Messaging over the Internet - getting off the 'Internet highways'
23 Jan 2021Couple of weeks back, WhatsApp changed its privacy policy and Signal saw a boost in new users (external story link). This is a welcome change, for the first time few friends messaged me and told that they are now on Signal. Diversification is definitely a good step.
This post is about some personal views beyond diversification. Signal is good, but can we do a bit better than that?
Concern
If moving to Signal is the solution, then what is the point of discussing this? Unfortunately it’s not. Signal is better than most other Messaging apps right now and it gives a very low entry barrier for someone looking for alternatives of WhatsApp. Install Signal app and you are done. It’s very easy to get your parents, relatives and friends onboarded and if you have done that, you have taken a right first step.
The question is - should you stop there?
Any app or platform that is popular on the Internet and has significant number of users is ought to be looked at as a possible revenue opportunity and a possible place that needs to be monitored for national security.
Acquisitions
Signal is not a silver bullet to the problem. It’s just another app like WhatsApp and what makes it better at the moment is that it’s owned by Signal Foundation, a non-profit organization (Wikipedia). Being owned by a non-profit is better than a private company like Facebook. However in future it may change with an acquisition or takeover just like Zoom acquired Keybase in mid-2020 (external story link). If that happens, you may have to look for another ‘app’ to hop on hoping that it wouldn’t get acquired again. And you have to convince your friends and family once again to move to that app.
I am not a conspiracy theorist that believes that all of end-to-end encryption that is advertised by these platforms is broken and someone is spying on each and every message you send. But being realistic, some metadata (about who you chat with, when you are online) may be used to show you advertisements. And if you switched from WhatsApp to Signal recently, I suppose you are not very comfortable with this.
Monitoring
Again, I want to avoid the debate about whether the messages over Internet should be surveilled by governments or whether they do that or not. There are enough theories about how almost every CPU can be monitored and it’s up to everyone’s own beliefs (Wikipedia).
We as normal people want to share our thoughts and feelings freely through these mediums with our friends and family. For me personally, if I have good enough visibility of how I am communicating with them over Internet, I am comfortable.
A possible solution
After having a stressful patch with work or life, people look at yoga and meditation to get back on track. Just like that, we don’t need to look at future or start with a whiteboard to design yet another next app that will solve everything. Invention of the Internet was no smaller than the first light bulb and as with every impactful invention, bunch of good visionaries work hard lay down the groundwork before large companies are formed to make money off that invention.
The point being, we can look at the past technologies and how Internet was made capable of what it is now by the visionaries in its early days to see if we can see beyond WhatsApp or Signal.
Decentralization is the core
When Internet was in its early days, it was a network of connected University campuses that could communicate over emails. For a long time before there were popular email providers, businesses and organizations used to have their own email servers. Thing here to note is that Internet was built from day one to be decentralized and it hasn’t lost that ability.
Why is that relevant?
I am on Signal too. Let me ask some simple questions to myself -
- What do I use to chat? - I use Signal app given by Signal company.
- How does it work? - I don’t know, I install it and chat with people.
- Where is my data? - I don’t know, it’s managed by Signal, they would know the answer.
Decentralization is relevant here because it gives you the ability to pick and choose things and gives you the visibility to answer these questions better. More on that below.
For simplicity, let’s compare Signal messaging to something that we are more familiar with - email. I know that email is not same as instant messaging of Signal but we will come to that part later.
Email has been there since the very beginning, it’s still used by you and me and it hasn’t changed the way it was designed originally, so it’s the closest thing that we can use to understand decentralization.
Email offers you freedom in three ways -
- On your phone or laptop, you can use any of the hundreds of email apps to send/receive emails. Having a GMail account does not stop you from using an Outlook app on phone to access that email account.
- There is a common and known specification with which emails are sent, received and interpreted. All of the email providers understand that, and it means it’s possible to have your own email server too if you wish to.
- Having a GMail account still lets you communicate others having an Outlook account. Having a GMail account is your choice that Google will store your inbox and sent box on its systems.
But what about Instant messaging / chat?
Email is good but it’s not at all convenient for having the same experience for chatting with someone in real time. What if there was an alternative that had these benefits of email but can be used to chat?
