Published: 2014-08-31 17:41:04 by Daniele Ricci
WARNING! Version 3.0 is not compatible with version 2.x, meaning that users from both versions will not be able to chat with each other. However, the upgrade from 2.2.9 to 3.0 will keep your messages intact.

You've been waiting for it for a very long time, here we are at last, announcing the first beta release of Kontalk 3.0. There was a lot of work behind this release and I hope it will work well enough and meet your expectations.

For people coming from the 2.x series, there is a lot of new stuff in this version:

  • new XMPP protocol
  • full PGP asymmetric encryption
  • invitation system and blocking users
  • media encryption
  • new full set of emojis by Emojicon

A complete changelog is available on the GitHub release page here (although this changelog is from version alpha7):

https://github.com/kontalk/androidclient/releases/tag/v3.0-beta1

This new release is already available on Google Play beta channel and will be available on F-Droid very soon. F-Droid users will need no special action, however Google Play users are required to either join the Kontalk Android client community1 on Google+ or subscribe to the kontalk-devel2 or kontalk-users3 groups. Once you've done that, go to this page:

https://play.google.com/apps/testing/org.kontalk

And click become a tester. Wait a few hours and you'll have the update straight on Google Play.

Published: 2014-05-16 12:50:10 by Daniele Ricci

Many users have been wondering about security in Kontalk. In this post I'll consider the security concerns I faced and I'm still facing during the development of Kontalk.

Phone numbers

The biggest security implication is phone numbers. Hiding phone numbers to server administrators and to other users is very difficult since they are used as mean of identification. Kontalk uses hashes of the phone numbers in the user ID (something like a02ee628305f0ab754510b2a6c283f63db1cb965@kontalk.net, which is the SHA-1 hash of +15555245554).
Using decent hardware, by knowing just the country code, you can calculate all of the hash space and find the original value in a relatively short time. It's an easy task to carry out, but you'll have to spend time on that, meaning you have a target.
The hard part comes when the Kontalk devteam is not involved in server administration: despite we have very strong values and we do not give our data to others (of course we are tied to jurisdiction), other server administrators might. That's why we decided to create some sort of democratic network with an internal voting system, used to allow new servers and ban rogue ones. This system is not yet in place (we are still in alpha), but it will be ready at the right time. Further details will follow soon.

SMS provider

Another concern for phone numbers is using a 3rd party SMS provider to verify the numbers. In our case, Nexmo.
Of course it's a company and they have their privacy policy, but the problem is a Kontalk server must know the real phone number to send the verification SMS in the first place, meaning our Nexmo account has a record of all phone numbers that have registered or have tried to register to Kontalk. We really can't do nothing about it. Although we access Nexmo logs only when a user has a problem during registration, in fact we do have the phone numbers of all of our users.

Encryption: end-to-end without OTR

Encryption is another very important security concern. The older 2.2 versions had a weak encryption method which is being replaced by OpenPGP encryption in version 3.0. This new method will do a simple public key encryption using OpenPGP standards. More features such as perfect forward secrecy and deniable encryption will be addressed with a future version having an OTR-like approach.

Trusting server administrators

Last but not least, there is a concern about server administrators. Kontalk is designed to be a community network, meaning that volounteers can rent servers and make them available as Kontalk nodes. Those nodes will have access to all presence data and (unencrypted) messages passing through the server.
A server can prevent login attempts from users registered from another server though: it checks if the server public key is signed by the server that is authenticating the user in that moment. This is the way a server shows "trust" in one another. If anything happens, a revocation of the signature and that server is no longer trusted.
Anyway this doesn't prevent a rogue server from creating forged identities or fake accounts. There are mechanisms to protect users against that, but only when such abuses are discovered — that's because if an abuse is sporadic, it's hard to uncover it.

Still, there's no formal agreement between servers. They all count on mutual trust and spoken deals. This matter will be addressed when Kontalk will grow enough to justify the creation of a nonprofit organization, with an organized team and a more defined path to follow.

Published: 2014-04-01 09:37:36 by Daniele Ricci

This is an April Fools' Day prank.

Since I've started developing Kontalk, I imagined it like this: every user will be able to communicate for free, with the same users helping themselves to maintain the network and keep it active.
It was — and it still is — a very ambitious project, but I thought that by believing in it I would be successful. That's the key, I'd say to myself: believe.

However, I no longer can keep up with it. We became analyzing our users messages through some automated tools we wrote and we discovered some bad things.

Most users are blasphemous and evil. The others just keep talking about very bad jokes or very badly planned pranks. Desperate housewives adultering on their neighbours. Nerds that just keep watching Star Wars over and over. And much, much more. I will not go into further details because some people might be affected by such horrible things.

