Privacy focussed messenger
Guiding principles
- Everyone is blocked by default
- Can only message contacts where there is mutual agreement (i.e. both have added each other)
- Text only
- Transit over open protocols
- Mandatory encryption of communication stream
- Mandatory encryption of data (E2EE)
- No read receipts
- No way to know if someone has added/removed you from their contacts
- Messaging someone who hasn't added you to contacts = message silently deleted
Thoughts
- How to avoid a centralised server
- Important to prevent abuse of the service
- Only allow connections if both people make a request (don't show incoming requests)
- What transport mechanism should be used?
- How can users send messages over a p2p protocol? Don't want a centralised server.
- End to end encryption mandatory - client certificates? Public keys?
- How to migrate / sync messages to another phone or device?
- How to backup messages?
- What if a user has multiple devices and wants to check messages on all of them?
- How would group chats work?
- How to deliver a message when a user is offline?
- Could Tor be used for message delivery?
- How to ensure each user has a unique ID? Use their email address?
- What prevents a user from using someone else's ID?
- If a user is removed as a contact, do not tell the other party and simply drop their messages.
- No read receipts, might offer delivery receipts. This can leak information so need to be careful.
- Double Ratchet Algorithm
- Perfect Forward Secrecy?
- How can we stop messages from being decrypted in future when computational power makes it feasible to brute force?
Reasoning
Text only: Simple to implement, compresses well, less scope for abuse (e.g. can't send images)