Hi, I am Om, I have discovered xxnetwork and haven thorugh MF.
My current go to chat app is Telegram and always wanted to replace with haven, but lack of support on phone is making that transition hard.
I have some friends who love keeping privacy and would be interested in haven app in their phone.
I asked in xxnetwork channel of haven chat about IOS plans and Rick said I can contribute and shared this link xxdk-examples/iOS at master · xxfoundation/xxdk-examples · GitHub
Since then I started experiementing on it and got some good results (see attached screenshots).
Now I am requesting for some funds/grants to support this development and feedback from community.
Grant Request
I am requesting 30,000 USD (25,50,000 XX Tokens)
Here is my proposal with milestones.
Great work.
What amount of failed/stuck sends do you see %-wise?
Too bad we relied heavily on Discord and I think after a hacking wipe-out all the great feedback that we had on xx Messenger iOS while it was new and users submitted feedback, was lost. It seems they nuked (or hid, in best case) all the xx Messenger feedback I posted here. #winning
Among things that I’d like are negative features, such as “disable URL preview” (even “textualize” would be great, to prevent accidental clicks). Since those may be easier to implement than “positive” features, you can consider them if you think they’d improve privacy.
Dummy/cover traffic was a great feature years ago and with latest phones (better battery life) it’d be still valuable to have if it’s not too much trouble.
In xx Messenger, exporting (backup) of IdentityJSON kind of sucked, as I recall it used SFTP (bizarre!) instead of S3 or something that has PQC. Unless we want to “share with Signal”, some backup or sharing method would be needed to prevent ID wipe-out that many xx Messenger users suffered.
10% fails, but I believe that can improved with some error handling and retrying from swift side.
Disable URL preview
For now I don’t have any url preview feature for iOS app, so it’s not issue for now.
If there is need for url preview feature,
I will add the option for disabling this and will set it on by default or ask user to confirm this while onboarding.
For accidental clicks on url, I can add confirm box, warning saying that privacy cannot be guaranteed for visiting website.
Exporting Codename
I don’t have much knowledge of xx Messenger, but for the app I am making,
I can make export import haven style, where it exports the codename to filesystem and allows importing from same.
I am trying to test xx Messenger but it seems to be blocked in my country(maybe pulled down from app store).
URL preview: I find the idea awful, but you’d be surprised how many people want strong privacy and aren’t willing to sacrifice any convenience. Some would even highlight outrageously brain-dead use cases such as animated GIFs (which, as we all know, are one of the worst kinds of preview material as far as privacy goes). Hey - even Signal does it, so who are we to object?
Yeah, no worries - it’s been a while… And yes it was pulled, I think the thing was “update your app to latest or else” and the choice was “else” because the app needed an overhaul, not an update.
About Cover Traffic - I think it wasn’t implemented (certainly no option was exposed to the user or admin) in Haven, but it was an option in xx Messenger iOS (and Android) (default: off, due to battery impact).
This is normal (you just can’t reliably contact a gateway sometimes and get a message in before the round starts ). Basic error handling will fix it. Haven does this handling I believe (perhaps it happens in the javascript library, I don’t recall).
Just one question why you not develop that for Android, Linux, Windows and all other systems before do that on an unsecure system like iOS ?
Apple have the whole control over your phone and without error you can’t take the whole control by cutting all Apple servers communications. So they can scan your messages/images on both side. You can mix/hash/shred do what you want all will be on both end directly to the Apple servers.
If you want to do that for security purpose develop on operating system who let people secure them and cut all links with the manufacturer. At the end if people still haven’t understand what do Apple let people on Apple communicate with other systems.
Security have only one single rule, should have the whole control over every parameters and connections.
Here we go, valuable xx community feedback! @warnings why don’t you start a campaign on the xx Discord to mobilize the community to vote against funding this dApp unless your demands are met? #winning
IIRC I think rick said in haven general chat that android is in progress,
I don’t have much experience linux and windows coding and I don’t like cross platform tools like electron since I believe they have performance overhead.
