Speek-App / Speek

Privacy focused messenger that doesn't trust anyone with your identity, your contact list, or your communications
https://speek.network
739 stars 68 forks source link

Privacy and anonymity #6

Open guglovich opened 2 years ago

guglovich commented 2 years ago

Interested in your application, especially the fact that initially the connection between contacts is also serverless, but alas, encountered a popular problem of confidentiality for free and decentralised applications. You have, as with other apps, an ID open to the person you are talking to and adding to contacts by that ID, which in some, but not all, makes communication not so anonymous.

The problems with this implementation:

  1. A permanent linked ID helps annoying contacts who for example are blacklisted and can spam you by trying to add you as a friend. Other scenarios are also possible.
  2. If your ID has been exposed online, for example with personal data, there is nothing to do but recreate the account in order to remain anonymous.
  3. You have to give your ID even to people you do not completely trust and there are different scenarios here too.

The solution has always been around, even though it's used in a proprietary centralized solution, but why no one has replicated it is unclear to me. Telegram has a temporary dynamic nickname that you can change as many times as you like, you can even choose not to create it if you want.

I appeal to you, as one of the most interesting decentralised projects right now, to make one: 1) Disable ID display for contacts (optional) 2) Make IDs replaceable, at least infrequently, in case of compromised data in the network 3) Make a nickname system (@nick) in addition to ID 4) Add contacts by QR and possibly other ways without ID display

isthismanas1 commented 2 years ago

That's a nice suggestion to be welcomed and implemented.

Speek-App commented 2 years ago

Thanks for bringing up this important topic!

Please let me first clarify a few important points.

Initially, the connection between contacts is also serverless.

In fact, the connection is always and not only initially serverless. Because of this, there is no middleman server that could be compromised, taken down or leak user information such as IP addresses, contacts, metadata or even messages. This unfortunately also makes most of your proposed fixes unfeasible/impossible as we have to know this information or otherwise wouldn't be able to communicate.

Telegram has a temporary dynamic nickname that you can change as many times as you like.

This is only possible because Telegram isn't peer-to-peer. (See above). 

That said, I think there is a solution to fix this issue. It boils down to using Tor Client Authorization. With this implemented, it is impossible to establish a connection to a contact without the right private key, and keys can be revoked at any time. Now we can add a different key to each contact request (or exchange different keys upon having accepted or accepting the contact request). This allows us to simply revoke a key and, with that, block all communication with all contacts using that key. I think we still have to think a bit about this, especially about the most intuitive user experience.

Also, let me explain how you can, for now, mitigate the issues you mentioned.

A permanent linked ID helps annoying contacts who for example are blacklisted and can spam you by trying to add you as a friend. Other scenarios are also possible.

It is currently already possible to block a contact from sending you further contact requests. For this, simply click on "Reject and Block further Requests".

If your ID has been exposed online, for example with personal data, there is nothing to do but recreate the account in order to remain anonymous.

In such a case, they really can't tell all that much except when you are online (which is a problem but also possible with most messaging apps), but other than that, nothing about you would be exposed. See also the following point.

You have to give your ID even to people you do not completely trust and there are different scenarios here too.

In that case, you can create a different identity within Speek and give them that one. Just click in the main menu on "Open Other Identity".

I'm going to expand on that later on, after having thought a bit more about it.

guglovich commented 2 years ago

It is currently already possible to block a contact from sending you further contact requests. For this, simply click on "Reject and Block further Requests".

That's not really what I mean. I mean that a person can try it every time from a new account.

guglovich commented 2 years ago

A similar solution, as I see it, can be found in GNUnet Messenger. There's a change of user ID there + a setting to change the ID automatically after a period of time. If this is combined with ID mapping settings for users, it's quite a solution.

guglovich commented 2 years ago

It would also be relevant (if possible to implement in decentralised messengers), different nicknames in different groups / communities. Similar to Discord.

x3rAx commented 2 years ago

You have to give your ID even to people you do not completely trust and there are different scenarios here too.

In that case, you can create a different identity within Speek and give them that one. Just click in the main menu on "Open Other Identity".

This option seems to be missing from the mobile app. Or at least I'm unable to find it..

Speek-App commented 2 years ago

This option seems to be missing from the mobile app. Or at least I'm unable to find it..

Yes, this hasn't been implemented in the newest Android version available on the app store. Although this feature has been added for Android with the most recent commit, so it should be available with the next update. Multiple identities on Android were added by adding an option to the settings which, when ticked, opens a prompt on startup where an identity can be entered.