1. What features do Citium provide?
Citium app allows you to communicate securely and deniably from anywhere with anyone in uncensored or even in censored (or firewall-ed) regions, such as, China, Russian and almost all other censored regions. You can communicate with other Citium users in secure text, voice clip, image and video message through 1-on-1 and group chat interfaces. A disaster control button, Pulverizer, can wipe out all your communications records in case of emergency. Once pressed, Pulverizer will irreversibly remove all text, voices, images, and video content from Citium. Apart from the Citium app, we also provide an untempered Android phone (with iOS coming soon) with in-App one click on off camera and mic and hardware NFC RFID block to upkeep the integrity of your device. (*Check out the bundle pack here*). We also send out global roaming SIM cards without any personal identifier attached. It will come with a Faraday phone bag that blocks all phone signals (e.g. 2G to 5G, WiFi, GPS, bluetooth, and NFC) to add an extra layer of security for your privacy and to ease your mind.
2. Can Citium free users from eavesdropping and surveillance?
No, because eavesdropping and surveillance are everywhere. For instance, in 2013, whistleblower Edward Snowden revealed the US NSA PRISM surveillance program (https://en.wikipedia.org/wiki/PRISM_(surveillance_program) to the world. We cannot face the reality without learning a lesson from it that everyone is subject to eavesdropping, surveillance and even coercion. What Citium does, paradoxically, is to offer deniability so that eavesdropping and surveillance is rendered meaningless because no one knows for sure who sent what from which devices in the vast ocean of "bottles of messages'' hidden in the plain sights of the Citium network of nodes. In other words, Citium utilizes a blend of deniable encryption schemes so that eavesdropping and surveillance become innocuous if not entirely inconsequential. **In most circumstances, coercion is tantamount to total defeat. Your attempts to protect the confidentiality of your communications have been in vain.** The purpose of deniability is not at all to “convince” the coercer that any surrendered transcript is real; indeed, it is common knowledge that transcript can easily be faked. Instead, **the goal is to preempt coercion in the first place by making surrendered transcripts useless**. Citium user(s) simply have to “stick to their stories”. No data analyst or forensic expert can irrefutably prove who is involved in which message in Citium. The use of Citium has enabled a major paradigm shift to deniable encryption schemes as the last defense of confidentiality. Simply put, as long as you communicate through Citium, you are free to deny every evidence against you. It is not your duty to prove that you are innocent. It is someone else's duty to prove that you have done something wrong that leads to your charges. But rest assured that no one is capable of doing so.
3. If someone has unlimited time and resources, could they take down the whole Citium network and pose user(s) into a risky situation?
No, because Citium client app messaging is always available even if all the other Citium nodes have been taken down because **dynamic transmission of Citium data piggybacks on BitTorrent and Bitcoin networks**. Yes, you heard correctly. Not only that Citium has no central servers, which essentially renders raiding, shut down, or forces to turn over data impossible, but also that its data transmission relies on someone else's P2P network infrastructures. Thus, say goodbye to the server and node outages! A threat actor needs to physically seize ALL devices, such as phones, routers and content servers in ALL countries, where the Citium nodes are situated, to hamper the performance of the Citium network in transferring large files, such as image, voice and video. Not to mention that the takedown is not only highly improbable but a glaring act bound to draw attention. It is just too Pyrrhic for most of the threat actors to contemplate. In contrast, law enforcement who is targeting popularized secure chat service, such as EncroChat, would only require a one-time, yet discreet, takedown of their centralized messaging relay or contact directory servers. Most users may unknowingly continue to use the service while their IDs and data have already been covertly compromised. Luckily, Citium users never have to worry about this kind of mishaps. The number of connected device nodes in the Citium network are only growing day by day because every online Citium client app is an active node that serves itself as well as everyone else in the decentralized network. Therefore, **crippling or compromising the Citium decentralized network is only getting geometrically harder and harder as time passes while centralized service providers, such as SkyECC, inevitably heighten their data breaching risk as they gain in popularity**. Technically, in the Information security sense, the decentralized network of Citium nodes is a layered defense on top of the PGP-encryption scheme, making Citium communications deniable and quantum-safe. This is a unique service unavailable by any other provider.
