on
Decentralized messenger built with MLS (https://messaginglayersecurity.rocks/) encryption.
Flagship app: https://convos.org/
I wanted to open this discussion because I have not seen this protocol discussed anywhere in our communities previously. Iβm not sure what to make of it really. It sounds somewhat similar to status.im
Instant Messaging
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ 
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
I guess the starter question this isβ¦why use XMTP over something like the Matrix or Signal protocols?
@KevPham
because Matrix and Signal donβt have Web3 and SMART CONTRACTS
- Can others see who Iβm messaging with?
No. Message recipients are encrypted, so even network nodes cannot see who is messaging whom. Nodes can only see timing and size of encrypted messages.
How is this implemented? Are messages sent to all nodes and possible recipients with the assumption that only the intended recipients can decrypt the message? Does it not have scaling issues?
Initially, we considered the design with the dedicated servers, potentially self-hosted, that host groups. This design would require adopting MLS (or similar) protocol for group-wide key agreement. Unfortunately, this design is not sufficiently resilient and easier to censor than decentralized design. Also, MLS protocol is very complex to implement, requires a centralized component, and reduces forward secrecy. So we decided against this approach.
@epoberezkin wonder if you could elaborate on how it βreduces forward secrecyβ.
Include a source if youβre gonna quote something, otherwise how will anyone know what youβre referring to: https://xmtp.org/encryption
OK. Can do.
Anyways, as far as I can tell the answer to this question is yes:
- XMTPβs backend does not authenticate reads or writes and only implements per-IP rate limits. Aside from Welcome messages, all payloads for a given group are stored under a single group ID, and any client may anonymously query or write to any group ID. Only legitimate members possess the correct encryption keys for a given group.
It is technically possible for XMTP network node operators to analyze query patterns per IP address. However, clients may choose to obfuscate this information using proxying/onion routing.
So they are not broadcast to all recipients, but all recipients can query the nodes for any arbitrary messages theyβd like. So I guess the chat clients are basically βtuning inβ to certain groups to hear about their messages.