The Importance of Decentralization in Secure Messaging
News/Tech

The Importance of Decentralization in Secure Messaging

Exploring the growing need for decentralized messaging solutions and how they enhance privacy and security.

The Importance of Decentralization in Secure Messaging

From Encrypted Chats to Decentralized Messaging

Encrypted messaging apps are experiencing a revival.

Messaging platforms such as WhatsApp, iMessage, and Signal have normalized the expectation of end-to-end encryption (E2EE). However, they still rely significantly on phone numbers, centralized servers, and various metadata collection—tracking who communicates with whom, when, from which IP address, and on what devices.

That’s where Vitalik Buterin comes into play with his recent involvement in decentralized messaging. In a recent post, he advocates for the next phases of secure messaging, which should allow for permissionless account creation without needing phone numbers or KYC (Know Your Customer) protocols, alongside stronger privacy for metadata. Notably, he pointed to tools like Session and SimpleX, donating 128 Ether (ETH) to help advance these initiatives.

Decentralized Messaging Concept

Session is a valuable example as it blends E2EE with decentralization. It operates without a central messaging server; instead, it routes traffic through onion paths, utilizing user IDs as keys in place of phone numbers.

Did you know? Forty-three percent of public WiFi users report experiencing a data breach, with common threats including man-in-the-middle attacks and packet sniffing on unencrypted connections.

How Session Stores Your Messages

Session relies on public key identities. When users register, the app generates a keypair right on their device, producing a Session ID without necessitating phone numbers or emails.

Messages are transmitted through a network of service nodes, employing onion routing, so no single node can identify both sender and receiver. For messages sent while offline, they are stored encrypted in small groups of nodes, or “swarms,” until retrieved by the client.

Historically, these messages were retained for approximately two weeks in the swarm before being deleted; only the local version remains. Session also keeps a history of chats and files locally, which can expand its storage size over time. Users can manage this by deleting conversations or utilizing disappearing messages.

Message Storage Illustration

Fast Mode Notifications

Notifications highlight a critical balance between usability and privacy.

On iOS, Session allows two notification modes:

  • Slow Mode: Notifications are gathered in the background. The app wakes up periodically to check for new messages, ensuring higher privacy but possibly delayed responses.
  • Fast Mode: This utilizes push notifications via Apple’s Push Notification Service for timely alerts; however, it exposes your IP address to the Apple server.

This endeavor raises a dilemma: while Fast Mode brings convenience, it compromises certain privacy measures.

If that concerns you, Slow Mode is still available, but it may lead to missed notifications.

Jurisdiction, Transparency, and Government Requests

Session’s governance structure has been revised.

Initially managed by the Australian nonprofit Oxen Privacy Tech Foundation (OPTF), new leadership named the Session Technology Foundation (STF) in Switzerland took over by late 2024, succeeding the OPTF. These organizations process information requests transparently.

Due to the decentralized and E2EE nature of Session, the foundation cannot access user messages or keys directly. The STF publishes transparency reports detailing enforcement inquiries and outcomes.

What can be realistically shared? Logs from direct operations may be accessible, but not decrypted chats or master keys.

Although decentralization limits what can be handed over to governments, it does not preclude inquiries from agencies.

Quantum Resistance and Future Features

The worry involves threats from quantum computing.

Session is planning a significant redesign to prepare for potential quantum-level threats. The upcoming Session Protocol v2 is set to incorporate:

  • Perfect forward secrecy with temporary keys.
  • Post-quantum key exchanges using standardized methods, ensuring security even against future computing developments.

Calls on the platform are currently a beta feature that users must choose to enable, using peer-to-peer WebRTC. However, with ongoing developments in privacy, users are urged to carefully consider their comfort levels regarding call features.

The Real Impact of Decentralization

Session encapsulates both the prospects and limitations of decentralized secure messaging.

Advantages include:

  • No requirement for phone numbers or emails to create accounts.
  • Anonymized message routing decreases the visibility of metadata to service providers.
  • Enhanced scrutiny due to open-source practices and public transparency reports.

However, decentralization does not guarantee anonymity:

  • Device security risks persist if a phone is compromised.
  • Notifications and calls may disclose metadata to third parties.
  • Upcoming features focused on post-quantum security are still iterative.

If considering Session, it may be prudent to default to Slow Mode to prioritize privacy while managing messages actively. Given the increasing threats on conventional messaging systems, understanding the implications of decentralization is vital for maintaining secure communication.

Next article

Binance Gains Licenses from ADGM for Global Platform Operations

Newsletter

Get the most talked about stories directly in your inbox

Every week we share the most relevant news in tech, culture, and entertainment. Join our community.

Your privacy is important to us. We promise not to send you spam!