What is status.im?
The Status Messenger (also a Wallet and Browser) appears somewhat similar, in terms of its goals and design decisions, to those other messaging applications offering end-to-end encryption that one can find on marketplaces such as Google Play (Whatsapp and Signal are examples of such applications).
However the similarities stop there – upon closer examination, this brain child of the Status Network emerges clearly as a totally different kind of animal.
End-to-end Encryption is never a guarantee of security and privacy – especially if users are required to sign up with their email address or phone number (Status does not require users to disclose identifying information such as phone number or emails)
The Status UI provides a really bright, easy and pleasant experience however below the surface lies a tremendous amount of technology deployed to guarantee the rights (the right to communicate and above all privacy) of its users.
Status does not send messages in plain text (a hair-raising notion) – the message payloads are encrypted end-to-end (E2E) by the Status transport protocol – Whisper – using symmetric key encryption.
In addition to this, Status uses X3DH and the Double Ratchet Specification from Open Whisper Systems.
X3DH works by having client apps generate a bundle of pre-keys (the X3DH bundle) that can later be requested by interlocutors when they wish to have a conversation with a specific user. The X3DH bundle is generated during account creation which follows these steps:
- Generation of a random seed and of an associated account.
- Generation of pre-keys (the X3DH bundle) and of a pre-key signature.
- Registration with a Push notification platform.
Why use X3DH? X3DH allows Status to operate in an asynchronous environment, which means that users do not have to be online simultaneously if they wish to initiate a private conversation!
Status also makes use of the Double Ratchet Specification, providing an unparalleled level of security to its users. According to the Double Ratchet specification, users agree on a pre-shared secret key, thanks to which they can build the “ratchet structures” that will allow them to deduce the same keys and read each other’s messages. Every new message sees a renewal of the keys used. The Double Ratchet algorithm is used by Signal, Facebook, Whatsapp and Matrix.
In addition to X3DH and the Double Ratchet Specification which allows the creation of “Secret channels” (a communication channel in which the Double Ratchet algorithm is in use), Status provides “Perfect Forward Secrecy” for 1:1 chat participants. What this means in Plain English is that it provides assurances that your own session keys will not be compromised even if the private keys of the participants are compromised. Specifically, past messages cannot be decrypted by a third-party who manages to get a hold of a private key.
Together, the X3DH key bundle which allows this app to operate in an asynchronous environment, the Double Ratchet specification according to which keys are renewed for every new message, and Perfect Forward Secrecy, provide the perfect technological environment for privacy-aware users.