-
I’ve spent a surprising amount of time recently, fighting to find some sort of sweet spot in the technology landscape for online chat. As a long time net denizen, online chat has always been an important part of my life, even as that part has drifted from forums and Internet Relay Chat (IRC) to ICQ to MSN and AIM and then to XMPP (jabber). Most recently experiments with Google Wave and Facebook Groups have taken the limelight with sidetracks to Skype and Ventrilo and everything in between.
However, it surprises me how each of those options is missing something important. After giving the problem domain a lot of thought, I feel like I’ve really identified what I want out of online chat. I feel compelled to commit these thoughts to the Internet and discuss how the current offerings all fall short.
My criteria for the ultimate online chat system to rule them all:
End-to-end encryption isn’t optional anymore. This is one of those issues that you never even think about, until you realize that it’s important and everything out there lets you down. We’re getting close to the point that encryption is starting to get the recognition that it should on the Internet at large, but we’re clearly not there yet. Importantly, encryption is not about online banking, it’s about trust. Encryption allows you to prevent anyone from reading/copying/processing your communication unless you trust them. When you think about online chat, it should be clear who you trust. It’s not the company running the servers, it’s not your ISP, and it’s certainly not everyone else in the coffee shop with you. You trust the person on the other side of your chat with your communication, and that’s the only person that needs to read it.
Working in the gaming industry, where secrecy is the norm, has really opened my eyes to the exposure of online chat. While the online chat industry has focused primarily delivering messages in a way that makes all manner of network situations transparent to the user in the name of easy-of-use, it’s made for a treacherous situation for communicating online. You messaged someone about something related to work… where did your message go? Did it go directly to your conversation partner? Did it bounce through an HTTP proxy to be filtered/cached/analyzed? Did it go first to the presence server, then indirectly delivered to your conversation partner? If the message was unencrypted and contained even plausibly sensitive information, then the only option is to not use online chat at all. Even sending quick instant message across the office isn’t safe. A simple firewall misconfiguration on one of the computers in the office could result in all of the chat traffic leaving the office, bouncing off of the chat service servers, and returning through the office to a desk. Suddenly a quick instant message conversation about a product ship date becomes the hot news article on an industry site, and no one even knows where the slip happened.
And these days, there’s no reason that users should have to make some important decision about disclosure every time they go online. We have the technology and the capability to make end-to-end encryption the standard in online communication. It’s really time that encryption becomes as user friendly as message delivery is now.
Persistent communities are the most valuable online chat form. Originally, internet chat was all about online communities. Internet Relay Chat (IRC) is all about joining “channels” of conversation that are persistent as people come and go. It’s a natural analogy, like going to a bar or a coffee shop. With the Instant Messaging trend, the pendulum swung back to one-on-one communication. User friendly one-on-one communication is an invaluable tool (see also: the telephone), but that doesn’t build the type of communities that make online chat so valuable. Imagine going to a bar and everyone can only have one-on-one conversations. It would suck.
The most important metaphor to apply to online chat is that of the “third place”. For many groups of people, geographic distance separates individuals and online is the only way that they can share a “third place”. Great online chat can’t really be great without it.
The Internet isn’t just text anymore. This should be obvious, but looking at most online chat mediums, you wouldn’t think so. A conversation online consists of text and images and videos and sound clips and everything else you can imagine. And these things need to be as effortless and inline as text. Links require, at a minimum, exiting the conversation to follow a link in a separate browser. Often it means trying to find some kind of easy online storage to then generate a sharable link to paste into the conversation. And when that goes easy… it’s probably not secure. A great online chat system should allow all kinds of embedded multimedia to be transferred over the same simple encrypted channel as everything else.
Online chat is real time. It’s simple, but it’s true. Anything less than real time is another form of publishing content. (And these days, as easy as it is to publish content, most online communication is content publication.)
And that’s it, really. Four things that define what online chat should be:
- Encrypted end-to-end so only fellow conversation partners are privy to anything in the chat.
