What's Left for Private Messaging

Explore the landscape of private messaging in this comprehensive conference talk from the 36th Chaos Communication Congress (36C3). Delve into the current state of secure online communication, examining the widespread adoption of end-to-end encryption and the challenges that remain in balancing privacy and usability. Begin with a threat modeling exercise to understand the various risks and actors involved in secure messaging systems. Learn about end-to-end encryption, Off-the-Record (OTR) messaging, deniability, and the Axolotl construction used by Signal. Investigate metadata risks, including contact discovery, network surveillance, and server compromise. Discover innovative approaches to addressing these issues, such as Pond's design for discovery and global network adversary protection, Katzenpost's adaptation of mixnets, Private Information Retrieval (PIR), and Secure Scuttlebutt's serverless approach. Gain insights into encryption, connection establishment, trust reduction methods, deniability, forward secrecy, expiration, compromise mitigation, isolation, recovery backups, traffic obfuscation, server hardening, and linkability.