Real Time Communication - Criteria
Free & Open Source
To ensure trusted real time communication clients and servers should be Free and Open Source.
Privacy
They should also be private and not require any personal identifiers such as email addresses and phone numbers. If they do, they should not share them with contacts.
Security
Their security should have be based on proven design, be constantly under scrutiny and be the object of reputable and independent third-party audits.
Application should posses the following functionalities end to end encryption by default, forward secrecy and optionally post compromise security.
End to end encryption
End to end encryption (E2EE) is a mechanism by which only the sender and the recipient can access messages by sharing a key only know to them, stopping any other parties relaying or intercepting the traffic to read its content.
Forward Secrecy
Forward secrecy also known as perfect forward secrecy stops attackers performing man in the middle attack where users traffic are intercepted from decrypting the content of past communications. Unique keys are generated for each session. Access to the key would only permit the decryption of a single message or audio/video call. Even if the long-term key were to be compromised the data would still be safe as forward secrecy uses its own set of rotating keys. For this property to fail attackers would need to replicate the key generation process.
Post compromise security
Post comprise security helps in reestablishing a secure communication channel between two parties after it has been compromised, stopping attackers from decrypting future communication.
Decentralized
To avoid single point of failure and be fully censorship resistant decentralized applications not relying on a single server should be preferred if meeting the previously mentionned security criteria.
Cross Platform
Since users tend to have multiple devices, they should for convenience be available on different platforms.