All chat apps rely on servers over which end users have no control. How do you guarantee the user's privacy then? For our proprietary IM client, Secure Chat, we have done it by making the app a pure peer-to-peer (P2P) encrypted chat client and by limiting the role of the servers to just facilitating the communication.
Generally speaking, the solution for online privacy is encryption. By making messages readable only with a unique decryption key, you guarantee that no one but the intended recipient can read them. The Off-the-Record (OTR) protocol which Secure Chat uses takes care of generating the encryption keys and exchanging them securely. But even strong encryption is just one layer of security for your messages.
Total security requires taking things a step further than just one layer. Chat messages make their way from user A to user B through a server. There are a couple of things that can happen to them there which encryption alone doesn’t solve:
- They might get undelivered, or even lost for good if the server fails – for example, if it is subject to a denial of service (DoS) attack.
- The metadata in them about the identity of the sender and recipient could be extracted if the messages are stored on the server. And you might prefer people not to know a certain conversation ever took place.
Because of that, we opted for limiting the role of servers and making sure messages spend as little time on them as possible.
Why we disabled offline messaging
Convenience is the main thing most regular users care about, with security being just an afterthought. And it is certainly more convenient not to have to consider whether your contact is online when you send them something – and have them receive it anyway, even when you are not online anymore. But for that to work, your message has to get uploaded to a server, wait there for your contact to come online, and get delivered to them only when they do get connected.
However, if your primary concern is privacy, you’d be worried by the idea of a message containing sensitive information spending too much time on a server somewhere. Privacy and security are the main goals of Secure Group. So, we designed Secure Chat to send messages only when both sides are online. If you type a text to a contact who is offline, it will not get sent until they show up. If you turn off Secure Chat before they come online, the message would still not get delivered to them. It can be sent only if you are both online – to guarantee it exists only on your and their device.
Real P2P clients never store messages on servers
The messages do go through our servers (this is inevitable, messaging cannot happen otherwise) but they are instantly deleted the moment they are dispatched for the recipient’s device. The Secure Chat server doesn't wait for a successful delivery receipt to destroy the message – as soon as it is sent, the server is done with it, and it is like it never existed. We are the only secure communications provider who operates this way.
The same is also true for self-destructing messages. You can set lifespans to your messages via the For Your Eyes Only (FYEO) and Time to Live (TTL) modes in Secure Chat. They have different functions and different combinations of them achieve specific results (explained in greater detail here) – but they both allow you to set a timer on your messages. When this timer turns out, the message gets deleted both on your and the recipient’s device, regardless of whether it is sent or not.
The ultimate goal of the above is privacy. When it comes to communications between two people, the service provider is, in fact, a third party. Third parties are what you protect privacy from in the first place. This is why Secure Group has opted to remove itself from the equation and leave its chat messenger 100% P2P.