I am concerned about the dominance of services like Facebook, Skype, Twitter, WhatsApp, and Viber. They are great services – but in an age where everything we write is recorded and archived for government agencies to reference and retrieve in a moment’s notice for all eternity – it is unhealthy/immoral/wrong.
The two principal problems we face nowadays is:
- having our messages intercepted in plaintext (via man-in-the-middle attacks or direct access to the company our messages transit through)
- having our messages tracked (also known as metadata) in an effort to discover and record our relationships
Further is the absolute control individual corporations have over our communications when we use a proprietary application like the ones mentioned above.
What we need is something akin to IRC – where individuals can provide intermediate servers – so that no one person controls the entire messaging service. We also need privacy so passing encrypted messages is a must – but only so that the recipient can decode, not an intermediate organisation as the above mentioned services do. Finally we need obscurity about the path messages take – they must not pass directly point-to-point but through a series of intermediaries so as to make tracking difficult.
It would also be “nice” to have a service that offers some storage or redundancy – so that transmission of a message when the intended recipient is not available is not lost but delivered at the point of recipient availability. Currently e-mail provides such a facility if used with GnuPG, for example, however e-mail does not provide obscurity of transmission path – and it was not designed for short messaging and/or image transmission.
I am currently thinking about how to achieve these two primary goals while also supporting secondary goals:
- support for short plaintext messaging
- support for image transmission
- broadcast/groups (e.g. to family)
- storage/redundancy (so can go offline and online at different times and retrieve messages sent while offline)
- allowing anybody to join the network of forwarding servers to expand the service (use a standard and open protocol)
Ideally messages will be sent through multiple hops or intermediary servers. None of the intermediate servers should know anything about the content of the message (apart from size), neither should they know who handled the message other than the server it received from and the server it send to.
To accomplish this it is proposed that a message consists of several encrypted layers, each layer encrypted using a different key, and each layer containing an instruction about which server to forward to next. When a server receives such a bundle it can only decrypt the outer-most layer and then forwards the smaller message onto the next server.
A sending client will create the message by looking up a list of available forwarding servers, choosing a certain number of them (say, 5 randomly), and then generate layers using each server’s encryption key with each layer specifying the next server to transmit to. The innermost layer would contain the message to decrypt and the next layer would specify the recipient client to receive the message (of course the final forwarding server would not know that the next server was the receiving client as it could not distinguish this from another forwarding server).
The question is one of key management. But this should not be a great issue – as the public key could be obtained from each intermediate forwarding server by merely looking it up.
I believe the argument that the government should be entitled to wiretap in the interests of security is broken. Wiretaps used to be expensive and require a team of people to target a particular individual – so they were tolerated as it was generally understood that there had to be good reason for the effort expended on such monitoring. But nowadays governments listen to every individual, innocent, criminal, as well as those under suspicion, and all their communications are recorded for eternity for instantaneous lookup and cross-referencing. There is no effort required any more. No reasonable suspicion.