Another day another backdoor in a messaging application. It seems like the more you care about your privacy the easier it gets for state actors to snoop upon your communications.
I believe it is time that we bring back the old instant messaging paradigm. If you recall from your early Yahoo! Messenger/AIM days, instant messaging was always synchronous. The services provided ways to send messages between users, but their main implementation was akin to a directory service. While you could look up if a contact was offline, you could only send them a message if they were online and available.
As these IM networks became more advanced and popular, services began offering the capability to send ‘offline’ messages. These messages, by their nature, would be stored on the company’s server until the recipient went online and was able to download them. This was a diversion from the quasi-synchronous behavior to one that was more a store-and-forward system, just like email. I believe that one of the reasons for this change was that as more people started obtaining always-on broadband connections, it became harder for messaging software to directly connect with other computers. This is because due to IPv4 design challenges, computers sharing an Internet IP address had to be put behind address translators and that made it necessary to employ an intermediary service that the clients could connect to. This solved the connectivity issue while also affording the capability to send offline messages.
Of course, any time you introduce a store-and-forward system into your communications, you are opening it up for easier surveillance. I say easy because the listener/hacker does not have to be listening in real-time. They could just get access to the store system and read the communication asynchronously.
This was also a time when security and privacy was something no one even thought of.
With the current privacy climate, I think it is time to get back to the basics. Messaging should be like making a phone call. If the other person is offline or not available, the messages need to either be dropped or be unable to be sent. This is the best way to protect privacy.
Now that IPv6 is gaining traction and helps alleviate the address translation issues with the ‘old Internet’, it is all the while easier to build such a chat system without much effort. Forget secure messaging services; the best security is one that you control.
So how would this work?
Server:
Open source, based on an open directory standard that would allow people to indicate availability by virtue of a unique identifier. What this identifier can be is an implementation detail, but a phone number or email sounds like a good idea.
When clients connect to the directory server, they can query a particular contact’s availability status. Additionally, they will be able to advertise their network address so that other clients could establish a connection directly for messaging. No store-and-forward.
Client:
Open source, based on open connectivity standards. The client would tell the directory server that a contact with the specified identifier is online and ready to receive messages/voice/video at their particular address.
In order to send or receive messages, the usual encryption techniques would be followed. I envision an extension to the existing public key infrastructure, but for people.
This is my general idea and I am sure that I am not the only person who would love to see something like this.
A lot of people that use today’s messaging platforms have never seen the glory days of instant messaging past. We still had bots in the early 00’s. We had voice and video as well. We had everything! What we did not have back then was secret backdoors. Or maybe they were pretty good secrets!
As phones and computers get more powerful and the Internet more advanced, it only makes sense to cut out the middleman.