I can't keep up with it. I can't see people wasting their lives because of Kontalk. Therefore, I decided to shutdown all the servers and unpublish the app from Google Play effective tomorrow April, 2nd at 12:00 UTC.
I want to thank all people who believed in Kontalk as much as I did. Thank you guys, I'll never forget it.

Published: 2014-02-26 18:41:50 by Daniele Ricci

It's been some weeks since I've been able to use Kontalk XMPP from my notebook, using a custom Python script to remedy for the lack of client certificate authentication in Pidgin. The code was very ugly (it still is) and had hard-coded values.
So I decided to fix it a bit and release it in the public domain. You can find the script in the xmppserver repository (download link). You'll need Twisted to run it.

user@host:~/kontalk/xmppserver/test$ ./ssl_bridge.py -h
usage: ssl_bridge.py [-h] [-d] [-p PORT] --domain DOMAIN -c CERTIFICATE -k
                     PRIVATEKEY
                     address

An XMPP bridge for clients not supporting SSL client certificate
authentication.

positional arguments:
  address               forward connections to this host (host:port)

optional arguments:
  -h, --help            show this help message and exit
  -d, --debug           enable debug output
  -p PORT, --port PORT  listen for local connections on this port (default:
                        5224)
  --domain DOMAIN       use this domain for stream initialization
  -c CERTIFICATE, --certificate CERTIFICATE
                        X.509 certificate file
  -k PRIVATEKEY, --privatekey PRIVATEKEY
                        X.509 private key file

ssl_bridge.py is basically a tunnel that masks the STARTTLS process by doing its own SSL handshake using a provided client certificate and private key.

The first thing you have to do is to export the client certificate and private key from your device. Of course you have to register to Kontalk first if you haven't done it yet. Open Kontalk, press menu > Settings > Export personal key. This will create four files on your SD card:

  • kontalk-login.crt
  • kontalk-login.key
  • kontalk-private.pgp
  • kontalk-public.pgp

Transfer the two highlighted files to your computer. Then you'll need to convert them to an appropriate format using the following commands:

openssl x509 -inform der -outform pem -in kontalk-login.crt -out kontalk-login.pem
openssl rsa -inform der -outform pem -in kontalk-login.key -out kontalk-login.rsa

Your certificate and private key are ready for use!

Start the SSL bridge script:

./ssl_bridge.py -p 5224 --domain kontalk.net -c kontalk-login.pem -k kontalk-login.rsa beta.kontalk.net:5222

This will start to listen on port 5224 which will be forwarded to beta.kontalk.net:5222 after STARTTLS have been negotiated.

Now it's time to configure your favourite XMPP client. We will take Pidgin as an example but the configuration is pretty much the same.
Create a new XMPP account using these parameters:

  • username: dummy (doesn't matter actually)
  • domain: kontalk.net
  • password: dummy (doesn't matter)
  • check Remember password
  • connection security: Use encryption if available
  • check Allow plaintext auth over unencrypted streams
  • connect port: 5224
  • connect server: localhost

And there you go!!! Connect your account and you will see buddies with strange codes. Those are your buddies hashed phone numbers. You'll have to recognize each one by talking to them, sorry. You can then rename your buddies accordingly, Pidgin will keep track of the names.

Please note that encrypted messages are not supported by Pidgin and you'll have to tell your buddies to disable encryption when they talk to you (you won't receive anything otherwise).
Also delivery confirmations are not supported, so your buddy will not see his/her messages confirmed. The only way to confirm them is to open Kontalk from Android. You will receive all the unconfirmed messages again and the app will confirm them.

The SSL bridge script is still not perfect, if you have any problem please report them to the Kontalk issue tracker.

Published: 2014-02-23 11:47:51 by Daniele Ricci

Dear Indian users,
I'm sorry to inform you that we did all we can do in our power to let Indian users receive our verification SMS. We use Nexmo to send them. Like any international SMS wholesale service, it has specific carrier restrictions in India, as described here: Specific Carrier Restrictions in India, notably:

  • Nexmo can only guarantee message delivery between 9am to 9pm. Messages submitted after 9pm Nexmo will attempt to send, but due to local regulations, these messages may be blocked or queued.
  • you might receive our SMS probably as Cell Broadcast. Please enable CB on your mobile to be sure to receive it
  • messages sent to numbers registered in the NDNC (National Do Not Call) list will be blocked.
  • messages towards Jammu and Kashmir networks (example, 405/55 - Airtel J&K) will be blocked by the government due to political sensitivity.

Registration attempts have been cut to one every 24 hours. We decided to do that because we pay for these blocked messages and we can't afford the price even with donations. You don't have any idea how much registration attempts we receive from India.
I'm sorry there is nothing else we can do.