I’ve been using Kontalk for quite a while. I forgot the time, but I seem to remember something like Version 2.7 if that ever existed. I also use other messengers like Signal and Threema.
Having them all is a bit of a pain in the neck, but the messaging world outside Whatsapp &Co. seems
helplessly segregated.That is definitely inconvenient, but it is in the and only a disadvantage?
Not necessarily, since a small user base means there is little worth trying to hack it, neither for criminals nor state agencies except it were known to be undermined by a malicious group of users. What in the end do I want from a messenger? To do its work (sending txt and pic’s) and to be as safe as at all possible. Additionally want to be sure of that and make no mistakes.
Pondering that in my mind for a while, my conclusion for a really unique feature for Kontalk would be:
- make sure Kontalk is always as good as it gets in terms of
- make sure this can reliably and transparently checked by an average user.
I was very much tempted to add a third point: make sure bad people stay out
of the user base. This might be tried using a public or personal trust base and subscription only
by recommendation by trusted users. But that might always be underrun or worse
misused by some. As an example, I have no knowledge of whether the Gülen
group in Turkey is good or bad, but it is very astonishing how quickly once respected
people (too large group to be possibly involved in any act of conspiracy) find themselves in jail,
accused of having participated in a revolt, because they
were on some list. A trust group in Kontalk might become a blacklist once.
Presently OMEMO seems a strong encryption scheme. Signal uses it, but the app lacks
a foolproof way to make sure it is used (a Signal contact once sent an SMS because he had no
Internet coverage. Later I happend to text him back a password in plain SMS. A colourscheme might have prevented that.) When encryption it is used, it is a blackbox. But it would be good to have a positive indication that
encryption is used and how.
(“Send OMEMO encrypted message”
“Message delivered to x of y devices”
“New key negotiated with x of y devices”
If a contact looses his phone, or wipes it for some reason, a new key need to be generated.
One usually trusts the opposite party in the hope to verify the identity by context or fingerprint later. That is dangerous and could be alleviated if a simple challenge response scheme was deposited alongside with the contacts on the
remaining phone(s). (–>“You lost your phone? But do you remember your first dog’s name?”<-- “never had a dog”)
This is not really Fort Knox, but maybe helps and raises attention.
A simple to use and safe identity backup procedure would be nicer.I tried to restore Kontalk keys. It did’t work (maybe my fault) but too complicated anyways for my girlfriend to use. Correct me, if it works nice and smooth by now.
(Threema has a convenient Identity backup but that is fishy, because they seem to store the private key or at least a version which is only protected by a hash and password somewhere on a server.)
Cheers and happy kontalking !