Privacy & Security
Comprehensive understanding of how Mixin Messenger protects your privacy and how to enhance security through best practices.
Privacy Protection Overview
Mixin Messenger makes privacy protection a core design principle:
| Privacy Feature | Description |
|---|---|
| Anonymous Registration | No phone number, email, or personal info required |
| End-to-End Encryption | All communications completely encrypted |
| Zero-Knowledge Proof | Server cannot access your data |
| Minimize Data Collection | Only collect necessary metadata |
| Open-Source Transparency | Code publicly reviewable |
| Decentralized | MPC technology distributed protection |
Anonymity Protection
Anonymous Registration
No Personal Information Required:
Create Account
- Only need mnemonic phrase
- Auto-generate Mixin ID
- No phone number required
- No email required
- No real name required
Optional Information
- Nickname (can be anything)
- Avatar (optional upload)
- Bio (optional)
- Phone number (optional, for recovery)
Privacy Advantages
- Completely anonymous use
- Don't reveal real identity
- Prevent identity correlation
- Protect personal privacy
Mixin ID
Unique Identifier:
ID Characteristics
- Format: Number string (e.g., 12345678)
- Randomly generated
- Globally unique
- Contains no personal info
- Can publicly share
Privacy Protection
- Cannot reverse lookup real identity
- Not tied to personal info
- Can create multiple accounts
- Completely isolated
Phone Number Binding
Optional Feature:
✅ Binding Advantages:
- Convenient for friends to find
- Add account recovery method
- Receive SMS notifications
- More convenient to use
❌ Privacy Cost:
- Expose phone number info
- May be searchable
- Reduce anonymity
- Data correlation risk
Privacy Settings:
- Settings → Privacy → Phone Number
- Choose visibility:
- Everyone
- Contacts only
- Not public
- Allow search by phone: On/Off
Communication Encryption
End-to-End Encryption
Signal Protocol:
Sender's Device
↓
Message Encryption (Signal Protocol)
↓
Upload Encrypted Data
↓
Server Forwards (Cannot Decrypt)
↓
Receiver's Device
↓
Local Decryption
↓
Display MessageProtected Content:
- Text messages
- Images and videos
- File transfers
- Voice messages
- Voice calls
- Group chats
Perfect Forward Secrecy
How It Works:
Each Message Independent Key
- Different messages different keys
- Keys not reused
- Leak one doesn't affect others
Automatic Key Rotation
- Periodically update keys
- Auto in background
- No user action needed
Security Guarantee
- Even if current key leaked
- Historical messages still secure
- Future messages still secure
- Maximum protection
Group Encryption
Group End-to-End Encryption:
Sender Keys
- Each member independent key
- Group key encryption
- All end-to-end
- Server cannot read
Member Changes
- New member joins: Key rotation
- Member leaves: Re-encryption
- Auto handling
- Maintain security
Metadata Protection
What is Metadata
Metadata Includes:
- Sender and receiver
- Message timestamp
- Message size
- IP address
- Online status
- Device info
Why Important:
- Can deduce communication relationships
- Can analyze behavior patterns
- Can track location
- Needs protection
Mixin's Metadata Protection
Minimize Collection:
Necessary Data
- Sender/receiver (for routing)
- Timestamp (only accurate to day)
- Message size (obfuscated)
Data Not Collected
- Message content
- Contact list
- Location info (unless actively shared)
- Browsing history
Regular Cleanup
- Metadata periodically deleted
- Logs auto cleaned
- Minimize storage
- Reduce risk
IP Address Protection
Hide IP:
Server Relay
- Forward through servers
- Other party cannot see real IP
- Bidirectional protection
- Prevent tracking
Use VPN (Optional)
- Further hide IP
- Prevent ISP monitoring
- Bypass geographic restrictions
- Enhance privacy
Data Storage
Local Storage
Data on Device:
Chat Records
- Only stored locally
- Server doesn't save
- Encrypted storage
- Cleared on uninstall
Encryption Method
- SQLCipher database encryption
- Keys stored in Keychain/KeyStore
- System-level protection
- App lock extra protection
Data Control
- You have complete control
- Can delete anytime
- Won't sync to cloud
- Privacy first
Cloud Storage
Server Storage:
Content Not Stored
- Don't store message content
- Don't store file content
- Only forward encrypted data
- Delete after delivery
Temporary Storage
- Temporarily store offline messages
- Deliver when user online
- Delete immediately after delivery
- Max 30 days retention
Asset Data
- Stored on blockchain
