Platforms, Protocols, and People

Note: This is an opinion post, and that opinion is probably worthless. YMMV

Conversations over the years

Global communication is the most transformative tool unlocked by the proliferation of the internet. There was a paradigm shift in global consciousness with its invention, similar to the release of The Blue Marble and Earthrise. Just as it was impossible to envision humanity as “big”, after NASA published those images, it was impossible to imagine them as “far” after the advent of the internet.

This was personalized for me while connecting to the internet using NetZero’s free dial-up, browsing random bulletin board systems, newsgroups and chatting on IRC. This was expanded further as more of my classmates started getting online, usually via America Online (AOL), and it’s chat application AIM. While initially my communications were with random internet denizens, it quickly expanded to everyone I personally knew. Everyone in my immediate community was on the service. You had an e-mail address and an AIM screen name, and those were the only methods of communication were needed. The mass usage of SMS was limited, as most of us didn’t have cell phones. Even when we did start getting cell phones, most of us were more concerned with being able to message people on AIM than we were making phone calls. When the Sidekick came out, it was the perfect device, having AIM built in as an application.

The nostalgia trip ends, as does AIM’s dominance, with Google stepping into the picture. Gmail invites were highly coveted, and by the time Google Talk came out, built on top of the existing XMPP protocol, it was the new popular application on the block. For me, this wasn’t much of a breaking change since I was using the chat client Pidgin, which supported XMPP along with AIM and other chat protocols. At this point my use of chat applications and protocols was fairly superficial. I was only using it to chat with friends, to coordinate meet ups and events. The first major change came about around 2013, when Google decided to migrate away from XMPP. Suddenly all of the federated users I was connected to outside of the Google ecosystem would be lost to me. The move to Hangouts was the end of Google’s support for XMPP, and as such was an end to the interoperability they had provided.

This seems like it wouldn’t matter, as everyone already had a Google account. The reality is, by this time I was out of my youth, and technology was as much a matter of wor and fun. Anyone outside of the Google ecosystem could no longer communicate with me, nor I with them. The binding of communication to a company, instead of a protocol was already showing its drawbacks. While XMPP is still around as a protocol, my usage of Google as a provider would be a long term drawback. I should have seen the warnings that were Google Reader’s demise, a cold reality that if a product isn’t profitable, it will be shut down. AIM was completely shuttered in December 2017, and Google Talk met a similar fate in June 2022. While Google supported Google Talk for years after they migrated their user base to Google Hangouts, the lack of interoperability between the two products meant that you were stranding one for the other.

The writing was on the wall and I was already interested in newer communication methods, protocols, and for the first time, had a semblance of technical understanding. Security and privacy were at the forefront of my mind when I was going to make my next decision. I wanted to use a tool that would have some sort of end-to-end encryption, and I would be able to continue to use long term. I settled on a tool named TextSecure.

I’ve got the key but where is the door?

TextSecure was the predecessor to Signal. Released around 2010, TextSecure provided encryption on top of an already established protocol, SMS. By my college years, everyone had a cell phone and SMS was the primary means of communication that wasn’t tied to a computer. The axolotl ratchet protocol (later known as the double ratchet algorithm), was incredibly interesting and seemed like a great tool. This was a great drop in replacement for everyone’s regular text messaging application. The real major drawbacks came when my other idiosyncrasies started to peer through, one of which is trying to use as many completely open source tools as possible.

I was already deeply invested in the Open Source community. Replicant OS was my Android distribution of choice. These were difficult times for interoperability in open source mobile devices, mostly due to the limited number of devices. I used a Samsung S3 until the Pinephone released, and at one point was limited to only 2G wireless because the use of 3G had been deprecated in my locality. I would reverse tether my phone to my laptop to use my laptop’s WiFi in order to increase productivity, which became a running joke among friends. Even then these actions seemed a bit extreme, but I was firm in my belief that I should use open source whenever and wherever possible. Ignoring the philosophical debates about binary firmware and binaries in general, I liked that Replicant was an OS I could build myself, and run on my phone. Using F-Droid as my only app store, and maybe out of spite, being proud that I could use my phone without any dependency on Google itself.

And this is where we return to TextSecure. TextSecure worked great for me personally, and was a great drop in replacement for the friends who were willing to use it. For everyone else there was the fall back of SMS. While my use of TextSecure was growing, so was the application itself, with it eventually becoming Signal. The first warning for me should have been the F-Droid security notice posted about TextSecure. Ignoring the shade in the post, the relevant bit is this:

he actually asked for the application to be removed from our repository as he wants to distribute it via Google Play only.

