LokIM Security Checklist and Information

[Jordan141]

Requested list of criteria regarding a comparison of leading secure messenger apps:

Non-technical criteria:

• Company Jurisdiction: Not currently applicable, although we should reflect on this when we choose
  a domain/host for the application.

• Infrastructure Jurisdiction: See above.

• Company's general stance on customers' privacy: Pretty sure our stance is visible on the matter.

• Implicated in giving data to agencies: Not yet.

• Funding: Yes please.

• Transparency Report: TBA

• Company collects customer's data: We do not collect data that is unessential for functionality.

• App collects data: See above.

• Can messages be read by the company: We should discuss how to prevent this, possibility would be users having public/private keys that encrypt messages.

• Is the design well documented: Our design is/will be amazingly documented.

• Has there been a code audit and independent security analysis: Not yet, we should get one when it's finished.

• Does the company log timestamps/IPs: No.

Technical Criteria:

• Surveillance capability built into the app: No.
• Is encryption turned on by default: Yes/Will be.
• Are the app and server completely open-source: Yep.
• Can you sign up to the app anonymously: Topic for discussion.
• Can you add a contact without needing to trust a directory server: Topic for discussion.
• Can you manually verify contacts' fingerprints: Topic for discussion.
• Directory service could be modified to enable a MITM attack: Topic for discussion.
• Do you get notified if a contact's fingerprint changes: Topic for discussion.
• Is personal information hashed: All information that is not required to be used again is hashed. - Optionally for discussion.
• Does the app generate & keep a private key on the device itself: No. - We should add this. Topic for discussion.
• Does the app enforce perfect forward secrecy: Topic for discussion.
• Does the app encrypt metadata: Topic for discussion.
• Does the app use TLS/Noise to encrypt network traffic: Topic for discussion.
• Does the app use certificate pinning: Topic for discussion
• Does the app encrypt data on the device? It will.
• Does the app allow 2FA: Not yet, also, I'm against this as it allows a single point of failure. It is also the most common point where intruders attempt to social engineer.
• Are messages encrypted when backed up to the cloud: No. Good question.
• Does the app have self-destructing messages: It will in the private chats as was discussed.
• Cryptographic primitives: Topic for discussion.
• Does the app secure messages and attachments: Yes/It will.

Study material for topics:

Why jurisdiction matters
Transparency Report Example
Cryptographic Primitives
Directory Service
Fingerprints
Man in the Middle Attacks (MITM)
Private & Public keys
Perfect Forward Secrecy
TLS (Transport Layer Security)
Metadata Encryption
Certificate Pinning
Pros and Cons of 2FA

Links to miscellaneous topics, study is optional:

• Curve25519

• AES-256

• HMAC-SHA256

• Source Link of Checklist

[michaelKurowski]

Does the app use TLS/Noise to encrypt network traffic: No idea. Good question.

FYI, HTTPS is based on TLS

[michaelKurowski]

Is the design well documented: Our design is/will be amazingly documented.

Our documentation is currently very poor. If not, non-existing. A technical writer would be an useful addition to the team.

[michaelKurowski]

BTW I'd move the ticket to release 2, or 3. It's related to a discussion, not implementation of these things.

[Jordan141]

Is the design well documented: Our design is/will be amazingly documented.

Our documentation is currently very poor. If not, non-existing. A technical writer would be an useful addition to the team.

I know a dude doing technical writing as a side-option in his Uni course. I'll ping him and see if he's interested in gaining some experience writing documentation. If he's not, then I'll probably start the documentation after next release.