|
|
=== part uno ===
|
|
|
### part uno
|
|
|
The session focused on discussing the end-to-end encrypted messaging space and understanding how each of the solutions integrate in the Tor ecosystem.
|
|
|
|
|
|
==== Tor Messenger ====
|
|
|
Tor Messenger supports multiple transport protocols. Server-client architecture. Alternative to Pidgin/Adium. Goal: wrap such a client into Tor. No audits yet. Secure update mechanism. Investigating n+1Sec for group messaging. Summer of Code work on [https://coniks.cs.princeton.edu CONIKS] integration. Goal of CONIKS: Key Transparency. Automating public key distribution. Uses the same Tor controller that Tor Browser, enables the use of bridges.
|
|
|
#### Tor Messenger
|
|
|
Tor Messenger supports multiple transport protocols. Server-client architecture. Alternative to Pidgin/Adium. Goal: wrap such a client into Tor. No audits yet. Secure update mechanism. Investigating n+1Sec for group messaging. Summer of Code work on [CONIKS](https://coniks.cs.princeton.edu) integration. Goal of CONIKS: Key Transparency. Automating public key distribution. Uses the same Tor controller that Tor Browser, enables the use of bridges.
|
|
|
|
|
|
==== Tor Messenger vs Ricochet ====
|
|
|
#### Tor Messenger vs Ricochet
|
|
|
Solving different problems. Ricochet tries to address the metadata-free problem. Tor Messenger relies on other services.
|
|
|
|
|
|
Despite Ricochet’s appeal, there are still many open questions around that type of architecture:
|
... | ... | @@ -13,20 +13,20 @@ Despite Ricochet’s appeal, there are still many open questions around that typ |
|
|
* Presence detection can not be revoked
|
|
|
* No store and forward architecture means no support for asynchronous conversations
|
|
|
|
|
|
==== Future of Tor Messenger ====
|
|
|
#### Future of Tor Messenger
|
|
|
Tor Messenger has a good user experience. It now features an updater. It might be time to bring it out of “beta” and start encouraging the larger community to use it and provide more feedback.
|
|
|
|
|
|
Tor Messenger has not been funded for some time and we have had a discussion about how Tor Messenger can differentiate itself from other messaging clients by taking advantage of the Tor expertise in reducing metadata.Funders want to associate a Tor-related project with anonymity.
|
|
|
|
|
|
Additional UX work has to be done on Tor Messenger to convey security properties.
|
|
|
|
|
|
==== Some focus areas ====
|
|
|
#### Some focus areas
|
|
|
* Standard Onion Messaging Protocol with e-2-e encryption
|
|
|
* Group chat: Group-chat is fundraiser-friendly because it’s crucial for groups to organize.
|
|
|
|
|
|
'''part deux'''
|
|
|
**part deux**
|
|
|
|
|
|
==== What makes a Tor-enabled Messenger Today? ====
|
|
|
#### What makes a Tor-enabled Messenger Today?
|
|
|
* Does it support proxying over Tor?
|
|
|
* Does it embed a Tor binary/daemon?
|
|
|
* Does it support communicating via or connecting to Onion addresses?
|
... | ... | @@ -37,18 +37,19 @@ Additional UX work has to be done on Tor Messenger to convey security properties |
|
|
* Is there a mobile app?
|
|
|
* Does it support secure auto updating?
|
|
|
|
|
|
|| '''App Name''' || '''Tor Proxying''' || '''Tor bundled'''|| '''Onion Servers'''|| '''Onion P2P'''|| '''Interop Protocol'''|| '''Content Encryption'''|| '''Desktop'''|| '''Mobile'''|| '''Secure Updater'''||
|
|
|
|| '''Tor Messenger''' || X || X || X || || X||X || X || || X||
|
|
|
|| '''Ricochet''' || X || X || || X|| || || X || || ||
|
|
|
|| '''Coy.im''' || X || || X|| || ||X || X || || ||
|
|
|
|| '''ChatSecure''' || X ||X ||X || || X|| X|| || X|| ||
|
|
|
|| '''Conversations''' || X || X ||X || ||X ||X || X ||X || ||
|
|
|
|| '''Briar''' || X ||X || ||X || || X|| ||X || ||
|
|
|
|| '''Cryptocat''' || || || || || || || X || || ||
|
|
|
|| '''Signal''' || || || || || ||X || X ||X || ||
|
|
|
|| '''WhatsApp''' || || || || || ||X || X || X|| ||
|
|
|
|
|
|
==== What are future, aspirational goals for "Onion Messengers"? ====
|
|
|
| **App Name** | **Tor Proxying** | **Tor bundled**| **Onion Servers**| **Onion P2P**| **Interop Protocol**| **Content Encryption**| **Desktop**| **Mobile**| **Secure Updater**|
|
|
|
|--------------|------------------|----------------|------------------|--------------|---------------------|-----------------------|------------|-----------|-------------------|
|
|
|
| **Tor Messenger** | X | X | X | | X|X | X | | X|
|
|
|
| **Ricochet** | X | X | | X| | | X | | |
|
|
|
| **Coy.im** | X | | X| | |X | X | | |
|
|
|
| **ChatSecure** | X |X |X | | X| X| | X| |
|
|
|
| **Conversations** | X | X |X | |X |X | X |X | |
|
|
|
| **Briar** | X |X | |X | | X| |X | |
|
|
|
| **Cryptocat** | | | | | | | X | | |
|
|
|
| **Signal** | | | | | |X | X |X | |
|
|
|
| **WhatsApp** | | | | | |X | X | X| |
|
|
|
|
|
|
#### What are future, aspirational goals for "Onion Messengers"?
|
|
|
* Does it support group messaging? Encrypted group messaging?
|
|
|
* Is there seamless support for both mobile and desktop use?
|
|
|
* Does it support voice, photo or other media/file sharing?
|
... | ... | @@ -56,7 +57,7 @@ Additional UX work has to be done on Tor Messenger to convey security properties |
|
|
* Does it support volatile, temporary "burner" identities? #16606
|
|
|
* Does it leverage existing social networks/graphs to more easily bootstrap new users and communities? (e.g., working with existing email addresses, or twitter handles)
|
|
|
|
|
|
==== Metadata Reduction Possibilities ====
|
|
|
#### Metadata Reduction Possibilities
|
|
|
* Don't publish buddy list "Rosterless Communication" #20293
|
|
|
* Don't publish real names, vcards for yourself or others to servers; Only send encrypted #20294
|
|
|
* Use Keys as identities, and not "real names" or nicknames (aka ABC123@foo.com instead of IAmNathan@foo.com)
|
... | ... | |