- Public but anonymous
- Cannot tamper
- Cannot delete
Backup & Export
Data Export:
Chat Records
- Export as text files
- Include timestamps
- Save locally
- You control sharing
Contacts
- Export contact list
- Don't include private info
- Convenient for migration
- Encryption protection
Transaction Records
- Export asset transactions
- CSV format
- For accounting
- Privacy awareness
Privacy Settings
Account Privacy
Visibility Settings:
Profile
- Settings → Privacy → Profile
- Choose visible range:
- Everyone
- Contacts only
- Not public
Avatar and Nickname
- Who can see avatar
- Who can see nickname
- Who can see bio
- Fine-grained control
Online Status
- Settings → Privacy → Online Status
- Show online: On/Off
- Show "typing": On/Off
- Show last seen time: On/Off
Message Privacy
Message Settings:
Read Receipts
- Settings → Chat → Read Receipts
- Send read receipts: On/Off
- When off, others don't know you read
- You also won't see others read
Disappearing Messages
- Conversation Settings → Disappearing Messages
- Set auto-destroy time:
- 10s, 30s, 1min
- 5min, 1hour, 1day, 1week
- Auto delete from both devices
- Cannot recover
Screenshot Notification
- Auto enabled
- Notified when other party screenshots
- Protects sensitive info
- Cannot disable
Contact Privacy
Who Can Contact You:
Add Friends
- Settings → Privacy → Add Friends
- Everyone can add
- Only via ID
- Require verification question
- Completely closed
Group Invitations
- Who can invite you to groups:
- Everyone
- Contacts only
- Require confirmation
- Not allowed
- Who can invite you to groups:
Blocklist
- Block users
- No longer receive messages
- They don't know
- Can unblock anytime
Location Privacy
Location Sharing
Share Location Carefully:
Sharing Methods
- Send current location
- Send live location (continuous)
- Only in chat
- Won't auto share
Privacy Risks
- Expose whereabouts
- Can deduce behavior patterns
- Security risks exist
- Use carefully
Best Practices
- Don't share with strangers
- Share nearby not exact
- Stop live sharing promptly
- Careful in public places
GPS Permissions
Permission Management:
Only While Using
- Recommended setting
- Only use when sharing location
- No background access
- Protect privacy
Completely Deny
- Higher privacy protection
- Cannot share location
- Cannot use nearby features
- Most secure
Contact Privacy
Address Book Upload
Mixin Doesn't Upload Address Book:
✅ Privacy Protection:
- Don't read system contacts
- Don't auto upload contacts
- Don't analyze social relationships
- Completely isolated
Add Contact Methods:
- Via Mixin ID
- Scan QR code
- Search by phone (requires consent)
- Add from groups
- Completely controllable
Social Graph
Relationship Privacy:
Contact List
- Only stored locally
- Server doesn't know your friends
- Don't analyze social relationships
- Protect social privacy
Mutual Friends
- Can optionally show mutual friends
- Help verify identity
- Can disable
- Privacy first
Payment Privacy
Transaction Privacy
Blockchain Characteristics:
Public Ledger
- All transactions public
- Can query transaction history
- Amount transparent
- Time transparent
Anonymity
- Addresses not tied to identity
- Cannot directly track to person
- Can use multiple addresses
- Protect privacy
Privacy Coins
- Support privacy coins (like Monero)
- Transactions completely hidden
- Amount hidden
- Stronger privacy
Transfer Privacy
Within Mixin:
End-to-End Encryption
- Transfer messages encrypted
- Amount not visible externally
- Only both parties know
- Server doesn't know
Record Management
- Save records locally
- Can export
- Can delete
- You control
Security Best Practices
Account Security
Basic Security:
Strong PIN Code
- 6 random digits
- Avoid simple combinations
- Change regularly
- Don't share with others
Biometrics
- Enable fingerprint/face
- Quick and secure
- Stored locally
- Hardware protection
Device Security
- Set device password
- Auto lock screen
- Update system regularly
- Install antivirus
Advanced Security:
Mnemonic Backup
- Write multiple copies
- Store in different locations
- Fireproof waterproof
- Check regularly
Social Recovery
- Set recovery contacts
- Choose trusted people
- Disperse in different regions
- Confirm regularly
Two-Factor Authentication
- Built-in 2FA
- Verify each transaction
- Biometrics
- See 2FA Guide
Communication Security
Private Conversations:
Verify Identity
- Compare security codes
- Scan QR verification
- Prevent man-in-the-middle
- Confirm authenticity
Sensitive Info
