Building an open alternative to the propriety WhatsApp messenger would be a desirable option. And indeed there are lots of open (e.g. beem, yaxim,…) as well as non-free competitors but none of those could supersede it, although there were some reports about security problems and account hijacking. So what might be a key feature to bring the open alternatives to a broader audience?
The technical foundation is already mature and well known. The XMPP (extensible messaging and presence protocol) is used by several big companies as a foundation for the products. There are various desktops, mobile and web applications supporting XMPP as well as a heterogeneous selection of XMPP service providers.
Not only instant messaging but instant friends too.
One of the most discussed features of WhatsApp is the upload of parts of your phone book to the company server, but this enables the messenger to list your friends instantly without asking for anybody for a chat account, nick name or whatever – you are simply connected.
Bringing this simplicity in communication to a usual chat client enriched by security aware features might improve the acceptance of a ’new‘ app significant.
An architectural blueprint facilitates a kind of directory service (either central or preferable distributed) allowing users to register, lookup and map phone number hashes to chat accounts.
Respect users privacy
Providing the auto-connect features does not contradict users privacy by default. From the technical point of view it is completely sufficient to use only hashes of the users phone book numbers. Hashes will generate unique, one-way representations of the phone numbers in a way where it is nearly impossible or at least highly complex to decrypt that information for other parties presupposed using a sufficient hashing algorithm. In addition it might be reasonable asking the users if they would like sharing their contacts with a directory service.
To users who already have accounts the application should provide an opportunity to link their existing accounts to their phone number hash.
Securing the user’s communication should be self-evident – although it is impossible to guarantee the encryption of the whole communication path comprising various servers – the communication between the chat client and the direct server should be encrypted. XMPP features transport layer security by ’simply‘ applying TLS/SSL (transport layer security/secure sockets layer). This not might be a killer feature for the non-technical user but there will be a good feeling.
Provide ubiquitous messaging
It seems to me that most XMPP chat applications are restricted to text. This might be sufficient for the technicians and purist among us but will not satisfy the average user. Having the opportunity to share your contacts, photos, videos or whatever kind of files with one application is very appealing to the everyday users. Even XMPP is not optimized for in-band binary transfer there is an extension implementing a peer-to-peer transfer called jingle (XEP-0166).
Asking people why they are using WhatsApp mostly ends up in a reply like because everybody is doing it, but a not small minority answering it is because they can reach the friends with apple phones easily too. So it is crucial to provide an application for IOS too, preferable a streamlined one.
It might be surprising but smilies matter. For some strange reason it should be important how much smilies an application provides. I do not know – just add smilies and thank tango for doing it.
Maybe this article might be an inspiration to some XMPP chat client coders to pick up some ideas and bring a better, more secure and privacy aware chat client to us.
- 28/02/2014 – Analysis of alternative chat clients https://missingm.co/2014/02/fighting-dishfire-the-state-of-mobile-cross-platform-encrypted-messaging/