logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

The-next-chat-app.md (6835B)

    

  1. ---
  2. title: What should the next chat app look like?
  3. date: 2021-04-07
  4. outputs: [html, gemtext]
  5. ---
  7. As you're surely aware, Signal has officially jumped the shark with the
  8. introduction of cryptocurrency to their chat app. Back in 2018, I [wrote about
  9. my concerns with Signal][0], and those concerns were unfortunately validated by
  10. this week's announcement. Moxie's insistence on centralized ownership,
  11. governance, and servers for Signal puts him in a position of power which is
  12. easily, and inevitably, abused. In that 2018 article, and in [articles since][1],
  13. I have spoken about the important of federation to address these problems. In
  14. addition to federation, what else does a chat app need?
  16. [0]: https://drewdevault.com/2018/08/08/Signal.html
  17. [1]: https://drewdevault.com/2020/09/20/The-potential-of-federation.html
  19. Well, first, the next chat app should be **a protocol**, not just an app. A lush
  20. ecosystem of client and server implementations, along with bots and other
  21. integrations, adds a tremendous amount of value and longevity to a system. A
  22. chat app which has only one implementation and a private protocol can only ever
  23. meet the needs that its developers (1) foresee, (2) care about, and (3) have the
  24. capacity to address; thus, such a protocol cannot be ubiquitous. I would also
  25. recommend that this protocol is not needlessly stapled to the beached whale that
  26. is the web: *maybe* JSON can come, but if it's served with HTTP polling to
  27. appease our Android overlords I will be very cross with you. JSON also offers
  28. convenient extensibility, and a protocol designer who limits extensibility is a
  29. wise one.
  31. Crucially, that protocol *must* be **federated**. This is Signal's largest
  32. failure. We simply cannot trust a single entity, even you, dear reader, to have
  33. such a large degree of influence over the ecosystem.[^1] I do not trust you not
  34. to add some crypto Ponzi scheme of your own 5 years from now. A federated system
  35. allows multiple independent server operators to stand up their own servers which
  36. can communicate with each other and exchange messages on behalf of their
  37. respective users, which distributes ownership, responsibility, and governance
  38. within the community at large, making the system less vulnerable to all kinds of
  39. issues. You need to be prepared to relinquish control to the community. Signal
  40. wasn't, and has had problems ranging from 502 Server Gone errors to 404
  41. Ethics Not Found errors, both of which are solved by federation.
  43. [^1]: Even if that ecosystem is "moving". Ugh.
  45. The next chat app also needs **end-to-end encryption**. This should be fairly
  46. obvious, but it's worth re-iterating because this will occupy a *majority* of
  47. the design work that goes into the app. There are complex semantics involved in
  48. encrypting user-to-user chats, group chats (which could add or remove users at
  49. any time), perfect forward secrecy, or multiple devices under one account; many
  50. of these issues have implications for the user experience. This is complicated
  51. further by the concerns of a federated design, and if you want to support voice
  52. or video chat (please don't), that'll complicate things even more. You'll spend
  53. the bulk of your time solving these problems. I would advise, however, that you
  54. let users dial down the privacy (after explaining to them the trade-offs) in
  55. exchange for convenience. For instance, to replace IRC you would need to support
  56. channels which anyone can join at any time and which might make chat logs
  57. available to the public.
  59. A new chat app also needs **anonymity**. None of this nonsense where users have
  60. to install your app and give you their phone number to register. In fact, you
  61. should know next to nothing about each user, given that the most secure data is
  62. the data you don't have. This is made more difficult when you consider that
  63. you'll also strive to provide an authentic identity for users to establish
  64. between themselves — but not with you. Users should also be able to
  65. establish a pseudonymous identity, or wear multiple identities. You need to
  66. provide (1) a strong guarantee of consistent identity from session to
  67. session, (2) without sharing that guarantee with your servers, and (3) offer
  68. the ability to able to change to a new identity at will. The full implications
  69. of anonymity are a complex issue which is out of scope for this article, but for
  70. now it suffices to say that you should at least refrain from asking for the
  71. user's phone number.
  73. Finally, it needs to be **robust, reliable, and performant**. Focus on the
  74. basics: delivering messages quickly and reliably. The first thing you need to
  75. produce is a reliable messenger which works in a variety of situations, on a
  76. variety of platforms, in various network conditions, and so on, with the
  77. underlying concerns of federation, end-to-end encryption, protocol
  78. standardization, group and individual chats, multi-device support, and so on, in
  79. place and working. You can try to deliver this in a moderately attractive
  80. interface, but sinking a lot of time into fancy animations, stickers, GIF
  81. lookups, typing notifications and read receipts — all of this is a
  82. distraction until you get the real work done. You can have all of these things,
  83. but if you don't have a reliable system underlying them, the result is
  84. worthless.
  86. I would also recommend leaving a lot of those features at the door, anyway.
  87. Typing notifications and read receipts are pretty toxic, if you examine them
  88. critically. A lot of chat apps have a problem with cargo-culting bad ideas from
  89. each other. Try to resist that. Anyway, you have a lot of work to do, so I'll
  90. leave you to it. [Let me know](mailto:sir@cmpwn.com) what you're working on when
  91. you've got something to show for it.
  93. And don't put a fucking cryptocurrency in it.
  95. <details>
  96.   <summary>Regarding Matrix, IRC, etc</summary>
  97.   <p>
  98.     Let's quickly address the present state of the ecosystem. Matrix rates well
  99.     in most of these respects, much better than others. However, their software
  100.     is way too complicated. They are federated, but the software is far from
  101.     reliable or robust, so the ecosystem tends to be centralized because
  102.     Matrix.org are the only ones who have the knowledge and bandwidth to keep it
  103.     up and running. The performance sucks, client and server both, and their UX
  104.     for E2EE is confusing and difficult to use.
  106.   <p>
  107.     It's a good attempt, but too complex and brittle. Also, their bridge
  108.     is a major nuisance to IRC, which biases me against them. Please don't
  109.     integrate your next chat app with IRC; just leave us alone, thanks.
  111.   <p>
  112.     Speaking of IRC, it is still my main chat program, and has been for 15+
  113.     years. The lack of E2EE, which is unacceptable for any new protocol, is not
  114.     important enough to get me to switch to anything else until it presents a
  115.     compelling alternative to IRC.
  116. </details>