What's Left for Private Messaging

Explore the landscape of private messaging in this comprehensive conference talk from the 36th Chaos Communication Congress (36C3). Delve into the current state of secure online communication, examining the widespread adoption of end-to-end encryption and the challenges that remain in balancing privacy and usability. Begin with a threat modeling exercise to understand the various risks and actors involved in secure messaging systems. Learn about end-to-end encryption, Off-the-Record (OTR) messaging, deniability, and the Axolotl construction used by Signal. Investigate metadata risks, including contact discovery, network surveillance, and server compromise. Discover innovative approaches to addressing these issues, such as Pond's design for discovery and global network adversary protection, Katzenpost's adaptation of mixnets, Private Information Retrieval (PIR), and Secure Scuttlebutt's serverless approach. Gain insights into encryption, connection establishment, trust reduction methods, deniability, forward secrecy, expiration, compromise mitigation, isolation, recovery backups, traffic obfuscation, server hardening, and linkability.

Intro
Systems
Encryption
E2E
Signal
Connection establishment
Ways to reduce trust
Web of trust
Keybase
Tofu
Pond
Deniability
Forward secrecy
Expiration
Compromise
Isolation
Recovery backups
Traffic obfuscation
Server hardening
Linkability
Questions