Privacy focussed messenger: Difference between revisions
Jump to navigation
Jump to search
| Line 17: | Line 17: | ||
* How to deliver messages when the recipient isn't online | * How to deliver messages when the recipient isn't online | ||
* How to generate unique usernames | * How to generate unique usernames | ||
* Important to prevent abuse of the service | |||
* Only allow connections if both people make a request (don't show incoming requests) | |||
* What transport mechanism should be used? | |||
* How can users send messages over a p2p protocol? Don't want a centralised server. | |||
* End to end encryption mandatory - client certificates? Public keys? | |||
* How to migrate / sync messages to another phone or device? | |||
* How to backup messages? | |||
* What if a user has multiple devices and wants to check messages on all of them? | |||
* How would group chats work? | |||
* How to deliver a message when a user is offline? | |||
* Could Tor be used for message delivery? | |||
* How to ensure each user has a unique ID? Use their email address? | |||
* What prevents a user from using someone else's ID? | |||
* If a user is removed as a contact, do not tell the other party and simply drop their messages. | |||
* No read receipts, might offer delivery receipts. This can leak information so need to be careful. | |||
* Double Ratchet Algorithm | |||
* Perfect Forward Secrecy? | |||
* How can we stop messages from being decrypted in future when computational power makes it feasible to brute force? | |||
[[Category:Open Source Software]] | [[Category:Open Source Software]] | ||
Revision as of 12:05, 1 October 2023
Guiding principles
- Everyone is blocked by default
- Can only message contacts where there is mutual agreement (i.e. both have added each other)
- Text only
- Transit over open protocols
- Mandatory encryption of communication stream
- Mandatory encryption of data (E2EE)
- No read receipts
- No way to know if someone has added/removed you from their contacts
- Messaging someone who hasn't added you to contacts = message silently deleted
Thoughts
- How to avoid a centralised server
- Can messages be delivered over Tor?
- How to deliver messages when the recipient isn't online
- How to generate unique usernames
- Important to prevent abuse of the service
- Only allow connections if both people make a request (don't show incoming requests)
- What transport mechanism should be used?
- How can users send messages over a p2p protocol? Don't want a centralised server.
- End to end encryption mandatory - client certificates? Public keys?
- How to migrate / sync messages to another phone or device?
- How to backup messages?
- What if a user has multiple devices and wants to check messages on all of them?
- How would group chats work?
- How to deliver a message when a user is offline?
- Could Tor be used for message delivery?
- How to ensure each user has a unique ID? Use their email address?
- What prevents a user from using someone else's ID?
- If a user is removed as a contact, do not tell the other party and simply drop their messages.
- No read receipts, might offer delivery receipts. This can leak information so need to be careful.
- Double Ratchet Algorithm
- Perfect Forward Secrecy?
- How can we stop messages from being decrypted in future when computational power makes it feasible to brute force?