Privacy focussed messenger: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
* How to avoid a centralised server | * How to avoid a centralised server | ||
* | * Important to prevent abuse of the service | ||
* How to deliver | * Only allow connections if both people make a request (don't show incoming requests) | ||
* How to | * What transport mechanism should be used? | ||
* How can users send messages over a p2p protocol? Don't want a centralised server. | |||
* End to end encryption mandatory - client certificates? Public keys? | |||
* How to migrate / sync messages to another phone or device? | |||
* How to backup messages? | |||
* What if a user has multiple devices and wants to check messages on all of them? | |||
* How would group chats work? | |||
* How to deliver a message when a user is offline? | |||
* Could Tor be used for message delivery? | |||
* How to ensure each user has a unique ID? Use their email address? | |||
* What prevents a user from using someone else's ID? | |||
* If a user is removed as a contact, do not tell the other party and simply drop their messages. | |||
* No read receipts, might offer delivery receipts. This can leak information so need to be careful. | |||
* Double Ratchet Algorithm | |||
* Perfect Forward Secrecy? | |||
* How can we stop messages from being decrypted in future when computational power makes it feasible to brute force? | |||
== Reasoning == | |||
'''Text only:''' Simple to implement, compresses well, less scope for abuse (e.g. can't send images) | |||
[[Category:Open Source Software]] | [[Category:Open Source Software]] |
Latest revision as of 10:03, 25 October 2023
Guiding principles
- Everyone is blocked by default
- Can only message contacts where there is mutual agreement (i.e. both have added each other)
- Text only
- Transit over open protocols
- Mandatory encryption of communication stream
- Mandatory encryption of data (E2EE)
- No read receipts
- No way to know if someone has added/removed you from their contacts
- Messaging someone who hasn't added you to contacts = message silently deleted
Thoughts
- How to avoid a centralised server
- Important to prevent abuse of the service
- Only allow connections if both people make a request (don't show incoming requests)
- What transport mechanism should be used?
- How can users send messages over a p2p protocol? Don't want a centralised server.
- End to end encryption mandatory - client certificates? Public keys?
- How to migrate / sync messages to another phone or device?
- How to backup messages?
- What if a user has multiple devices and wants to check messages on all of them?
- How would group chats work?
- How to deliver a message when a user is offline?
- Could Tor be used for message delivery?
- How to ensure each user has a unique ID? Use their email address?
- What prevents a user from using someone else's ID?
- If a user is removed as a contact, do not tell the other party and simply drop their messages.
- No read receipts, might offer delivery receipts. This can leak information so need to be careful.
- Double Ratchet Algorithm
- Perfect Forward Secrecy?
- How can we stop messages from being decrypted in future when computational power makes it feasible to brute force?
Reasoning
Text only: Simple to implement, compresses well, less scope for abuse (e.g. can't send images)