4. Will I expose my IP location or conversations when using Citium?
No, because we have IP obfuscation technology to mask your IP and location. But if you are too careless, your device could still be traced by Stingray phone tracker. For example, someone could use Stingray and pretend to be your mobile cell phone tower, intercept and obtain your device identifier like IMSI and ESN to calculate your real location or tap into your conversations. The safest practice for you is to use a Citium App + Citium secure phone and sim + Citium Faraday bag. When you are done with your Citium communications, put your secure phone back into the Faraday Bag to minimise the time your device is exposed to cell phone signal. Citium is designed to keep you safe from harm when things get heated . Ever heard of someone walking out of court with all charges dropped? That is how Citium could help. Of course, a good lawyer always helps, too.
5. Where and when could you use Citium App? Where does Citium secured phone and SIM and Faraday Bag be shipped to?
You could use Citium App in ALL countries at ALL times with local internet connections, be it 2, 3, 4 and 5G or even open WiFi inside or outside of Information Great Firewall. Citium secured phones and SIM and Faraday Bag are shipped worldwide with the shipping charges included in the price tag. We offer you non-name bearing SIM that covers countries and areas as follows: Aland Islands, Australia, Austria, Azores, Balearic Islands, Belgium, Brazil, Bulgaria, Canary Islands, Chile, China (PRC), Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark El Salvador, Estonia, Finland, France (Inc. Corsica, Mayotte & Reunion ), French Guiana, Germany, Gibraltar, Greece (Inc. Crete & Rhodes), Guadeloupe, Guatemala, Guernsey, Hong Kong, Hungary, Iceland, Indonesia, Ireland, Isle of Man, Israel, Italy (Inc. Sardinia & Sicily), Jersey, Latvia, Liechtenstein, Lithuania, Luxembourg, Macau, Madeira, Malta, Marie-Galant, Martinique, Mayotte, Netherlands, New Zealand, Nicaragua, Norway, Panama, Peru, Poland, Portugal, Puerto Rico, Republic of Ireland, Reunion, Romania, Saint Barthélemy, Saint Martin, San Marino, Singapore, Slovakia, Slovenia, Spain, Sri Lanka, Sweden, Switzerland, United States (Inc. Florida Keys), Uruguay, US Virgin Islands, Vatican City, Vietnam. China user could only receive sim card that work only in PRC China, user of all other regions will receive Global roaming sim card work in all above regions except in China. But even without our sim card(s), all users in all countries could still use Citium and Citium+ safely under any Wi-fi environments, be it public or private Wi-fi. Any user could choose to receive sim card(s) by filling in Profile Details page in our CMS system. If user do not update shipping detail in our CMS, by default he/she gave up the rights of receiving sim card(s), it is up to user's own choice to decide within his/her subscription period.
6. Can I still surf the web and use other apps when I use Citium?
Yes, you could open Citium App and keep it running on the background of your device. In any environment you could connect to any Wi-Fi, Citium user have 100GB per month for any 1, 3 or 6 months plan, Citium Pro user have unlimited traffic for a 1, 3 or 6 months plan. With Citium running, we need your VPN permission on your device to run our app that means you are not allowed to use other VPN service when Citium is uprunning. All plans come with one free 12GB data roaming sim card per month, that means you will get 1 sim card for your 1 month subscription, 12 sim cards for your 12 months subscriptions, those sim card(s) is disposable and you cannot keep the number carried by the sim card when each month ends, it is for your security sake. Of course, if you decided not to tell us your shipping address you could choose not to receive it, in this case, you gave up your rights of owning the sim card and you could not claim your sim again in the future. Please make payment, register your Citium account and fill in your shipping detail when you login Citium Membership system (CMS) if you wish to receive our non-name bearing sim card(s).
7. Why build this Citium network and is it legal to use it?
Kudos to all journalists, scientists and everyone who upkeep the truth out there. We believe the rights of information should be owned by all. There is nothing illegal to protect your information rights with Citium away from prying eyes.
8. Is there a chance that Citium could be used illegally?
Likewise, with or without Citium, all communication tools could be used illegally. It is much easier to get caught on streets than get caught by using Citium. It is the Mens Rea and Actus Rea that matters, not the tool itself.
9. Why should you trust Citium, how could Citium proof its technical integrity?
No proof is better than what the online communities say about us. Our design is fully open source in GitHub for anyone to review. You could find it here. Our published research result on Cryptography and Security could also be found here. Our App and networks are battle-tested in many countries and optimized after extensive testing, our untempered secure phone keep you updated with the best security updates and is safe to use in extreme environments.
10. Why does Citium charge at this price?
There is no price tag for freedom, while we strive to bring down the cost of service in the future there is still some way to go. We are a group of fervent information scientists and enthusiasts who have been both in the lab and on the street and know how to get things done right.
