Secure Privacy-Friendly Instant Messaging (IM) for Guidepal

Abstract: It is fascinating, and yet often neglected, that a user’s privacy can be invaded notonly by the absence of security measures and mechanisms, but also by improperor inadequate usage of security services and mechanisms. When designingsecure systems, we must consider what services are needed and what is not.The work in this thesis revolves around privacy-friendly instant messaging (IM)systems. In such a system, an inadequate usage of security measures leads tohaving IM servers being able to intercept or gather users’ private conversations.An improper usage of security measures could bring about non-repudiationwhich is desirable when signing contracts, but unwelcome in IM and privateconversations.We will look into requirements of the desired IM system, study the currentstate-of-the-art solutions, deploy an IM server, and briefly extend an existingmodern privacy-friendly IM protocol and an open source mobile application tomeet our security and privacy requirements. This extended IM application iscalled Guidepal-IM and is available as open source1The thesis work is introduced and carried out at Guidepal, a startup companyin Stockholm. It is therefore supervised partly at Guidepal and partly at KTH.Since Guidepal is also looking into possibilities of integrating an IM featureto its current social media apps, our contribution would also briefly extend tostudying the limitations and recommendations for Guidepal’s social media appto help user privacy preservation.