I did not heed the warning. Instead I started using a fork of TextSecure by JavaJens. This was a fork that I could build myself, and most importantly, didn’t use Google Cloud Messaging (GCM) as its infrastructure backend, instead depending on websockets. This was more intensive on my device, but I didn’t mind as much being that I was still able to communicate across to all my friends who were using more common Android and iOS devices.

As TextSecure grew to Signal, LibreSignal took over for those still in the ecosystem without GCM support. That was until Issue 37. As the foreshadowing of 2012 should have indicated, running Signal would not be a great long term solution. Signal was now pushing for a closed ecosystem, just as Google had with Hangouts.

The issue’s thread is incredibly long, but the two most relevant parts of it come from Moxie Marlinspike himself:

You’re free to use our source code for whatever you would like under the terms of the license, but you’re not entitled to use our name or the service that we run.


It is unlikely that we will ever federate with any servers outside of our control again, it makes changes really difficult.

While this series of events was upsetting, I respect the decisions Moxie made. In the future (2017) a websockets version of Signal was provided via the Signal directly, but by then it was too late. The reality had sunk in that while the client side code of Signal was open source, while the protocols it was using were common, the servers themselves were centralized and the rules of their owners needed to be followed. If Moxie had provided a binary build of Signal without GCM support earlier, it is possible I would have stuck to Signal until today. As they didn’t, I ended up a digital nomad.

In search of new conversations

With the mixed need of interoperability across operating systems, and the desire for end-to-end encryption, there were two main contenders in the field. There was the classic, XMPP using OMEMO, and the new up and coming Matrix ecosystem and it’s olm and megolm protocols. XMPP had adopted many XEPs (XMPP Extention Protocols) that enabled many of the features I was looking for. I was already a fan of the protocol, and figured it would be a good first step. Conversations was great for Android, and I started recommending ChatSecure to my friends using iOS, but quickly realized that there was still no proper OMEMO support for the iOS app. There was no good way to get an encrypted XMPP conversation going across multiple devices. My post in the LibreSignal issue thread even shows my optimism for having found my next solution, but this turned out to be a dud. Sadly, even after the ChatSecure issue to support OMEMO was closed, the UX left a lot to be desired, and I couldn’t convince people to join any server, let alone a server that also supported OMEMO. ChatSecure seemed like a dead end for iOS, so I turned to the other protocol I had found, Matrix.

Matrix was a fairly new protocol and was primarily driven by a single client, Riot. From Riot to RiotX to Element, the clients have changed but the protocol has continued. This post is not meant to be a sales pitch for Matrix as a protocol, but as a hope that Matrix sees the adoption I believe it should. People are encouraged to run their own servers, but not required to. End-to-end encryption is enabled by default now. The future might even hold a fully peer-to-peer rendition of Matrix, where everyone runs their own homeserver on their personal devices, either mobile, desktop, or server. The protocol is growing, all while being inclusive.

Yesterday, today, and maybe tomorrow

Communications today are dominated by a small number of players. Meta which owns number of “black box” properties such as Facebook Messenger, WhatsApp, and Instagram, which all have proprietary servers and clients. The same goes for Discord and all of Google’s newer offerings. Telegram has open client code, but then proprietary server code, just like Signal. You might hold the keys, but the doors might not be there when you go to open them. IRC on the other hand has no keys at all, just doors that may or may not be there. But luckily its easy enough to spin up your own ircd and make your own network if you had to. Matrix gives you the tools and protocols to do both, build your doors and put locks on them as well.

I can envision a reality in which the main servers go down, but Matrix as a protocol remains, just as IRC has. Many claimed the end of Freenode would be the end of IRC, but here we are, with a plethora of networks still running. Maybe not as popular as it once was, it still serves a vital function in our modern internet. Closed platforms gated by companies can never survive in the long run, as they are bound to cannibalize one another. When you sell communication as a product instead of a protocol, a new better product is always bound to come up. Marketing and money allow products to proliferate, all while obfuscating the protocols being used.

This centralization of personal context and content behind walled gardens feels antithetical to the spirit of the internet. Companies that sell communication as a product are fundamentally missing what makes the internet as powerful as it is, the free flow of information.

Protocols may become obsolete, or get superseded, but they will exist as long as someone maintains them. When society needs communication the most, it is protocols we turn to. Today we have tools like Tor and PGP, which help us communicate when others might want to stifle that. During the 1991 August Coup, while most of the world was in the dark as to what was happening, users on IRC were chatting away. The conversation is an innocuous one, with individuals across the world discussing a major political event. The power in the conversation is the humanity that shines through. At the end of the day the best thing the internet did is give us the ability to talk to each other.

<Scofield> Since this crisis seems to be fading away, I
   want to thank everyone !  See you again, in the next world
   crisis !
<Radio_ffn> Bye Scofield, thanx for Information

Asara’s personal blog