OII Milestone One: Initial tools and tool-selection criteria

The Open Integrity Initiative (OII) will soon begin developing profiles on five tools. We propose the following asynchronous mobile messaging platforms for this milestone:

We have selected these tools in order to:

Tool selection criteria

In addition to the conditions described above, we considered the the following three means of classification when selecting tools for Milestone One. (It bears clarifying that this set of criteria is entirely separate from — albeit likely to overlap with — the actual metrics used by the OII to evaluate the adoption of digital security best practices among the developers of these and other tools.)

The tables below include possible tools for Milestone Two or later that would expand the messenger family to encompass:

Sourcecode transparency

For our initial set of tools, we would like to cover a cross-section of approaches to license freedom and sourcecode transparency. At the moment, we are looking at an openness continuum along the lines of the following:

Transparency level Milestone One Possible future tools
FOSS; standards-based Signal, Android Messenger Gajim, ChatSecure, Tor-messenger, etc.
open-source; for sale; standards-based crypto Conversations N/A
Closed-source; claims standards-based crypto Wire Google Hangouts, WhatsApp
Closed-source; claims unspecified crypto Skype Viber, iMessage

Encryption protocol

For Milestone One, we will focus on the security properties of these tools' messaging and attachment features. The OII profiles on these tools will consider more granular metrics — end-to-end encryption, authentication mechanisms, forward secrecy, etc. — but a high level protocol breakdown should be sufficient for the tool-selection criteria itself.

Messaging encryption protocol Milestone One Possible future tools
Axolotl Signal, Wire WhatsApp, SMSSecure, Signal desktop
OMEMO Conversations Gajim
OTR N/A ChatSecure, Tor-messenger
OpenPGP N/A K9/OpenKeychain, Thunderbird
Unknown Skype Viber, iMessage
non-end-to-end encryption N/A Google Hangouts,
None Android Messenger N/A

Back-end hosting and federation

It is challenging to find a cross-section within this criterion. There are very few asynchronous mobile messengers that support self-hosting and federation. And, even with an expanded family of messenging tools (including email, desktop tools, and OTR clients), there is a clear divide between platforms with a centralized back-end and those that are both self-hostable and federated.

Self-hosting & federation Milestone One Possible future tools
Hostable; federated Conversations Gajim, ChatSecure, Tor-messenger, etc.
Hostable; not federated N/A N/A
Centralized back-end Signal, Wire, Skype, Messenger Viber, Hangouts, iMessage, WhatsApp, SMSSecure

Possible future tools

Should we decide to expand this family of tools in subsequent Milestones, likely additions to the list might include:


Want to join the initiative?


Join us in providing information
about software practices.
Get in touch to join the initiative !

Get in touch Leave us a comment
 

Developed with ❤ by

Information Innovation Lab

Applied research and development for public interest technology.