- Use disappearing messages
- Delete records promptly
- Don't screenshot
- Pay attention to surroundings
File Sharing
- Extra encrypt sensitive files
- Use password protection
- Delete promptly after sending
- Confirm recipient
Network Security
Secure Connection:
Avoid Public Wi-Fi
- Public Wi-Fi unsafe
- May be monitored
- Use cellular data
- Or use VPN
VPN Use
- Hide real IP
- Encrypt network transmission
- Prevent ISP monitoring
- Choose trusted VPN
Anti-Phishing
- Only use official apps
- Don't click suspicious links
- Verify domain names
- Don't enter sensitive info
Privacy Threats
Common Threats
Social Engineering:
- Impersonate officials
- Trick mnemonic/PIN
- Induce transfers
- Phishing attacks
Device Threats:
- Phone stolen
- Malware
- Keyloggers
- Screen monitoring
Network Threats:
- Man-in-the-middle attacks
- Public Wi-Fi eavesdropping
- DNS hijacking
- Traffic analysis
Protection Measures
Identify Phishing:
✅ Official Characteristics:
- Official domain: mixin.one
- Download from official app stores
- Official social media verified
- Official never asks for mnemonic
❌ Phishing Characteristics:
- Similar domains (like mixinone.com)
- Ask for mnemonic phrase
- Request transfer verification
- Urgent threat language
Device Protection:
- Download from official sources
- Install security software
- Scan for malware regularly
- Don't root/jailbreak
- Update system promptly
Careful Operations:
- Don't trust strangers
- Don't click suspicious links
- Don't scan suspicious QR codes
- Verify before operating
Privacy Audits
Transparency Reports
Mixin Commitment:
Open-Source Code
- Client completely open-source
- Public on GitHub
- Community review
- Continuous updates
Security Audits
- Regular third-party audits
- Public audit reports
- Timely fix vulnerabilities
- Transparent disclosure
Data Policy
- Minimize collection
- Don't sell data
- No ad tracking
- Privacy first
Third-Party Audits
Independent Verification:
- Security company audits
- Cryptography expert reviews
- Bug bounty program
- Community contributions
Legal Compliance
Data Protection Regulations
GDPR Compliance:
- Data minimization
- User control
- Right to deletion
- Transparency
Various Countries' Regulations:
- Comply with local laws
- Cooperate with legal investigations
- Protect user privacy
- Balance interests
Data Requests
Government Requests:
Data Can Provide
- Registration time
- Last login time
- IP address (limited)
- Metadata (minimal)
Data Cannot Provide
- Message content (end-to-end encrypted)
- Private keys/mnemonic (not stored)
- Chat records (not saved)
- Contact list (locally stored)
Privacy Tools
Hide Conversations
Private Conversations:
Enable Method
- Long press conversation
- Select "Hide Conversation"
- Enter PIN to confirm
- Hidden from list
Access Method
- Pull down conversation list
- Enter PIN
- Show hidden conversations
- Auto hide on exit
Features
- No notification preview
- Requires PIN access
- Protects sensitive conversations
- Extra privacy layer
Stealth Mode
Leave No Trace:
Disappearing Messages
- Messages auto-destroy
- Time settable
- Delete from both devices
- Cannot recover
Disable Screenshot
- Disappearing message conversations
- System blocks screenshot (iOS)
- Screenshot notifies (Android)
- Protect content
Common Questions
Can Mixin see my messages?
No:
- End-to-end encryption
- Keys only on device
- Server cannot decrypt
- Even if wanted, cannot see
What can metadata reveal?
Limited info:
- Who communicates with whom
- Approximate time
- Message quantity
- But cannot see content
Can police retrieve chat records?
No:
- Messages not stored on server
- End-to-end encrypted
- Even if server seized
- Cannot obtain content
Are deleted messages really deleted?
Local delete:
- Deleted from your device
- Other party's device still has
- Cannot remotely delete
Disappearing messages:
- Delete from both devices
- Completely deleted
- Cannot recover
Will anonymous accounts be banned?
No:
- Anonymous is normal use
- Doesn't violate rules
- Won't ban for anonymity
- Privacy rights
Is VPN use more secure?
Yes:
- Hide real IP
- Prevent ISP monitoring
- Bypass censorship
- Extra protection layer
Can I create multiple accounts?
Yes:
- Unlimited
- Completely isolated
- Different purposes
- Protect privacy
Related Resources
- Encrypted Chat - Learn encryption technology
- Two-Factor Authentication - Improve account security
- Social Recovery - Secure recovery solution
- Create Account - Anonymous registration guide
- Getting Started - Basic usage tutorial