11. How would Citium compare to other Instant Messenger(s) in the markets?
Free apps, such as Signal, Telegram, WhatsApp, Facebook Messenger and WeChat, obtain and make use of at least one personal identifier(s), such as through email, SMS or phone, to keep track of you. They can lead back to your real identity. Privacy policies of these companies dictate that their user information is insecure. To make matters worse, their centralized-managed business models make them vulnerable to coercion. It means that they are more than ready to give away your information for their own sake as they have the right to release user information to third parties without user permission. On the other hand, paid apps, such as SkyECC, assign user ID to you so anyone with your ID could potentially locate you and try knock on your door. Citium guarantees your privacy by absolutely NOT ASKING for anything about you from the process of payment, installation and to customer service. Our customer service agents do not know about your existence unless you reach out to us, which means no one in the world could contact you without your permission. A private e-cert is generated and welded to your phone device when you first launch Citium, instead of using old-schooled user ID and password which proven its weakness. It will free you from username and password combination leaks, ID theft, phishing, malicious random ping of messages hack and trash ads. We have no central server so any DDoS attack or attempt to data kidnapping is, by design, impossible. You are the only one who controls when, how and with whom you are chatting.
Apart from privacy issues, from the encryption algorithm point of view, all those free apps on the market issue the public keys that their users use to encrypt the messages so that the those free apps companies know who the users are simply by knowing who's using which public key. In contrast, each Citium user issues his/her own public key. In fact, every one of your Citium Contacts are communicating with you through some proxy accounts which Citium created for your Contacts individually during out-of-band verification. Your Contacts do not know if the accounts are only for them or they're for someone else as well. This scheme essentially disallows your Contacts from turning against you in the future because they cannot prove irrefutably that they are talking to you. Everyone talks through "sockpuppeting accounts" which no one knows for sure who's talking through them so that everyone in Citium can maintain plausible deniability at all times.
12. Why do I observe occasional delay sending and receiving message(s) thru Citium?
The short answer is that the occasional delay is the price we pay for the extra peace of mind in security. The extent of a delay highly depends on the size of a message. If it is a text message, which is small in size, the delay will normally be resolved in a few seconds. But if it is a picture, voice clip or video, which is large in size, the delay will be slightly longer but not longer than a couple of minutes. While you are waiting, Citium is busy encrypting your message with a triple layer of encryption, namely ECDSA, BLOWFISH, and XXTEA. Notably, ECDSA is the encryption scheme used by the Bitcoin network, which has stood the test of time. As the market capitalization of Bitcoin is already in the hundreds of billions of dollars, cracking even a fraction of it means jackpot or attestation to a hacker's ability. In spite of the incentives, no one has been able to crack it. The only reason why ECDSA has not been adapted more widely is due to its hunger for computational power. Mobile devices need time to process the encryption which contributes to the occasional delay. Furthering the delay is the casting of sliced ciphertexts to the P2P networks (i.e. Citium, BitTorrent, Bitcoin) because the ETA in decentralized systems is not as predictable as those in centralized ones. Not to mention, all the while the recipient end is busy fetching these tiny encrypted pieces of message, then decrypt and reassembling them back to the original, readable format. The transmission process is slower than most of the other instant messengers but it is the necessary performance and security trade-off for Citium users who value confidentiality above all. Technically, the slicing of messages is a concept in threshold cryptography which makes Citium post-quantum resistant. In plain English it means that even threat actors who come back from the future, armed with quantum strength deciphers, cannot reveal the original text.
13. Okay, I am sold by your pitch, close my deal by saying what Citium cannot do?
Citium does not support real time live-stream data, such as VoIP voice chat, FaceTime and video-conferencing because point-to-point real time connections pose insurmountable privacy risk, potentially compromising your identity and geographical location, defeating the purpose of plausible deniability. But that is all right because there is no preventing you from switching to another app or device to go live-stream for your casual communication. Also, note that the polar opposite of deniability is non-repudiation, which Citium cannot offer. Non-repudiation is an InfoSec feature required by the kind of communication whose accountability supersedes confidentiality.
