One major goal of the AllNet project is, by design, to provide users with privacy in their chat communications. All interpersonal (non-broadcast) communications are encrypted using a key generated on the device itself. The secret part of the key is never shared or transmitted in the clear by AllNet.
By design, the content of all communications is hidden from all but the sender and intended receiver(s). The only information available to other devices is fact that transmission is taking place, and addresses (and more generally, envelope information) carried with the message.
The sender of a message is informed when that message has been acknowledged by the receiver's device. This can allow senders to guess when their contacts' devices are on and reachable.
All key material and all chat records are stored unencrypted on the device (they are in your home folder's .allnet folder). Depending on the security provided by your device, they may be available in backups or to anyone who gains access to your device.
Devices respond to trace messages with a randomly-selected ID. A new trace ID is selected every time allnet is started or re-started. This mechanism allows for short-term tracking of devices, which is useful for checking connectivity, for debugging, and for gathering statistics.
If there are errors (bugs) in the design or implementation of this software, the AllNet security goals may not be accomplished. If this happens, others may have access to your confidential information, including the contents of chat messages and they keys used to generate and read encrypted chat messages.
Although AllNet has been designed to be as decentralized as possible, there are some central points of failure when using the Internet. The next few paragraphs consider some of these, bearing in mind that we may have overlooked one or more.
It may be that a device will fail to connect to the Distributed Hash Table (DHT) if DNS is compromised. Or it may connect to a specialized DHT operated by an adversary. The same is true if routing tables on routers are compromised.
Mobile devices generally decline (for battery reasons) to let apps run all the time, and instead rely on centralized servers to 'push' notifications through to the device. This leads to many possible compromises on such mobile devices, including (if keys or servers are compromised) the ability for attackers to monitor when a device is online, to send spurious notifications that may discharge a device's battery, or to withold notifications. This concern does not affect full-sized computers, which allow software to run unimpeded and accordingly do not require push notifications.
As of August 2019, the developers are unaware of any compromise of such push server keys.
While these attacks may allow monitoring or disruption of the Internet portion of AllNet, if the rest of AllNet works as intended, these attacks can neither lead to reading of encrypted messages, for which only the devices hold the keys (communication keys are different from push keys), nor disrupt AllNet peer-to-peer (ad-hoc) communications.
Encryption is morally neutral, in that it can be put to good use by both moral and immoral people. Each user of AllNet is responsible for the use to which they put the software. The developers strongly prefer that AllNet only be used in ways that do not harm people .