Real Time Communication - Criteria
Free & Open Source
To ensure trusted real time communication clients and servers should be Free and Open Source.
Privacy
They should also be private and not require any personal identifiers such as email addresses and
phone numbers. If they do, they should not share them with contacts.
Security
Their security should have be based on proven design, be constantly under scrutiny and be the object
of reputable and independent third-party audits.
Application should posses the following functionalities end to end encryption by default, forward
secrecy and optionally post compromise security.
End to end encryption
End to end encryption (E2EE) is a mechanism by which only the sender and the recipient can access
messages by sharing a key only know to them, stopping any other parties relaying or intercepting the
traffic to read its content.
Forward Secrecy
Forward secrecy also known as perfect forward secrecy stops attackers performing man in the middle
attack where users traffic are intercepted from decrypting the content of past
communications. Unique keys are generated for each session. Access to the key would only permit the
decryption of a single message or audio/video call. Even if the long-term key were to be compromised
the data would still be safe as forward secrecy uses its own set of rotating keys. For this property
to fail attackers would need to replicate the key generation process.
Post compromise security
Post comprise security helps in reestablishing a secure communication channel between two parties
after it has been compromised, stopping attackers from decrypting future communication.
Decentralized
To avoid single point of failure and be fully censorship resistant decentralized applications not
relying on a single server should be preferred if meeting the previously mentioned security
criteria.
Cross Platform
Since users tend to have multiple devices, they should for convenience be available on different
platforms.