Saturday, August 15, 2015

Secure Communication on Mobile Phones Using Only Libre Apps

I have previously written why I prefer Telegram over WhatsApp and that gap continues to widen since Telegram introduced an API for building bots and since WhatsApp sent me a legal notice for building a bot.

Meanwhile, one thing we should remember is that despite Telegram's promise that it'll eventually open source all code, its server side code isn't open yet and shows no sign of being open any time soon.

People like me often wonder if there can be a completely free working application for secure mobile messaging.

TextSecure is hailed upon as a solution to this issue by many. But, its developers have trust issues with f-droid and also want Google Play Services installed on the phone which's ridiculous in my opinion. People who'd want to use TextSecure instead of Telegram are the people who would want complete free software on their phones and TextSecure is virtually impossible to be installed on your CyanogenMod phones unless you flash Google apps which beats the entire purpose.

Another approach was brought out by Tox which worked almost like a torrents did, with a peer to peer messaging system. But this consumes large amounts of data on a mobile device and leaves one less than satisfied.

I often tend to like standards based approach in situations like these. And the only long time IM standard that I know of is XMPP. But, the way XMPP is defined right now there are a lot of things that make it unsuitable for the mobile environment.

  1. Nobody is developing a good XMPP based solution.

    There is an app called Conversations which is very very nice. But if you were to list down the steps to get started on it here's how it goes:
    • Buy the app on play store OR allow untrusted sources, download & install f-droid, then download & install Conversations
    • Find an XMPP server
    • Sign up for the XMPP server
    • Notify friends (probably through other means) about your XMPP id
    • Enable encryption manually and only when mutually agreed upon.

    This complicated approach can never get the critical mass of people on it.

  2. That bit about encryption deserves to be a point on its own. As of now, OTR is the most popular solution for encrypted chat on XMPP. But OTR works only if both sender and receiver are online at the same time. OpenPGP based encryption is unreliable. Encryption will probably be solved when axolotl support gains traction.
  3. Contact discovery is more important than we think it is.
  4. Push messaging?

That's where Kontalk comes in. Kontalk is built on top of XMPP and stays as close to standards as is possible. It is encrypted by default and designed to save on the server as little information as possible about the clients.

Kontalk supports push messaging which is a battery saver on mobile phones.

Also, the contact discovery on Kontalk is based on one's phone number (just like on Telegram). This makes it easier to find friends using Kontalk.

But Kontalk still doesn't have group chat support. It doesn't work on multiple devices simultaneously.




The way forward

An ideal mass messaging client should have the following features
  • Easy to use, even for the least technical people.
  • Encrypted.
  • Allow discovery of contacts with existing contact information.
  • Support multiple devices and sync chat history among them.
  • Support group messaging. 
  • Support push notifications.
  • Use as little data as possible.
  • Allow sending files. 
  • Federated. 
  • Follow standard protocols (or create them if none exists)
Both Conversations and Kontalk get some parts of the above feature set correct. But neither fulfills it completely.

Diaspora now has built in XMPP server thus allowing Conversations to connect with it. Once it supports tigase it can be made to also support Kontalk.

Ambitious diaspora pods like poddery.com and diasp.in are certainly dreaming of a social future where diaspora and XMPP are closely knit together to form a standard based, federated, secure, free, self-hostable, cohesive social network infrastructure.

Get posts via email:

No comments :

Post a Comment

What do you feel?




One more time, subscribe via email: