An Alternative to Centralised Messaging

### A Change Perhaps the most radical way computers have changed the world is through communication. Examples abound, such as the rise of email in the 1970s, which revolutionised how individuals and organisations exchanged information. In the 1990s, instant messaging platforms like ICQ and AOL Instant Messenger introduced real-time, text-based communication over the internet. The advent of social media platforms like Facebook and Twitter in the 2000s further transformed communication, enabling people to connect and share information globally in seconds. In more recent times, social media platforms have been transformed into a communication tool for political and social change. During the Arab Spring (2010–2012), platforms like Facebook, Twitter, and YouTube were used [by activists](https://www.researchgate.net/publication/284673771_Opening_Closed_Regimes_What_Was_the_Role_of_Social_Media_During_the_Arab_Spring) to mobilise protests , bypass state-controlled media, and spread awareness globally, resulting in significant regime changes in countries like Tunisia, Egypt, and Libya. Similarly, during the Hong Kong Protests (2019–2020), encrypted messaging apps such as Telegram and Signal [helped protesters](https://www.reuters.com/article/world/exclusive-messaging-app-telegram-moves-to-protect-identity-of-hong-kong-protest-idUSKCN1VK2NC/) coordinate actions while avoiding government surveillance, and livestreams on platforms like Reddit and Twitter brought international attention to their cause. Computer-mediated communication has undeniably shaped history and will continue to influence the world. But where are we now? In today’s day and age, instant messaging is synonymous with communication—and for good reason. It is fast, efficient, and inexpensive for the majority of people who depend on it for a variety of reasons: staying connected with family and friends across the globe, managing remote work and collaboration, or even coordinating large-scale events such as political campaigns or humanitarian efforts. What challenges do instant messengers face? How are alternative approaches being implemented, and how can we use these solutions today? These are the questions that we will explore, aiming to understand the issues with traditional messaging platforms, the current state of innovative alternatives, and practical steps to harness these technologies in our daily lives ### The Current landscape Platforms like WhatsApp, with over 2 billion monthly active users, and Facebook Messenger, serving approximately 1.3 billion users, have become integral to everyday communication. Similarly, WeChat, primarily used in China, boasts around 1.2 billion monthly users, while Telegram has grown rapidly to over 900 million monthly users. These platforms are central to how people stay connected, share information, and collaborate,their immense influence on global communication patterns cannot be understated, however to understand the current landscape of instant messaging it’s important for us to how look at an overview of their architecture. These applications all share a common architectural approach: the client-server model. This infrastructure acts as the backbone of modern instant messaging, The applications above all rely on a client server model to establish connections between users and store users messages. How Client-Server Messaging Works In a typical client-server architecture, your message follows a complex journey: You compose a message in your messaging app (the client) The message is sent to a central server The server authenticates both sender and recipient The server routes the message to the intended recipient The recipient's app receives and displays the message ![63bd9b87fcad47a1fa779f5c_635adb5f9153427f1638af3c_Whastapp%20architecture%20(1)](https://hackmd.io/_uploads/HJvKAB97kx.jpg) WhatsApp provides a perfect example of this model in the diagram above . When you send a message, it doesn't go directly to your friend. Instead, it first travels to WhatsApp's servers, which then forward it to the intended recipient. ### Problems With billions of messages transferred daily, security and privacy have become critical concerns. There are numerous issues associated with instant messaging, but a common theme looms across the following key areas: censorship, user data privacy, security vulnerabilities, and misuse of user data. #### 1\. **Censorship** Telegram has faced widespread bans, with 31 countries either temporarily or permanently restricting the app since 2015, impacting over 3 billion people globally. In China, Telegram was banned after human rights lawyers used it to criticize the government. Reports suggest a Distributed Denial-of-Service (DDoS) attack on Telegram servers may have been orchestrated to justify the ban. *Source: [Euronews](https://www.euronews.com/next/2024/08/27/telegram-which-countries-have-banned-it-or-are-clamping-down-on-it-and-why#:~:text=In%20total%2C%2031%20countries%20have%20banned%20the,people%20globally%2C%20according%20to%20Surfshark%20and%20Netblocks.&text=The%20country%20sees%20the%20app%20as%20a,secretaries%2C%20and%20political%20advisers%20on%20work%20devices.)* #### 2\. **Security Vulnerabilities** Instant messaging platform servers have been exploited as attack vectors, compromising user privacy. In May 2019 WhatsApp servers were used to deliver the Pegasus spyware through a zero-click exploit called "Erised." NSO Group reportedly reverse-engineered WhatsApp’s code to create malicious servers that sent manipulated messages, directing target devices to install spyware. This attack targeted around 1,400 devices and raised serious concerns about platform security. *Source: [The Hacker News](https://thehackernews.com/2024/11/nso-group-exploited-whatsapp-to-install.html)* #### 3\. **Data Leaks** In 2018 social media records accounted for 56 percent of 4.5 billion data records compromised. And more recently In October 2023 a Line data breach occurred , a malware infection on a NAVER Cloud employee’s device extended access to LINE’s systems. This breach exposed over 300,000 user records, including service history and privacy settings, as well as records of business partners and employees. While financial information was not affected, the incident highlights vulnerabilities in internal management systems. *Source: [Restore Privacy](https://restoreprivacy.com/line-messenger-suffers-user-data-breach-caused-by-malware-attack/)* #### 4\. **Misuse of user data** Despite Mark Zuckerberg re-assuring his employees that encryption of data would protect the user data of individuals seeking abortion care from over broad requests of information, when law enforcement made a request facebook handed over to them Private messages between the two discussing how to obtain abortion pills. [*The Guardian*](https://www.theguardian.com/us-news/2022/aug/10/facebook-user-data-abortion-nebraska-police) These examples highlight the overlooked reality of how communication mediated by instant messaging platforms can be censored, create security flaws and lead to the misuse of user data. To solve these problems a few technologies have emerged and many are being developed. ### Secure Messaging Criteria The criteria for a secure instant messaging are widely debated, however there is general agreement on several key factors that contribute to safeguarding communication and user data privacy. These include: **End-to-End Encryption (E2EE)** E2EE is the most advertised security feature by instant messengers as it keeps user data safe from potential interceptors as the data is encrypted in transit and only decrypted by the recipient ensuring that only the recipient can decrypt the message. Messaging Platforms like WhatsApp , Telegram and Line have implemented E2E encryption to protect private messages whereas WeChat [does not support this](https://www.leapxpert.com/is-wechat-safe-to-use-for-internal-and-external-business-communications/#:~:text=Lack%20of%20End%2Dto%2DEnd,encryption%20poses%20a%20considerable%20threat.). References: [BBC News](https://www.bbc.com/news/technology-35969739), [EFF](https://www.eff.org/deeplinks/2016/04/whatsapp-rolls-out-end-end-encryption-its-1bn-users). Open Source Code Open-source software enables external experts to audit and identify vulnerabilities, promoting transparency and accountability. Signal exemplifies this principle by making its codebase publicly available for scrutiny, ensuring no hidden vulnerabilities or backdoors. In contrast, WhatsApp and Telegram rely on proprietary code, restricting external review. This lack of transparency has led to criticism about potential security risks and reduced user trust. Self-Destructing Messages Self-destructing messages, which automatically disappear after a preset time, enhance privacy by limiting the risk of unauthorised access to past conversations. Signal implements this feature robustly, allowing users to set timers for disappearing messages across chats. Similarly, Telegram offers a “Secret Chat” mode with disappearing messages. However, WhatsApp, while supporting message expiration, only introduced disappearing messages in 2020, and its implementation is not as flexible as Signal or Telegram. Minimal Metadata Collection While end-to-end encryption protects the content of messages, metadata—such as information about communication duration, IP addresses, and device details—remains a concern. Signal leads in this area by collecting almost no metadata, adhering to a “metadata-resistant” design. Telegram and WhatsApp, however, collect significant metadata, including phone numbers, IP addresses, and usage patterns. This data is stored on their servers and, in some cases, shared with third parties, raising privacy concerns among users. ### An alternative solution While the above technology addresses some concerns none of them fully address all of the problems as seen through , whatsapp and telegrams continued censorship, telegrams refusal to open their codebase up for audits, large scale data breaches and user privacy violations . A promising alternative to these platforms is peer-to-peer (P2P) messengers, which eliminate centralised servers, reducing single points of failure and enhancing user privacy. **How Do P2P Messengers Work?** Peer-to-peer (P2P) messengers operate by connecting users directly, eliminating the need for a central server to manage communication. Here's how they function: **Anonymous** The following P2P messengers do not require emails,phone numbers or any of your personal information to facilitate communication. **Direct Connections** P2P messengers establish direct links between users' devices, enabling communication without relying on a third-party intermediary. Apps like Berty, Briar and Ricochet Refresh achieve this by assigning unique addresses to users. When one user sends a message, it travels straight to the recipient's devices, ensuring that no central server stores or processes the communication. **Using Anonymous Networks (Like Tor)** To enhance privacy, some P2P messengers, such as Ricochet Refresh, leverage the Tor network. Tor anonymises communication by routing messages through multiple relays, much like passing a note through a chain of people where no single person knows both the sender and recipient. This approach hides users' identities and locations, making it nearly impossible for anyone to track who is sending or receiving messages. ![diagram](https://hackmd.io/_uploads/rkgDxIc7kl.jpg) In the diagram above [ricochet refresh](https://www.ricochetrefresh.net/) initiates a connection between you and your contact through a circuit in the tor network , your data encrypted while it is transferred across the network and directly delivered to your contact this is done through a tor circuit . A Tor circuit is made up of several hops that connect your device, various Tor nodes, and your contact's device. This multi-node structure ensures anonymity, as no single node has knowledge of both the message's sender and recipient. [Berty](https://berty.tech/) uses a different peer-to-peer network for message transmission. Unlike Ricochet Refresh, which relies on Tor, Berty leverages [IPFS](https://ipfs.tech/), an open system that manages data without a central server. Messages are transferred through a network of distributed nodes, enabling direct and decentralised communication between you and your contacts. ### **Benefits of P2p messnegers** P2P messengers provide a secure alternative to traditional platforms, addressing key privacy and security concerns **End-to-End Encryption (E2EE)** Messages are encrypted and only readable by the intended recipient. Apps like Briar, Berty, and Ricochet Refresh implement E2EE to protect user data during transmission. **Open Source Transparency** Apps like Berty and [Briar](https://briarproject.org/) are open-source, allowing experts to audit and identify vulnerabilities. This contrasts with proprietary platforms like WhatsApp, which restrict external scrutiny. **Minimal Metadata Collection** By design, P2P messengers collect little to no metadata, making it nearly impossible to track users. For instance, Briar's “metadata-resistant” approach ensures no records of communication exist. ### Disadvantages of Peer-to-Peer (P2P) Messengers While P2P messengers offer significant advantages, such as enhanced security and privacy, they also come with notable disadvantages that can limit their usability and adoption: #### **1\. Limited Scalability** P2P networks face challenges in supporting a large number of simultaneous users.Since messages are routed directly between users rather than through centralised servers, network congestion or connectivity issues on individual nodes can slow down communication or disrupt the delivery of messages entirely. This can make P2P systems less reliable for large-scale or enterprise-level applications compared to centralised platforms. #### **2\. Dependence on Device Availability** In P2P messaging, a user's device acts as a node in the network. If a device is offline or has limited resources (such as battery or bandwidth), it can impact the user's ability to send or receive messages. #### **3\. High Resource Consumption** P2P messengers can place a heavy load on user devices. Since these platforms rely on devices to perform both communication and network maintenance tasks (e.g., routing messages for other users), they consume more battery power, bandwidth, and processing resources compared to centralised alternatives. #### **4\. Complex Setup and Usability** P2P messaging apps often require more technical understanding to set up and use. For example, connecting via unique IDs or QR codes, as seen in some P2P apps like Briar, may confuse less tech-savvy users who are accustomed to the simplicity of phone number-based platforms like WhatsApp.This complexity can be a barrier to widespread adoption. Although P2P messengers address critical security and privacy concerns, these disadvantages highlight areas where they fall short compared to centralised messaging systems. Balancing privacy with usability and scalability remains a key challenge for P2P technology to overcome. ### Solving P2P Challenges Peer-to-peer (P2P) networks face challenges like slow performance, security risks, and connection issues. However, projects like Tor and libp2p are addressing these problems with innovative solutions. #### **Tor: Fighting Attacks with Proof-of-Work (PoW)** The tor network uses PoW to stop Denial-of-Service (DoS) attacks, where bad actors overwhelm the network with fake traffic.PoW requires users to solve small tasks before connecting, making it harder for attackers to flood the system.This keeps the network running smoothly for legitimate users, although it doesn’t directly speed things up. #### **libp2p: Improving Browser Communication with WebRTC** [libp2p](https://libp2p.io/) Which IPFS depends on for networking now uses WebRTC, a tool for fast, real-time connections through web browsers. It helps users behind firewalls or restrictive networks connect more easily.WebRTC also enables smoother, low-lag communication, even for video and audio, directly between peers. #### **What It Means for You** These innovations show that the teams behind these projects are working tirelessly to make P2P networks more reliable and user-friendly, ensuring secure, fast, and seamless communication for everyone. ### Conclusion Privacy is a human right and must be upheld in the digital space,now more than ever as we become increasingly reliant on it. In a landscape dominated by platforms like WhatsApp, Facebook Messenger , WeChat ,and Telegram, P2P messengers offer a much-needed alternative that prioritises user control, privacy, and resilience against surveillance. While they address many of the issues inherent in traditional centralised platforms, they are not without challenges, such as scalability and usability. However, ongoing efforts by projects like Tor and IPFS/libp2p show promising advancements in overcoming these limitations, paving the way for secure, private, and accessible communication tools for the future. By understanding the benefits and shortcomings of P2P messengers, we can make informed choices about the tools we use and advocate for a digital space that respects our privacy and rights.