2. How Trillian Works
2.1. On The Desktop
When you start Trillian on the desktop, a connection is made from your device to Cerulean's servers and authenticated with a unique Trillian username (your "Trillian Username") and password (your "Trillian Password") using our internally-developed instant messaging and presence protocol ("IMPP"). All IMPP connections are always protected with the industry standard Transport Layer Security Protocol ("TLS").
IMPP serves two purposes:
- To expose a complete instant messaging environment including text IM, file transfers, voice and video, and visibility lists. For example, two people with Trillian can communicate using IMPP without the need for any additional third-party accounts.
- To act as the synchronization engine between devices in the event that multiple devices are connected at the same time. For example, Trillian's continuous client feature relies on communication between your desktop and phone to keep chats in sync; this communication is done using IMPP.
Connections to third-party instant messaging service providers like Google Talk are made directly from your device to the provider you choose to connect to. Many providers now offer the option to use TLS when communicating with them, and Trillian uses TLS whenever possible.
2.2. On Mobile And Web Devices
When you start a version of Trillian on a mobile device, a connection is made from your device to Cerulean's servers and authenticated with your Trillian Username using our internally-developed, HTTP-based "Octopus" protocol. Most Octopus connections are protected with TLS; some older versions of Trillian only protect password transmission with TLS, while newer versions use TLS for all traffic.
The purpose of the Octopus servers is to host Trillian sessions on your behalf and communicate with your device exclusively using the HTTP protocol. This eliminates the need for your mobile device to maintain connections to different IM services and provides additional resilience against both volatile network connections and the unavailabilty of application backgrounding on certain mobile platforms.
3. How We Protect Our Servers
3.1. Physical Security
Cerulean's servers are housed in professional datacenters within nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access datacenter floors.
3.2. Remote Security
All remote access to Cerulean's servers and devices is done using secure protocols like SSH and HTTPS whenever possible. In addition, access to all devices for adminstrative reasons is firewalled when possible; for example, a public-facing webserver will need to open access to TCP ports 80 and 443, but the SSH port will be firewalled to an administrative IP range only.
4. How We Use TLS
TLS exists to prevent your communication from being read or intercepted by third-parties. Cerulean follows a few important practices when implementing TLS on both clients and servers:
When connecting to a server, clients attempt to check to ensure server certificates have been signed by an approved certificate authority. Clients also attempt to check to ensure that the name asserted by a server matches the name expected by the client. In the event that either of these conditions is not met, a warning is presented to you and the connection itself is terminated.
When possible, our clients and servers favor the use of key exchange mechanisms that provide the forward secrecy property, meaning that an attacker who compromises one of our long-term keys will not be able to compromise past TLS sessions. Our clients and servers currently prefer the use of the AES-128 cipher in combination with ECDHE_RSA key exchanges, and we no longer support SSLv2.0 or SSLv3.0.
5. How We Secure Your Information
5.1. Your Trillian Password
Your Trillian Password is not stored in plaintext. Instead, your password is used as the input to the PBKDF2 HMAC-SHA1 key derivation function. The resulting 20 byte derived key is then stored on our servers for authentication purposes along with a corresponding 16 byte salt; the salt is unique to each user and to each password. We currently utilize 4096 rounds of PBKDF2.
Authentication happens in the following order:
- The client establishes a TLS-secured connection to the server.
- The client securely sends its username and password to the server.
- The server looks up the salt and derived key associated with the username it received from the client.
- The server derives a key using the password it received from the client and the salt it just looked up.
- If the newly-derived key matches the derived key stored in the database, authentication succeeds.
The idea behind key derivation is that if someone steals our database some day, each individual password is both unreadable to them (not stored in plaintext) and unusable to them for authentication purposes (what they've stolen is never sent to us directly by clients). The best method of breaking a derived key is therefore to brute force all possible password combinations, which should take a large enough amount of time that customers should have a chance to change their password(s). We have the ability to increase the number of PBKDF2 rounds transparently to you, and we will continue to increase the rounds as our hardware improves, ensuring we maintain a reasonable balance between security and server performance.
5.2. Your Third-Party Instant Messenger Usernames And Passwords
When you choose to store third-party account information on Cerulean's servers, we first encrypt it with the AES cipher in CBC mode. The initialization vector is randomly generated by a cryptographically strong pseudorandom number generator and plaintext is padded according to PKCS #7. As a result of this encryption, in the event that you lose your Trillian Password you will also lose any stored third-party account information and need to recreate it.
We've chosen to use the same PBKDF2 key derivation method discussed in Section 5.1 for the purpose of generating a 256-bit AES key. When Trillian derives a key from your Trillian Password, 52 bytes of total data are derived. The first 20 bytes of data are stored on our servers and used for authentication as discussed in Section 5.1. The next 32 bytes are used as an AES key by clients and are not stored on our servers.
5.3. Your Contact List
Contact lists are stored in plaintext. Unlike third-party account information, which normally consists of a handful of accounts and their passwords, contact lists can often be the result of years of painstaking work. As a result, we don't believe that the benefits of encrypting this data outweigh the deterimental effects of losing it permanently in the event you lose your Trillian Password.
5.4. Your Conversations
When you choose to utilize the continuous client or cloud conversation logging features, all conversation data sent to Cerulean's servers is sent protected with TLS. Conversation data stored within Cerulean's internal network is not encrypted.
We may store segments of conversation logs on a third-party storage service provider such as Amazon S3. In the event that data leaves Cerulean's internal network and is stored on a third-party provider, the data is first encrypted with the AES cipher in CBC mode. The initialization vector is randomly generated by a cryptographically strong pseudorandom number generator and plaintext is padded according to PKCS #7. The encryption key is a strong 256-bit key known only to Cerulean. All transmission of conversation data to and from third-party providers is additionally protected with TLS.
5.5. Your Shared Images
Images are sent to our servers protected with TLS. Cerulean may store uploaded images on a third-party storage service such as Amazon S3. Images stored in this way are not encrypted. The URLs that we generate for images contain a random string to prevent them from being guessed.
5.6. Web Cookies
When you sign in to a Cerulean website using your Trillian Username, we store your username and an authentication token as cookies. The authentication token cookie is assigned to you after a successful authentication attempt and consists of a 32 byte randomly generated value. When you sign out of a Cerulean website (or if 1 hour has passed since your last visit), these cookies are deleted from your computer or otherwise expired. All cookies are delivered over a secure connection. In addition, Cerulean makes use of HTTP Strict Transport Security in order to ensure that complying browsers only interface with our websites using secure connections.
6. When You Lose Your Password
If you lose access to your Trillian Password, you can request that Cerulean reset your password. Upon confirming the email address associated with your account, we will send you an email with a link you can use to reset your password. The reset link emailed to you contains a randomly-generated token which is 32 bytes long. All password reset links expire in 12 hours or immediately after you use them. If you choose to reset your password, any third-party account information encrypted with your old password will be automatically erased; because the encryption of this data is based on your old password, we have no way to recover this data for you in the event of a password reset.
7. Contacting Cerulean Studios
Cerulean welcomes your comments and questions regarding our security practices, including any questions you may have about the particular use of your information. If you would like to contact us regarding our security practices, please feel free to contact us by email.
Last updated: October 20, 2014