Under the Radar - Prior Art

Written by David Banham

There is some great prior art in this space, but none of them scratch my itch satisfactorily.

TextSecure is an example of great cryptography and you should definitely have it installed, but its identity mechanism frustrates me. The primary identifier for users is their mobile phone number. Practically, this is a pain if you need to switch numbers. If you travel overseas frequently this is a common need. Also, since it uses the mobile network’s SMS system as its transport protocol there’s no protection of metadata.

NB: Whisper Systems is working on updating TextSecure to use the device’s data connection instead of the SMS protocol, which should fix this. Moxie is Serious Business and I respect the hell out of him. Finally, though, there’s no way to use TextSecure on anything other than your phone. I spend most of my day in front of a computer and want to be able to use it for my conversations.

Bittorrent Bleep is really interesting software. The fact that its closed source, however, means we can’t trust it. On a practical level, it currently only supports sending messages when both parties are online which severely limits its utility.

OTR is really good software, but it has some limitations. Adium and Pidgin are fine clients, but I don’t love them. ChatSecure is a great mobile implementation, but it suffers from the structural problems of XMPP on mobile.

Cryptocat seems to be heading in the right direction, but there’s no Android client as yet. Crytpocat has a much more ambitious cryptography goal than UTR, implementing its own protocol to ensure forward secrecy, origin authentication, etc. This is definitely one to watch, but I worry it will be a while before its ready.