Photo by Brooke Cagle on Unsplash

Top Features I Want in a Secure Messenger

Andrew Andrew

In the past few years, my thinking on secure messengers is changing. Originally, it was about protecting the data from "the State". It turns out, based on 10 years of data, I should be protecting my data from myself. This is an opinionated piece, your opinions may vary.

First off, what is a secure messenger? My definition is a device to device encrypted chat system. Something that lets me chat with a set of people, or bots, that I authorize, recognize, and with which I have text, audio, and/or video communications, preferably in near real-time. The medium for communication is irrelevant (Internets, Bluetooth, NFC, RFC2549). All communications are encrypted on the device before being sent off the device. Supports one-to-one or group shared communications.

In order of importance with explanations:

  1. Embraces open source and published standards.
    1. Any generally accepted open source license which allows for commits from a community of developers and users. Personally, I prefer the Blue Oak Council's Model License, or 3-clause BSD.
    2. Based on RFCs or other accepted standards so that others can build interoperable apps.
    3. Available from server itself or some open way without requiring an app store. A developer can charge for the app binary if they want to do so.
    4. For example, Threema or Jami.
  2. Minimal interface and application that focuses on the communication first.
    1. Native emojis from the device, not add-on sticker packs, nor 3rd party animated gifs, etc. 3rd party can be integrated by the user, but not forced.
    2. Context relevant menu options that can be hidden/minimized away.
    3. For example, Threema or Wire
  3. Decentralized Network
    1. No one company should run the servers that provide the directory, presence/availability, or in any way can exert control over the network.
    2. A distributed hash table, blockchain-like Merkle Tree, or something else could provide the "server" functionality which is really spread across all clients in a redundant fashion. Of course, the clients or shared servers shouldn't be able to know what's stored nor shared.
    3. For example, Jami, Element, Secure Scuttlebutt, or ActivityPub.
  4. Human Usable Identifiers
    1. Using various information in my existing address book, find other users, and/or update my addressbook with new identifiers. I'm never going to remember "98dd93d3ce5e5fe14521c96fab181e7991887687". Maybe I'll remember 62TT73PE, but I shouldn't have to, that's what the address book can do. If I put all my various identifiers in my own contact entry in my address book, then others should be able to find it.
    2. For example, Wire or Element.
  5. Shared Accounts across devices
    1. If I have 1-2 phones, a laptop, desktop, table, etc , then I should be able to use the same account across all my devices with near-realtime content sync.
    2. If I change any device, like getting a new phone, I should have the choice to share past history of communications between the old/new device.  This sharing should be direct between devices or via account recovery.
    3. For example, Wire, Jami, or Element.
  6. Independent Backups
    1. Let me backup everything to a separate file, not tied to any operating system backup scheme. This file should let you restore full account functionality.
    2. Protected by either a passphrase from the user or something like a BIP39 Mnemonic Passphrase. 
    3. For example, Threema or Wire.

I've tried over 100 secure messenger apps, and none quite fit what I want. I've submitted patches, funded bounties, or hired someone to write/submit patches to a few apps, but for one reason or another, it's never the way the core devs want to see a feature implemented. The rejection reasons typically fall along two extremes, "it's not secure enough for a dissident" or "no one wants that feature". The vast majority of users are not activists nor dissidents and don't need to conform to that threat model.

Some of the blockchain apps are pretty comical. "It's all on the blockchain!" except, you run the blockchain servers for your own special blockchain. The special blockchain will only exist as long as your company is solvent.

Just writing down where my head is at now. In another 10 years, who knows what I'll think. 

 

You should also read: