Hi everybody, I noticed that I often think about what Kontalk is not (not controlled by Facebook, no centralized architecture, etc.). But that can’t be it, right? Maybe we can come up with something that makes Kontalk really unique, something that no other messenger has! Be creative! Be unconventional! Be unrealistic!
(Of course XMPP related features would be hard because they probably wouldn’t be compatible with the federated XMPP architecture.)
What about a doodle-plug-in (no, not finding dates, but doodling, like scribbling)? What if you could simply Draw a note and send it immediately to a contact (like a voice message) as a photo. Of course the drawing should be encrypted?
I was thinking of integrating with that drawing app you mentioned @Stefan. If the app could expose an invocation interface, we could put a “Draw” button that will launch SimpleDraw and when finished, return the output to Kontalk and send it. This could greatly benefit both projects and we won’t have the hassle of developing and maintaining another piece of code which was already very well implemented by other people.
Some XMPP clients, like Conversations, allow to edit what you wrote, but you can’t do that always. Maybe this feature could be implemented in Kontalk, it’s very useful when you make mistakes.
I’ve been using Kontalk for quite a while. I forgot the time, but I seem to remember something like Version 2.7 if that ever existed. I also use other messengers like Signal and Threema.
Having them all is a bit of a pain in the neck, but the messaging world outside Whatsapp &Co. seems
helplessly segregated.That is definitely inconvenient, but it is in the and only a disadvantage?
Not necessarily, since a small user base means there is little worth trying to hack it, neither for criminals nor state agencies except it were known to be undermined by a malicious group of users. What in the end do I want from a messenger? To do its work (sending txt and pic’s) and to be as safe as at all possible. Additionally want to be sure of that and make no mistakes.
Pondering that in my mind for a while, my conclusion for a really unique feature for Kontalk would be:
make sure Kontalk is always as good as it gets in terms of
encryption
reliability
make sure this can reliably and transparently checked by an average user.
I was very much tempted to add a third point: make sure bad people stay out
of the user base. This might be tried using a public or personal trust base and subscription only
by recommendation by trusted users. But that might always be underrun or worse
misused by some. As an example, I have no knowledge of whether the Gülen
group in Turkey is good or bad, but it is very astonishing how quickly once respected
people (too large group to be possibly involved in any act of conspiracy) find themselves in jail,
accused of having participated in a revolt, because they
were on some list. A trust group in Kontalk might become a blacklist once.
Presently OMEMO seems a strong encryption scheme. Signal uses it, but the app lacks
a foolproof way to make sure it is used (a Signal contact once sent an SMS because he had no
Internet coverage. Later I happend to text him back a password in plain SMS. A colourscheme might have prevented that.) When encryption it is used, it is a blackbox. But it would be good to have a positive indication that
encryption is used and how.
(“Send OMEMO encrypted message”
“Message delivered to x of y devices”
“New key negotiated with x of y devices”
…)
If a contact looses his phone, or wipes it for some reason, a new key need to be generated.
One usually trusts the opposite party in the hope to verify the identity by context or fingerprint later. That is dangerous and could be alleviated if a simple challenge response scheme was deposited alongside with the contacts on the
remaining phone(s). (–>“You lost your phone? But do you remember your first dog’s name?”<-- “never had a dog”)
This is not really Fort Knox, but maybe helps and raises attention.
A simple to use and safe identity backup procedure would be nicer.I tried to restore Kontalk keys. It did’t work (maybe my fault) but too complicated anyways for my girlfriend to use. Correct me, if it works nice and smooth by now.
(Threema has a convenient Identity backup but that is fishy, because they seem to store the private key or at least a version which is only protected by a hash and password somewhere on a server.)
a very unique feature, in comparison to its competence (WhatsApp, Telegram, Signal, and all that nonfree crap that uses your phone number) is what Conversations has: support for multiple encryption methods, OTR, OMEMO, OpenPGP, and there may be others. That’s better, because you can choose.
Hi, as far as I understand, OpenPGP, OTR, and OMEMO are based on the same cryptographic methods, but differ in how often the keys are changed and how many devices (keys) are addressed at the same time: OpenPGP uses a single key throughout, OTR uses some tricks to enable deniability and forward secrecy and OMEMO adds message synchronization and offline delivery. IMHO, for the purpose of Kontalk OMEMO would be the the best for the time being. Why giving the choice to use weaker algorithms?
p.s. I think the possibility of unencrypted conversations is a weakness of Kontalk. At least there should be a strong visible reminder for unencrypted conversations.
There is maybe a waring AFTER sending, but not when I deactivate encryption an type a message.
If it appears after sending it is as good as saying: "know what? you just made your passwords public!"
I was tinking of a HUGE waring sign as backdrop of the message window.
May I ask if anyone has a comment to the major part of my suggestions?
When you disable encryption for a conversation the warning dialog is pretty clear and explicit. Maybe you’re thinking about having a permanent warning on the chat window about that?
Yes, I thought about a permanent warning if a chat were not encrypted.
But that was not my main suggestion. The original question was, what would make Kontalk
unique. My suggestion was to make it as secure as possible, whereas other messengers
(Signal, Conversation, Threema …) tend to offer a variety of things like sending GPS, making polls etc.
I don’t think that sending GPS or polls make a messenger per se insecure. The GPS location is still encrypted (Signal’s encryption even seems to be top-notch atm, OMEMO (Conversations) is also considered quite good, can’t say anything about Threema’s NaCl).
What sets Kontalk apart from Signal and Threema is its federated network. The difference to Conversations is the phone number detection.
There are a few unique ideas that could really get Kontalk under a spotlight. The fact is I’m too focused on reaching feature parity with other major IM apps and doing maintenance on the project that I can’t focus on these new ideas enough. I wish I had more time (and people)…