<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <p><br> </p> <blockquote type="cite" cite="mid:1592725504.566457000.o1rynmva@frv54.fwdcdn.com"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <span style="display:block;" class="xfm_50266624"> <div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">Most messengers provide only the illusion of security. They sacrifice basic rules for the convenience of ordinary users without caring for those who really need security.</span></div> <div><br> </div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">Really safe messenger MUST:</span></div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">- never updated remotely;</span></div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">- does not integrate with other services (for example, does not use phone numbers or mail as an ID);</span></div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">- has powerful ID protection in its protocol;</span></div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">- provides plausible deniability of having contact in book.</span></div> </div> </span></blockquote> <p>What do you think about updates over Tor?</p> <p>In particular: app developer provides update url that is same for everyone. Clients only do GET request on that url. And client can/should come via Tor to hide its ip/identity.</p> <p>And updates are allowed when user clicks button, i.e. never without the confirmation. Downloaded bytes' hashes can be calculated and compared to known safe version's hash. Friends should provide assurance, hashes should be calculated and checked by program, showing only confirmations as info for user.</p> <p>Anonymity of client leaves to attacker only in-discriminant bundestrojaner scenario.</p> <p>Thoughts, concerns, UI suggestions?<br> </p> <blockquote type="cite" cite="mid:1592725504.566457000.o1rynmva@frv54.fwdcdn.com"><span style="display:block;" class="xfm_50266624"> <div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">I tried to implement these requirements in my Torfone: <a class="moz-txt-link-freetext" href="https://github.com/gegel/torfone">https://github.com/gegel/torfone</a></span></div> <div><br> </div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">The onion address is generated locally and uses as ID.</span></div> <div><span style="font-family:Arial;font-size:10pt;line-height:12pt;">Authentication is performed independently of Tor using own keys. The IDs of caller and callee are protected with PFS (by adding the SPEKE protocol result to the hash of the signal's tDH). The session key is output using a simple DH: tDH result is used only for authentication. This makes it possible to receive calls from unauthenticated subscribers (with the corresponding notification). During a call any subscriber can add his or other contact to your address book, so you can explain the presence of a compromising contact in it. Open source makes it easy to check the protocol for leaks.</span></div> </div> </span></blockquote> <p>Wow. This sounds cool. But may I voice issue #2 again? Can you either give some script to setup environment for compilation, or give detailed doc. This whole concept of usability first of all touches us, devs :) , then we try helping users.</p> <p>On the site I see mentioning of PGPFone. Is code related? Or, do you take conceptual inspiration?</p> <p>Can you spell out architecture? It can be doodly doc file(s) for project, and cc-ed/ref-ed here. We'll appreciate that.</p> <p>Do you have license there (like in each file)? Or do you want it to be a public domain? If later, you can say this explicitly, like djb did with nacl.<br> </p> </body> </html>