The secure messenger is being developed at present time by me - Aleshin Sergei Vladimirovich.
I will publish updates in blog, I hope to develop minimum viable product in one year.
If you want to be notified, please contact me and I will inform you when alpha version of the messenger is ready.
I am looking for sales agents and representatives to help me with marketing and promotion.
Abstract and motivation
I have done a market research in 2019 and saw that current telecom system and messengers can be improved in many ways:
- Most messengers use servers for communication, and the servers become a bottleneck.
I want to use peer-to-peer way of communication where messages go via a network of interconnected clients (peer-to-peer network, like bittorent).
It will be more robust: when servers go down, messages will still go from client to client via multiple redundant paths
- Despite of end-to-end encryption, servers have access to phone book of the users: they see source and destination phone numbers which are not encrypted. I am referring to WhatsApp, Signal, Skype, and standard telephone system.
I want to create a new protocol where source and destination are identified by (probably temporary) IDs, not necessarily linked to telephone numbers ad emails.
The IDs will look like bitcoin wallet IDs, and intermediate message retransmitters in the peer-to-peer network will have no idea about IDs.
- Unlike other projects like "Tox messenger", this system will not be totally decentralized.
There will be a center belonging to owner, who will have a way to manage the system and protect it from fraudsters and hackers
- There will be a very easy installation and maintenance procedures for non-technical people
- There will be automatic quality tests: IP network and software failures fill be reported to "center", and owner of the system will see all problems in his messenger system
- My decentralized routing system will automatically detect and block spammers. I see that telecom operators don't have good protection against spam
- Today's telephone system does not protect subscribers against caller ID (source) spoofing, man-in-the-middle attacks, eavesdropping
- Modern messengers and telecommunication systems are able to watch user's activity (implicit surveillance)
- Open source: customers have access to source code for security audit and customization
- White label: customers are put your own logo and design)
- Serverless, peer-to-peer communication, with high performance and robustness, using mechanism similar to distributed hash tables (DHT) in bittorrent (see "magnet links")
- Strong end-to-end encryption: cipher key changes with every transmitted message
- Address book is accessible only at user's device
- Authentication: digital certificates issued to users by the center, certificates are stored at devices and used for digital signatures
- Automatic and manual protection against denial of service (DoS) attacks, brute force attacks. The "center" will have a way to monitor and/or block suspicious users
- Real-time stability tests (monitoring of network quality): message delivery time and network downtimes are under control
- Explicit surveillance: user's messages can be accessed by center (optional feature, for security purposes, against possible fraud)
- Technology: C#, Microsoft .NET Standard (open source, cross-platform: Windows, Android, Mac OS, Linux)
- Communication protocols are based on UDP, "UDP hole punching" technique is used for serverless communication
- Cryptography technologies: digital signature, symmetric key encryption, Diffie-Hellman key exchange, double Rachet algorithm
How it works: diagrams