Treebal

Security of Treebal’s solution

A lock representing the cybersecurity

Protection of your data

The management of personal information is strictly adhered to in accordance with the European RGPD guidelines. Treebal does not rent or sell its users' data, unlike other solutions.

Functionally, Treebal uses a single piece of data, the phone number, to connect users to each other and to their requests only. Users can enter their first and last name and a photo to customise the user interface. Treebal does not display your number in your chat groups, so you can be invited into a group to chat with someone without having their number.

A secure architecture by design

In terms of solution’s architecture, Treebal integrates security by design from the beginning of the solution, as well as digital sobriety and eco-friendly UX Design to ensure a rigorous and scalable engineering approach. R&D experts are experienced in secure and watertight distributed architectures based on Kubernetes, Docker and Keycloak. Keycloak is the open source authentication repository used. It allows for a single authentication method per identity and per access. Keycloak is recognized in the international technical community, and Red Hat uses it upstream of its RH-SSO solution.

Furthermore, the architecture of the Treebal solution is decentralized in order to further increase its level of security (Signal is centralized for example). This decentralization requirement has been motivated since the conception of Treebal for security reasons and also to reduce the environmental impact, by delivering the content of the messages as close as possible to the users and thus minimizing network flows.

A proven solution

The ANSSI has authorized the encryption method used by Treebal to manage messages exchanged between users : Treebal hosts the Matrix.org open source solution in its secure application infrastructure, which is tried and tested and recognized by the cyber community. Treebal has no knowledge of the encrypted messages and has no way to decrypt them. The solution implements strong E2EE (or End-to-end encryption) and is based on the Double Ratchet Algorithm.  Double Ratchet Algorithm is an algorithm originally released by Signal, which was later extended to support encryption of chats containing several thousand devices. The mathematical algorithm is explained here..

Matrix.org is a non-profit open source project, defining new pragmatic standards for creating an open, decentralized IP/VoIP messaging ecosystem for the Internet. When comparing Signal vs Matrix, the technical community overwhelmingly recommends Matrix, for its open standard defining simple HTTP APIs to easily develop its own clients, chatbots, bridges or servers. You are not locked into a specific set of imposed implementations, like other dominant market solutions that try to monopolize data.

A Bug Bounty tested solution

We are accompanied by third party partners to audit our solution, both on digital sobriety and on the security level of Treebal. Our solution has been and continues to be tested by external cyber security experts from YesWeHack through a Bug Bounty program. Through the private Bug Bounty program, we have benefited from the best experts to test our solution, to guarantee in all transparency the security of our solution. By opening the Bug Bounty program to the public, we hope to further expand the community of experts who can participate in the security of the solution over time.

Treebal Community

The technical culture of the Treebal team is steeped in ethical and environmental values, in favor of open source and the capitalization of digital ecosystems. Our ambition is to eventually open the whole solution in open source. Contributing to the cyber community through a bug bounty was therefore an obvious choice. “It was by listening to the advice of Clément DOMINGO, a professional hacker, a few years ago that I was convinced by this type of approach.”, says Samuel Le Port. Today, Clément, alias SaxX (contact@saxx.fr), is above all a "bug bounty hunter", who takes part in cyber security competitions throughout the world and has been able to compete with the best hackers in their field.

Digital autonomy at the heart of Treebal's mission

The European Union has announced its intention to regulate the sector. For the time being, Treebal is the only messaging solution that is developed in Europe that is eco-responsible and secure for the general public and for companies and communities, implementing open and decentralized standards such as Matrix. Treebal is already engaged with the French agency ANSSI to achieve the French CSPN certification.

Our solution is hosted within the EU in Brussels on a Google Cloud infrastructure. Google Cloud IaaS infrastructure is essential for high availability global performance that meets our quality and security requirements. Strengthened by the encryption and authentication we use, Treebal is a highly secure, zero-trust platform. Treebal's R&D, in collaboration with French hosts, is experimenting with secure and eco-responsible European alternatives, which have to meet all our requirements.