Most chat applications use a "Client-Server-Client" model. When you send a message, it goes to a company's server, gets stored, and is then forwarded to your friend. The risk is clear: the server owner has a copy of your conversation.
The Client-Server Model
In a traditional messaging app, every piece of communication passes through a central server:
- You type a message on your phone
- The message is sent to the company's server
- The server stores the message in a database
- The server forwards the message to your friend's device
- Your friend reads the message
Even with end-to-end encryption, the server still handles the encrypted data and collects metadata: who sent what to whom, when, how often, message sizes, IP addresses, and device information. This metadata alone is incredibly valuable and revealing.
The MeetingPoint Difference: WebRTC
MeetingPoint uses WebRTC (Web Real-Time Communication), an open-source protocol built into every modern browser. Here's how it works:
- Your browser performs a "handshake" with your partner's browser through our signaling server
- The signaling server helps the two browsers find each other (like a phone directory)
- Once connected, the signaling server steps out of the way
- All video, audio, and text data flows directly from your IP to their IP
We couldn't record your call even if we wanted to—we simply aren't in the loop. It's like introducing two people at a party and then walking away. Whatever they discuss after that is between them.
What About the Signaling Server?
A fair question: if we have a signaling server, doesn't that server see something? Yes—but only the minimum required to establish the connection:
- The room ID (a random phrase, not tied to any identity)
- Connection candidates (IP addresses and ports for establishing the P2P link)
- This data is ephemeral and is not permanently stored or logged
Think of it like a postal service that delivers sealed envelopes. They know the addresses on the outside, but they can't read the contents. And unlike the postal service, we don't keep delivery records.
DTLS-SRTP Encryption
WebRTC doesn't just provide P2P connectivity—it mandates encryption. All WebRTC media streams are encrypted using DTLS-SRTP (Datagram Transport Layer Security - Secure Real-time Transport Protocol). This encryption is negotiated directly between browsers, meaning even if someone intercepted the data stream between you and your peer, they would see only encrypted gibberish.
The Bottom Line
The safest data is data that was never collected. MeetingPoint's P2P architecture doesn't just promise to protect your privacy through policy—it guarantees it through engineering. There's no database to breach, no logs to subpoena, and no profiles to sell.