Also for desktops we can always use haven web app or install it as PWA/shortcut.
I personally use apple devices and I would benefit from such app.
Also I was going to do this for free in future, but with grant support I can put time into this now.
Ok missed that from Rick thank you for this information
I think it can add a great value to have apps compatible with many operating system and be able to store many things in a dedicated and secured container instead of a browser it will increase most probably the usage. Why not try a language cross platform or mostly as possible to not doing the same job multiple time ?
Why you still use Apple device for any “security” purpose after so many issues reported over years and continue using device/operating system than you can’t control at all ? I have never understand sorry. Security is full control over the device and software. Windows was good and become worst and worst over time most probably due to Apple who show a wrong way. Android is still open and Linux too.
Even Apple is closed as never seen before this company exist. They should support some cross platform code with good performance and reliable no ?
@ clueless
The idea isn’t bad just very sad to use probably the worst devices/software for security purpose to promote a secure network compatible only with one single platform. People who search this type of secure network want a secure operating system and whole control over the device that’s the base of security. Golden jail is my latest choice and will do all what I can before take this latest choice.
This isn’t a discussion about Coke vs Pepsi, our preferences or how the world is supposed to work.
iOS is a top mobile OS. Is it justified to create a grant proposal for it? It is.
The only question we are expected to answer is: do we have constructive feedback on the details of the proposal?
IOS is the worst OS about security so you can’t found worst. No control at all from the user side, a company decide for yourself what is good or not for you. They scan your private pictures for protect “children” of course. They are even be able to detect what piece of software run on your device without even touch your device physically. Instead of uninstall and do directly something on your phone they just send you a message to tell you than something wrong run on your device (no one other company do that on this world)
They have lost against Epic and should offer alternative to their fully controlled store. When release a new model they remove app who providing this feature to be able to sell this feature on their new device
Remove almost every external connectors/ports to be able to sell their proprietary products most of the time. It’s justice who should stop them and force USB standard connector by example. That’s just amazing they have keep one single user over time doing all of that.
They should now open an alternative store or way to install app to everyone if not win another trial after that. So even justice confirm what I write since many years.
This proposal use the worst OS ever about security. So first use OS providing full security when you want to promote a security related app and why not this OS but at the end may be even with a little warning than your text can be intercepted/stored/used/transmitted to US government by Apple like that no body will write anything confidential to these users because both end should be perfectly secured to secure a confidential chat. Microsoft should be checked on software side if record your screen or anything who be able to compromise security of the messages. Linux should be perfectly fine because these tools not exist with my actual knowledge everything is decentralized with possibility to own your own local repository of software. No one decide, check or control what you do on your Linux device.
So the idea is pretty good just have choose the wrong OS and the code should be cross platform for not doing multiple time the same job. You should never use storage provided by the manufacturer or OS (security = no trust) but your own based open source solution like Truecrypt or Veracrypt everything is open source and audited who give you 100% trusted storage location. You should type a password before each usage to unlock container. If app is closed container too so unavailable without your own password so only you will be able to read that.
If everything is done according to security so not have any trust to anyone. The usage will be worldwide if we respect every aspect of perfect security with an external audit of the code. A little warning when you reach any devices using OS who not respect security of the users at both end like iOS until Apple will be forced to respect users by worldwide justice. One day you will be able to use an offline Apple device without any link to Apple server but it will take many years or this company will disappear before when all users will have enough knowledge to understand by herself what they use. Android with Google services isn’t probably better may be a little like the OS is still open and can be rooted so the control can be taken over yet with a rooted firewall who can block everything to and from Google servers.
EDIT : Security is like hygiene: either you take care of it or you don’t.
). Basic error handling will fix it. Haven does this handling I believe (perhaps it happens in the javascript library, I don’t recall).
(no one other company do that on this world)