How it works | Pica Pica Secure Distributed Messaging System

Connectivity

Connectivity for clients is provided by nodes, interconnected to each other.
Client must know address of at least one alive node in order to be able to go
online. Nodes provide information about connected clients and other available
nodes. When clients find each other through some node, they can optionally talk to
each other directly, if configured to do so.

Authentication

Pica client account is based on self-signed X.509 certificate using RSA key of
size at least 4096 bits. Pica Pica ID is a SHA224 hash of this certificate.
Clients establish TLS connections and mutually authenticate each other using
these certificates. On the first connect certificate of the peer is saved locally by
each client and compared on the next connections with certificate presented by the
remote side. If certificates do not match, connection is terminated and
warning message is displayed. There is no way to enable or bypass certificate
verification, like in browsers.

However, software cannot guarantee that Pica ID actually belongs to the person
you want to communicate to, when you add them to contact list for the first
time. So it is a user’s responsibility to verify that.
The best way to achieve that is to exchange Pica ID’s in person, but that’s
not always possible. Another way is to make a phone or video call and read
Pica ID’s to each other. But if we take in consideration current advancements
in machine learning (like ‘deepfakes’ and so on) there is a probability that
real-time alteration of video and voice during a video call is technically
possible in the nearest future if not already 🙂

Multiple logins

User can log from multiple devices using same account. Select “Settings >
Configure Messenger”, “Multiple logins” tab, set “Replace existing
connections”. When this mode is selected, on a new login existing logged in
Pica Pica messenger instances will disconnect, so new incoming messages
will be delivered to last logged in instance of Pica Pica client.
Message history synchronisation is not implemented yet, work is in progress.

Storage

Pica Client stores all data in its profile directory named “.pica-client”
located in user’s home directory (usually /home/user/.pica-client on Unix-like systems
and C:\Users\user\.pica-client on Windows). Contacts, message history,
settings and other info is stored inside SQLite database file
.pica-client/pica-client.sqlite. Account certificates and private keys are
stored in subdirectories inside the profile directory.

Offline messages

Nodes do not store messages or any other communications, so message delivery
is only possible when both peers are online. If recipient is not online,
message is stored locally on sender’s side and Pica Pica client makes
repeated attempts to deliver it.