- Feature persistent group chat as well as the typical one-on-one chat to allow for online communities.
- Easy use of multimedia, inline with the rest of the conversation.
- Needs to be real time.
That said, everyone has their recommendations or favorite communication mechanisms. Here’s how they all fall flat:
Internet Relay Chat is text only and doesn’t feature end-to-end encryption. Even in situations where the connection to the server is SSL, the server itself routes all communication in an unencrypted manner to all of the listeners in the channel and all other servers. The only way to do secure IRC is a stand-alone SSL enabled server where you explicitly trust the server operator (and everyone with access to that server) and everyone in the channel. Aka: running your own network… which is not really the point of IRC.
Forums are great in that they are persistent and they often allow for embedded multimedia. They aren’t particularly real-time and they have the same issue where SSL doesn’t prevent the server from having all of the communication. At least it’s easier to run one’s own web server than an IRC network.
ICQ/MSN/AIM/Y! and the list goes on. These are all incredibly insecure. Not only is traffic unencrypted, but it’s routed all willy nilly with no transparency into what’s going on. You can, of course, add plugins to some of the clients to provide a layer of end-to-end encryption… but it will only work with someone else that’s using the same plugin and the same client. I haven’t been able to get any persistent group chat, only transient group chat that must require a formal invitation process at the start of each session. Embedded multimedia is limited. Basically, using any of these protocols is just living in the early 1990s.
XMPP/jabber has the most potential (this includes Facebook Chat and Google Talk), in that the X in XMPP stands for “extensible” and it seems quite attainable to add all of the necessary features. Facebook Group Chat even has the persistent group chat use-case handled very well. Unfortunately these are still unencrypted communication mechanisms. HTTPS doesn’t necessarily include chat traffic, even when the chat client is JavaScript on a secure page and it’s still all unencrypted on the server. And really, when the servers are Facebook and Google, you might as well just say “unencrypted to the entire world.”
Google Wave was a real contender, and the communication mechanism that I had bet on as the next big thing. It had persistent group chat, it had marvelous multimedia support, it was real time, and with federation is could have been secure. It actually failed most in an unexpected way: conversations kind of suck as documents. The real time, branching anywhere conversation trees had great potential, but the interface would need to be something very different. By turning chat into a document, effectively the chat became the chat log. A constantly changing, non-linear chat log is really confusing. Icing on the cake, Google is canning Wave.
So what does that leave us/me with? Nothing, really. The best encryption solution, right now, is iChat with MobileMe on OSX. MobileMe does an awesome job at issuing trusted certificates to verified individuals. iChat then uses those certificates to seamlessly encrypted MobileMe to MobileMe AIM traffic. But it’s a tiny garden, and one with a pretty high entrance fee, so I don’t expect to get much use out of it except for close friends.
Facebook Group Chat is pretty great, but leaves much to be desired with multimedia and encryption.
How it could all come together:
Hypothetically speaking: Facebook’s acquisition of Lars Rasmussen means that Facebook Chat needs to get a rich user interface like Google Wave. Add end-to-end encryption, and it’s a done deal. That would deliver all four requirements of what online chat should be—end to end encryption, persistent group chat, rich embedded multimedia support, and real time interaction—in an immensely usable manner.
What might block it all:
While end-to-end encryption should happen as a default for everyone on the Internet, there are a few important factors that might block it entirely. The biggest is that mega-corporations like Google and Facebook need to monetize their offerings to continue the money-parade that keeps the awesome services they provide, online. The biggest way they do that is by providing targeted advertising based on the content of pages and messages. For instance, if GMail had end-to-end encryption, then the relevant advertisements that show up based on the content of your email would be impossible. Clearly great for users, but not great for the business of things. In a similar way, Facebook might want to monetize chat directly in the future, and end-to-end encryption would prevent that.
I’m hoping that the Right thing happens online and end-to-end encryption becomes the standard. But it’s not like I’d be the first person to make that statement.
-
-
tbradshaw posted this
-
