Accelerators
Big Data
Greentech
Consumer
Design
Development
eCommerce
Education
Entrepreneurship
FinTech
Gaming
Hardware
Health
Industry
Innovation
Internet
IoT
IT
Lists
Marketing
Media
Mobile
News
Policy
Robotics
Science
Security
Social Media
Telecom
Transportation
Venture Capital
Wearables
Image Credit: Matrix
This could have big implications for how you chat online, making life a little easier and more secure
Gabriel AvnerNov 22, 2016The Matrix.org team has announced that the beta version of their end-to-end encryption tool, Olm, for their communications protocol is finally out after almost 2 years in development. The added security and privacy measures will be available for use on iOS, Android, and web services.
The release comes after an extensive round of testing by the NCC Group, which received help from the Open Technology Fund, a body that sponsors endeavors aimed at improving the state of internet freedom and access.
In a statement to the press, the NCC Group’s Principal Security Consultant, Alex Balducci, noted that, “It was great to work with a team like Matrix, who take security seriously and have a passion for this line of work. While challenging, the engagement was a great experience and I’m glad to have had the opportunity to play a role in it.”
He added, “The goal of open interoperable cryptography on the internet is a worthy one, and we wish the project the best success,” and also thanked the Open Technology Fund, “for helping support this engagement and making the internet a more secure place!”
Matrix.org’s Olm encryption is based in part on the Double Ratchet Algorithm that was popularized by Signal’s creators, Open Whisper Systems. The ratchets are basically the tools that create and manage new encryption keys, helping to keep communications away from prying eyes. As they explain it, “sequences of messages from a sender are encrypted with keys from the same ratchet sequence. A new ratchet is created (by advancing another ratchet) every time the conversation changes direction.”
What this means is that the keys are generated, or ratchet, in one direction, providing forward security so that past keys cannot be deciphered using new keys that followed them. The “double ratchet” approach, then, further ensures that more recent keys cannot be deciphered from having access to past ones. “These properties gives some protection to earlier or later encrypted messages in case of a compromise of a party’s keys,” according to Open Whisper Systems.
The team has taken an extra step by including Megolm, a new algorithm for managing group chats. It enables chat members in a room to swap out their ratchets on a consistent basis, depending on factors like when a new member joins, or a certain number of messages have been sent, or other markers that are worthy of shaking things up a bit.
Backed significantly by Amdocs, itself a leader in communication protocols with a heavy focus on public switched telephone networks (PSTN), Matrix.org is an project aimed at building bridges between various chat platforms. The Matrix umbrella includes many well known chat vendors like Google, Skype, and Slack, as well as some that are perhaps a little more niche, like those for Internet Relay Chat (IRCs) clients in the network.
One of these vendors, Vector Creations Limited, recently launched their own platform called Riot, allowing for an easier interface for the users to chat. With a Slack-like look, it has a nice flow to it and perhaps most importantly, does not create a whole new chat service.
Matrix.org’s Technical Lead Matthew Hodgson is particularly proud to have gotten the stamp from the NCC Group, which he says found a couple of interesting and obscure, yet theoretically dangerous, issues that the Matrix.org team had previously missed and has since fixed.
Matrix.org Technical Lead Matthew Hodgson
On his recent visit to Tel Aviv, Hodgson, made it clear that he is a strong advocate of decentralization and the freedom of choice that it gives users. It appears that he has fairly good cause for advocating diversification: For most of us, when we chat with friends or colleagues, we turn to a specific and agreed upon channel. (This could be Skype, WhatsApp, FaceTime, Slack, or what have you.)
While most of these services are pretty great on their own, there are some fairly significant drawbacks to the current system.
First and foremost is that not everyone likes to use the same service, but we have to pick just one in order to speak with others. It’s not like email where one person can have Gmail or Yahoo while another has their own private server mail, and all can still communicate with each other.
Second is that while there are perhaps too many chat services out there, with everyone basically reinventing the wheel each time, as Hodgson remarked to Geektime, there is an awful lot of siloing going on within specific services that may or may not be very healthy.
Personal tastes aside, there are issues of privacy, security, and trust that factor into how we choose a chat service. In the long run, diversity is a pretty important thing to promote. Hodgson raises the question that while services like WhatsApp may have a solid end-to-end encryption now, are we always going to be able to trust them in the future?
Image Credit: Matrix
WhatsApp thankfully began offering end-to-end encryption earlier this year based on Open Whisper Systems’ technology, just this month adding a video chat feature with the same level of security. This seemed like a great situation … before WhatsApp began asking if users wanted to link their Facebook accounts for data sharing.
Facebook (with WhatsApp), as a monolith in the online space and probably the antithesis of decentralization, will not be an official partner in this effort. But Hodgson says that community members will be able to create their integrations for those services.
One of the challenges that comes with decentralization, according to Hodgson, is spam.
“Decentralization,” he says, “can be open to abuse like we see in email,” allowing spammers to gunk up the pipes. “But you also have the problem where one man’s spam is another’s marketing.”
He believes that as a consumer, you should be empowered and have the tools to select whether to block someone, or allow for a curated view.
The good news is that dealing with spammers is a problem that is common to everybody says Hodgson, adding that “It’s not just Matrix, but also cryptocurrencies, email, the phone companies.”
There is also the issue that there are also far too many chat services in general, many of which are not worth their salt. They also do not always take the best care of their users. “Basically the user has been ignored,” says Hodgson, adding, “The silos are optimizing for short term growth and their valuation, possibly leading towards their ext at the expense of the user who ends up with too many messaging apps.”
“Everybody is trying to be the next WhatsApp, but at the health of the industry and the sanity of their users. Somebody needs to take a longer term point of view.”
Another concern that comes with the decentralization concept is that the more services are out there, the wider the threat envelope is that can be targeted by malicious actors. That said, there is a strong argument for having far more actors in the chat game that can be turned to if one can no longer be trusted.
“Decentralization is moving from the fringes to the mainstream,” he told Geektime, “and we have a moral responsibility to develop decentralization tools and technologies like Matrix.”
Gabriel Avner