Citium server nodes are open source, allowing you to view the source code, and is monitored by the open source community to ensure that the source code is free of Trojan and does not reveal any user information. When you contact one of our customer service representatives, please do not leave us any personal information. Our customer service representatives will not ask for any personal information about you. Your e-Cert is you, and you are the e-Cert. We only communicate with the holder of the e-Cert, and only through the LIVE CHAT interface within the Citium client. Likewise, if you lose your e-Cert, your account loses any chance of recovery and all information is lost forever. All transaction payments are final and non-refundable under ALL circumstances. This is to eliminate any refund phishing attempts that may reveal user information.
15. What happens to your account when you decide to stop paying for service renewal?
We respect your decision of not renewing further. While you could still gain access to your Citium e-cert and account, you will see a prompt saying your communications and traffic is NOT going to be secure anymore. You will also NOT be able to receive, download or install our updated version of Citium app which contains important features and device compatibility updates. You also cannot open Citium and Citium+ App in your device. Your in-app contacts and messages are permanently unrecoverable. Citium is, by design, permissionless so that it is impossible for us to delete your account remotely. Only you can delete your account by pressing the disaster control button in your Citium app which will eliminate all communications and contacts in Citium. The other way to look at it is that if you lose your device or accidentally press the disaster control button, you will lose access to your account and everything inside, such as contacts messages. There is nothing we could help about that.
No, Citium cannot revive or restore messages and contacts that users have deleted or lost access in Citium's app. Citium does not keep any of your data, you do not need to provide phone number, sms or even email for registration and subscription so that is truly an anonymous account. We do not keep any messages you sent and receive, this is to make sure both you and us are safe when we are forced by someone to give out any data. We cannot give out any data simply because by design we do not have the ability to keep your contacts and communications at all. For contact verification, everytime you add someone into your contact, a single time disposable encrypted key is generated so you could send it over to someone, no key is used twice, without the key, you cannot add someone, same goes, without the key, no one could add you. Even if a key is presented by someone, you could still choose to accept the invitation or not. You could set and keep the same username or set a different username to be shown for each individual contact, someone could also rename in their Citium contact about how they liked you to be called. Our metadata policy is simple and straightforward, we do not keep your data.
17. What if Citium's network is slow or down, could the user claim for loss and/or damages or file complaints, or where should the complaints go?
When you use Citium, you are granted automatic waiver from any claim of direct and/or indirect loss and/or damages in all circumstances. Our goal is to maintain Citium uptime to at least 99.9%, but you should understand that the Citium network is decentralized and affected by open network performance, policies and many more conditions in different countries. Network congestion or failure may occur at some points. Please report your connections downtime or improvement suggestion to [email protected] or tell us what you think via our social media channels. We are always listening. Our team always strives to serve the user community better.
18. I heard some rumors in social media, hacker "%xyz#" successfully breached the secure conversations between Citium users.
Mazel Tov! We truly appreciate hacker "%xyz#" talent which throttle the development of a more secure communications technology and will always make sure his/her effort is fairly compensated, thus we have placed many bitcoins wallets private keys with a lot of real money in-between Citium team own conversations. Please go ahead claim your reward for any successful hacking attempt, please swipe the bitcoin and claim the prize and prove your success, you are permitted to do so and pardoned of responsibilities. Better still, text us afterwards and join our Github community, we truly believe in everyone's talent and you are cordially invited to join us and make contributions to the development of the Information Security community.
19. Could I resell Citium or become a distributor of Citium?
Please reach us out at [email protected]
A faster and yet more responsive approach, please reach us out via Citium in-app CS. We apologize for any delay or even lack of response to social media posts. We are putting all resources to build a better service and taking good care of our existing users. We prefer organic growth, such as word-of-mouth, and decide to keep it this way in the foreseeable future.
**Citium is a SPICED instant messaging platform**, where SPICED is a mnemonic that stands for
Secure, Piggybacking, Impervious, Circumventive, Ephemeral and Deniable.
Secure. Use time-tested and provably secure encryptions that are used in open-source high-stakes asset finance, namely Bitcoin, to ensure confidentiality.
Piggybacking. A unique feature that enables inconspicuous transmission of data through BitTorrent and Bitcoin networks, which are the world’s most popular P2P protocols with millions of active nodes.
Impervious. You can send and receive messages even if all Citium nodes are removed. Service availability of Citium is impervious to takedown.
Circumventive. No one can stop you and your contacts from communicating even if you are situated in the most pervasive level of Internet censorship.
Deniable. The last line of defense of communicating on Citium is its technically feasible/plausible deniability, which preempts coercion, eavesdropping, such as man-in-the-middle (MITM) attack, and post-quantum computing cryptanalysis of archived surveillance data.