Good news is that there is an alternative and it’s called XMPP or Jabber. (Wikipedia) and it’s been around for more than 20 years. There are good people who are actively working on it and improving it. I have used it and once it is set up it’s as convenient as WhatsApp or Signal.
Asking the same three questions for XMPP -
- What do I use to chat? - I can use Conversations app on Android, 5+ softwares to choose from for laptops/computers here.
- How does it work? - It’s a well known protocol, I can read up about it.
- Where is my data? - My data would be distributed based on who I talk to. For example if I have a trusted provider myprovider.com or my own server myserver.com and my friend or relative is on their own provdider theirprovider.com, just like email conversation, the chat would be across two providers and not locked down to a single one. Ofcourse the chat content is end to end encrypted, so it’s only encrypted data storage and the providers can’t see the messages.
What will you get with XMPP and what you won’t?
Looking at XMPP as a third person rather than an XMPP advocate, here is what you will not get in XMPP (at least right now) -
- Voice and video calls - There are these functionalities present but very few providers have those enabled, so you would mostly be limited to text chat
- Features like ‘location sharing’ - If you use features like location sharing in WhatsApp, that’s not there in XMPP.
- Fancy stickers - If you are used to sending stickers in WhatsApp, those aren’t there in XMPP
Here is what you will get with XMPP -
- (Better) End to end encryption - Starting with security, XMPP chats are also end-to-end encrypted (and give you better control about it than just advertising it). If you lose a device, you can start using the same XMPP account on a new device such that the new messages are encrypted with a new key and the stolen device will not be able to decrypt those messages even if someone is looking to monitor what you talk in future.
- Multiple device support - You can log into the same account from your phone and laptop and have seamless continuation of chat as you change devices
- Freedom to choose your provider or create your own - You will not be stuck with a single company/corporation and have a question of ‘what next?’ when that company changes privacy policies.
- Have multiple identities at the same time - You can have multiple accounts just like email. Maybe one you don’t share much outside family and other you use to chat with random people. You are not limited to ‘one account per phone number’ or anything.
- Group chats - You can create different groups of family and friends like WhatsApp.
- Images/file sharing - Image/file sharing supported.
- Contact, location sharing - You can share a contact, share static location info, voice recording in XMPP too.
- Emoji support - Emojis are supported in XMPP chat.
Getting off the highways
Let’s be honest. I am not saying starting to use XMPP is the solution to the problem either. I am saying is that XMPP has the ability to become the solution of the problem if we choose to use it that way.
Suppose tomorrow Facebook starts offering XMPP service where you can use the same Conversations app on your phone to use your XMPP account on Facebook to chat with others. It wouldn’t be much better than WhatsApp because Facebook can still market on your information.
Internet today has turned into few highways controlled by large companies from a network of large number of small roads connecting university campuses. But it hasn’t lost the ability to have our own small roads if we wish to. It takes an initial effort, some convincing, some explaining, but it’s worth it in a long run.
I have been using my own email server and my own XMPP server for more more than a year now. I don’t share that email address to signing up on websites, but use it to send mails to friends. I use the XMPP identity on my server to be part of few XMPP groups and set it up to chat with my parents. That way I am confident that what I talk and when I talk to my parents isn’t being used by some company.
Understanding the power
The real freedom can come from the ability that XMPP provides you about ‘How’ and ‘Where’. If you choose to spend an equivalent of your Netflix subscription, you can host your own XMPP server on a cloud provider that is powerful enough to handle more people than you can convince to move to XMPP! For a small fee, you can confidently say that no one is concluding something based on who you talk to and show you some ads.
Let’s talk practical
I am not asking you to uninstall WhatsApp and Signal from your phones. I know that you can’t have this conversation with someone you have just met or working with. Relevant external knowyourmeme link. Just as you haven’t uninstalled WhatsApp to start using Signal, you can keep these both and try to use Conversations with your family and close friends if you wish to.
You can use existing free XMPP providers to try it out for free. If you like it and want to continue using it with more control, you can start your own XMPP instance for your dear ones and you can still use it to talk to anyone outside of your own instance too to talk to them.
If you do end up trying XMPP, you can message me on shaarad@shaarad.me (yes, XMPP addresses look very much like email addresses). If you don’t want to use the existing XMPP providers and need an account on my server to try out or you need help setting up your own server for a long run, I will be more than happy to help!