Privacy focussed messenger: Difference between revisions

From Rixort Wiki
Jump to navigation Jump to search
Line 14: Line 14:


* How to avoid a centralised server
* How to avoid a centralised server
* Can messages be delivered over Tor?
* How to deliver messages when the recipient isn't online
* How to deliver messages when the recipient isn't online
* How to generate unique usernames
* Important to prevent abuse of the service
* Important to prevent abuse of the service
* Only allow connections if both people make a request (don't show incoming requests)
* Only allow connections if both people make a request (don't show incoming requests)

Revision as of 11:05, 1 October 2023

Guiding principles

  • Everyone is blocked by default
  • Can only message contacts where there is mutual agreement (i.e. both have added each other)
  • Text only
  • Transit over open protocols
  • Mandatory encryption of communication stream
  • Mandatory encryption of data (E2EE)
  • No read receipts
  • No way to know if someone has added/removed you from their contacts
  • Messaging someone who hasn't added you to contacts = message silently deleted

Thoughts

  • How to avoid a centralised server
  • How to deliver messages when the recipient isn't online
  • Important to prevent abuse of the service
  • Only allow connections if both people make a request (don't show incoming requests)
  • What transport mechanism should be used?
  • How can users send messages over a p2p protocol? Don't want a centralised server.
  • End to end encryption mandatory - client certificates? Public keys?
  • How to migrate / sync messages to another phone or device?
  • How to backup messages?
  • What if a user has multiple devices and wants to check messages on all of them?
  • How would group chats work?
  • How to deliver a message when a user is offline?
  • Could Tor be used for message delivery?
  • How to ensure each user has a unique ID? Use their email address?
  • What prevents a user from using someone else's ID?
  • If a user is removed as a contact, do not tell the other party and simply drop their messages.
  • No read receipts, might offer delivery receipts. This can leak information so need to be careful.
  • Double Ratchet Algorithm
  • Perfect Forward Secrecy?
  • How can we stop messages from being decrypted in future when computational power makes it feasible to brute force?