Privacy focussed messenger: Difference between revisions

From Rixort Wiki
Jump to navigation Jump to search
Created page with "Category:Open Source Software"
 
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Guiding principles ==
* Everyone is blocked by default
* Can only message contacts where there is mutual agreement (i.e. both have added each other)
* Text only
* Transit over open protocols
* Mandatory encryption of communication stream
* Mandatory encryption of data (E2EE)
* No read receipts
* No way to know if someone has added/removed you from their contacts
* Messaging someone who hasn't added you to contacts = message silently deleted
== Thoughts ==
* How to avoid a centralised server
* Important to prevent abuse of the service
* Only allow connections if both people make a request (don't show incoming requests)
* What transport mechanism should be used?
* How can users send messages over a p2p protocol? Don't want a centralised server.
* End to end encryption mandatory - client certificates? Public keys?
* How to migrate / sync messages to another phone or device?
* How to backup messages?
* What if a user has multiple devices and wants to check messages on all of them?
* How would group chats work?
* How to deliver a message when a user is offline?
* Could Tor be used for message delivery?
* How to ensure each user has a unique ID? Use their email address?
* What prevents a user from using someone else's ID?
* If a user is removed as a contact, do not tell the other party and simply drop their messages.
* No read receipts, might offer delivery receipts. This can leak information so need to be careful.
* Double Ratchet Algorithm
* Perfect Forward Secrecy?
* How can we stop messages from being decrypted in future when computational power makes it feasible to brute force?
== Reasoning ==
'''Text only:''' Simple to implement, compresses well, less scope for abuse (e.g. can't send images)
[[Category:Open Source Software]]
[[Category:Open Source Software]]

Latest revision as of 10:03, 25 October 2023

Guiding principles

  • Everyone is blocked by default
  • Can only message contacts where there is mutual agreement (i.e. both have added each other)
  • Text only
  • Transit over open protocols
  • Mandatory encryption of communication stream
  • Mandatory encryption of data (E2EE)
  • No read receipts
  • No way to know if someone has added/removed you from their contacts
  • Messaging someone who hasn't added you to contacts = message silently deleted

Thoughts

  • How to avoid a centralised server
  • Important to prevent abuse of the service
  • Only allow connections if both people make a request (don't show incoming requests)
  • What transport mechanism should be used?
  • How can users send messages over a p2p protocol? Don't want a centralised server.
  • End to end encryption mandatory - client certificates? Public keys?
  • How to migrate / sync messages to another phone or device?
  • How to backup messages?
  • What if a user has multiple devices and wants to check messages on all of them?
  • How would group chats work?
  • How to deliver a message when a user is offline?
  • Could Tor be used for message delivery?
  • How to ensure each user has a unique ID? Use their email address?
  • What prevents a user from using someone else's ID?
  • If a user is removed as a contact, do not tell the other party and simply drop their messages.
  • No read receipts, might offer delivery receipts. This can leak information so need to be careful.
  • Double Ratchet Algorithm
  • Perfect Forward Secrecy?
  • How can we stop messages from being decrypted in future when computational power makes it feasible to brute force?

Reasoning

Text only: Simple to implement, compresses well, less scope for abuse (e.g. can't send images)