Secure Texting Part II

Last summer I blogged about secure messaging and why FSFE cares about it (and why you should, too!). Since then a few things have changed, and I want to give you an update on the situation.

The conclusion of my last article was:

TextSecure and Kontalk are both good apps in our eyes, however, TextSecure has a much larger adoption and its protocol has gone through more reviews. The protool is integrated into CyanogenMod, recommended by leading security experts and the project just recently gained lots of media attention and $400.000 funding. So we believe if we are to have a chance at migrating people away from WhatsApp than TextSecure is the way to go.

We knew that TextSecure depended on Google Play Services last year, but we were hoping that this was a temporary problem, as virtually every other messaging app in existence has a fallback mode for delivery that does not require proprietary (Google) components. Unfortunately we were wrong: nearly a year later the development of a websocket based version of TextSecure has stalled. Lead developers at WhisperSystems have stated repeatedly that it is not important to them, and the many requests, tests and code contributions from external people did not result in the situation now being any better than it was a year ago.

Furthermore WhisperSystems has repeatedly demanded other people not distribute modified and unmodified versions of their software. While I believe that WhisperSystems is sincere about security, they seem to have no problem with the security implications of proprietary software, sharing meta-data with Google (by means of Google Push) and now working for WhatsApp / Facebook. This is all a sad example for a project that does license its code under Free licenses, but that otherwise is between uninterested and hostile towards community involvement and the Free Software landscape.

Fortunately, not all is lost! The other program mentioned already a year ago, Kontalk, is doing great. Kontalk is community-based and is transparently financed through donations. It is based on XMPP, actively develops new extensions and proposals for XMPP and their developers are very friendly towards suggestions and community involvement. The server side is even implemented as extensions on top of an existing XMPP server and you can of course run your own (the server isn’t even hardcoded in the app, can be changed via the options). It runs without any proprietary components and is available in F-Droid. There is also a desktop client, although I haven’t tried it, yet.

Some of Kontalk’s features are:
• contact discovery via phone numbers
• transport and end-to-end encryption
• working picture and file sharing
• customizable privacy settings (per-user in future versions)

It is currently still in beta, but some of the expected features for the 3.0 are:
• group chats
• perfect forward secrecy
• sharing of message history between multiple clients
• federation with regular jabber servers(!!!)

I use it day to day and have experienced only few issues. You should it give it a try! And maybe you can help with spreading the word, reporting bugs or even contributing code?

edit: see I am not big for Valentine’s day, but maybe this counts a slightly delayed #ilovefs for Kontalk ;)

Leave a Reply