Security Overview
Our Mission
We want organizations to feel confident their conversations, associations, data, and devices are secure and protected.
Built for privacy
End-to-end encrypted messaging, voice and video calls, and file sharing.Messages, files, and calls within Glacier are end-to-end (E2E) encrypted. Meaning the only people who can read the messages are the people communicating. No eavesdropper can access the cryptographic keys needed to decrypt the conversation.
Built for anonymity
Obfuscate your data while blocking malicious content from your device. We focus on more than protecting your conversations. We secure all data and all apps on your device from malware, malicious sites, and close access attacks.
Managed by professionals
Rapid, frictionless deployment to thousands of devices. Glacier implements industry proven device management policies that secure your devices and data while not being obtrusive to your end users.
Encryption
Messaging
Glacier leverages the OMEMO (OMEMO Multi-End Message and Object Encryption) protocol, an adaptation of the Signal Protocol.
A Double Ratchet algorithm to establish secure sessions between every combination of devices for you and your contact(s). The Double Ratchet Algorithm uses Curve25519, AES-256, and HMAC-SHA256. These sessions are then being used to communicate secure keys to all devices. Glacier will generate a new key for every message. That key is used to encrypt your message with AES-GCM.
Voice & video
Video and call media is encrypted end-to-end (E2E) using WebRTC security protocols. Each Participant negotiates a separate DTLS/SRTP connection to every other participant. All media published to the call is sent over these secure connections, and is encrypted only at the sender and decrypted only at the receiver.
Privacy
Private messages
Your messages are secure and private. They can only be read by you and the recipients of your messages. We cannot prevent someone from using a camera to take a picture of a message on a screen, so we recommend practicing safe message handling, using Disappearing Message Timers, and keeping your device locked with a strong passcode.Â
In addition, Glacier cannot read or decrypt any messages. Messages are encrypted by the sending device and go through our servers in encrypted form, and are then decrypted by the receiving device using Glacier Chat. Our servers do not have access to decrypted messages or keys, which ensures your privacy and security.
Logging
Minimal logs are kept for the purpose of continued operation and maintaining system integrity. None of our logs contain user communications, message content, or message tracking information. What little they do record contains only sender and receiver device information, and only while encrypted messages are routing through the system.Â
User data
In Glacier Chat, your profile (username, avatar and status) can be seen by any member within your team as set up by your organization.Â
In Glacier Dial, contact information is shared with others in your organization only if your organization established Global Contact Lists
Audits
The Glacier apps have been evaluated against the National Information Assurance Partnership (NIAP) protection profile (PP) security criteria by Apcerto, a mobile development and security platform using application vetting technology built around machine learning Bayesian algorithms. The full report can be viewed here.
Apps are continously scanned with Ostorlab, a Powerful Mobile Application Security and Privacy Scanner.
OMEMO is an open standard based on a Double Ratchet which can be freely used and implemented by anyone. The protocol has been audited by a third party and can be viewed here.
Compliance
- Glacier's products satisfy HIPPA requirements for data encryption.
- Glacier aligns with guidance in NIST SP 800-52 Revision 2: "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations".
- Glacier meets the encryption requirements set by the NSA for Commercial National Security Algorithm (CNSA) suite.
- Glacier is compliant with GDPRÂ requirements.
ï»ż
Response to government requests
Glacier is committed to cooperating with law enforcement and valid legal processes, while also respecting each individual's right to privacy. If Glacier does receive a legal request for release of user information, our policy is to notify users of requests for their account information prior to complying with the request. We also provide the user with a copy of the request, unless we are prohibited by law from doing so.Â
Information requests regarding our usersâ accounts will only be handled as part of an appropriate and valid legal process, such as a subpoena or court order. Additionally, any requests for the contents of our userâs communications will require a valid search warrant from an agency with proper jurisdiction. Even in this case, if we receive a valid request for content, our reply will state that we do not store user content on our servers, nor do we have access to it since it is encrypted locally on usersâ devices.