Privacy focussed messenger: Difference between revisions

Guiding principles

• Everyone is blocked by default
• Can only message contacts where there is mutual agreement (i.e. both have added each other)
• Text only
• Transit over open protocols
• Mandatory encryption of communication stream
• Mandatory encryption of data (E2EE)
• No read receipts
• No way to know if someone has added/removed you from their contacts
• Messaging someone who hasn't added you to contacts = message silently deleted

Thoughts

• How to avoid a centralised server
• Important to prevent abuse of the service
• Only allow connections if both people make a request (don't show incoming requests)
• What transport mechanism should be used?
• How can users send messages over a p2p protocol? Don't want a centralised server.
• End to end encryption mandatory - client certificates? Public keys?
• How to migrate / sync messages to another phone or device?
• How to backup messages?
• What if a user has multiple devices and wants to check messages on all of them?
• How would group chats work?
• How to deliver a message when a user is offline?
• Could Tor be used for message delivery?
• How to ensure each user has a unique ID? Use their email address?
• What prevents a user from using someone else's ID?
• If a user is removed as a contact, do not tell the other party and simply drop their messages.
• No read receipts, might offer delivery receipts. This can leak information so need to be careful.
• Double Ratchet Algorithm
• Perfect Forward Secrecy?
• How can we stop messages from being decrypted in future when computational power makes it feasible to brute force?

Reasoning

Text only: Simple to implement, compresses well, less scope for abuse (e.g. can't send images)