and the payments are in fiat — so it’s basically an unambiguous binding of the account to your identity through a card.

Crypviser and its applications are under the complete control of this company:

The source code is not public, so the question of security of messaging is closed. No one can confirm that your correspondence in Crypviser is secure. Moreover, Crypviser forbids to explore the app.

You will also pay for the damages to the Crypviser company, for example, in the case of decompiling the app or violating the license agreement:

I was almost burned on that, by it’s just a beginning.

Apps

The Crypviser Android app does not start if you do not give permission to access the microphone, camera, contacts, photos, and storage.

If you choose “Deny”, the app won’t work.

In the iOS app you must give access to photos, otherwise, you’ll not be able to create an account. On the username and password enter the account creation takes ~30 seconds. The balance request takes ~10 seconds. Adding a contact takes ~30 seconds. It is not clear why the “superfast graphene blockchain” is taking so long to work.

Messages are delivered instantly as in all P2P-messengers.

If the recipient is not online, your message will hang on some Crypviser servers. How it is stored? Can the developers read your messages? Do they have a private key to your account? It’s all unknown. The source code is not open.

If you want to analyze the app’s traffic, please do; you can use software for Mac (this one for example). The results can be interesting :)

In conclusion

Don’t trust beautiful words.

Crypviser is a classic P2P-messenger that stores users public keys in the blockchain. It is not anonymous and not decentralized. The messenger is run by the centralized Crypviser company that stores logs on you. The encryption and protection of correspondence is questionable since the source code is not open.

If you want trendy blockchain technologies, use Bitmessage or ADAMANT as the most usable solutions though. But for now, security audits show that even centralized open source messengers such as Signal are much more reliable.