Send in your ideas. Deadline October 1, 2024
Theme fund: NGI0 PET
Start: 2019-12
End: 2022-10

Off-the-Record messaging version 4

Advanced protocol for secure messaging

OTRv4 is the newest version of the Off-The-Record messaging protocol. It is a protocol where the newest academic research intertwines with real-world implementations. It's aim is to give end-to-end encryption, deniability, authentication, forward secrecy and post-compromise security for any kind of messaging (online or offline). The goal of this new version is to give the most secure privacy and security properties that have a real impact on the world. This new version aims to be available in different desktop clients (that use XMPP or other messaging protocol) and in mobile clients.

Why does this actually matter to end users?

One of the things people enjoy the most about the internet, is that it enables them to talk to others remotely almost without limit. Internet allows anyone to keep closely connected with friends and family, and help their kids solve a math problem while they are at work. People collaborate with their colleagues from the couch of their living room, the cafe where they enjoy lunch or on their cell phone on the bus to the gym. Businesses can easily service their customers where this is most convenient to them, without having to travel themselves. This is so convenient, that some businesses have already moved entirely online. Internet communication has become the nerve center of whole neighbourhoods, where people watch over the possessions of their neighbours while these are away for work or leisure.

Tools like Whatsapp, Signal and Telegram has become a mainstay for individuals, businesses and even local governments as a low-threshold channel to reach out to people, be it for a friendly chat or customer support. The services promise their users that everything they share and discuss is shielded off from spying eyes. Nothing is said about the metadata that shows who talks to who, and where they are. And these still suffer from issues of centralized services maintained by one party, like censorship and country-wide bans. A Signal user cannot communicate with a Telegram user through either service. And all of them can be blocked easily.

Actually secure, private and decentralized chat is important to offer users but also businesses and governmental organizations a transparent and trustworthy communication channel. This is especially the case when sensitive and personal data is shared and even more so for people living in less democratic societies who run the risk of being arrested or harassed for who they talk to or what they say. Everyone has the right to confide in someone, be it a friend or a professional, and be sure what is said does not leave the (virtual) room. For journalists, activists, whistle-blowers and vulnerable minorities, this right can be a matter of life or death.

The off-the-record-protocol offers a way to both encrypt the content of a conversation as well as its participants. Uising this protocol to chat is in a lot of ways like talking to someone in real life, with no cameras, devices, or spying eyes around: no-one needs to know a thing who you talked to and when. This right to offline privacy should be respected digitally as well, which is what this project aims to do using the tried and proven off-the-record messaging protocol to develop a proper privacy-friendly chat app.

Run by Dyne

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.