With ever-increasing threats to our online privacy, a secure, private messaging system is a virtual necessity. Unfortunately, all of our current systems are vulnerable in one way or the other. The world needs a genuinely secure private messaging system.
In this article, we look at Loki Messenger, a secure private messaging system that has huge privacy potential. Loki Messenger is the first service on Lokinet, a decentralized, end-to-end encrypted messaging and payments network.
Without going in too deep (Loki details get really technical, really fast), we’ll look at what makes Loki Messenger into a better private messaging service.
Once we get through that, we’ll give you a demonstration of the current beta version of Loki Messenger.route
Ready to learn about what could be the future of private messaging? Let’s start.
Introduction to Loki Messenger
So what exactly is Loki Messenger? According to the projects README file at GitHub:
In other words, Loki Messenger takes advantage of some of the best existing private messaging technology and adds, even more privacy and security through its use of Lokinet.
Lokinet’s Service Nodes, “act as both federated servers which store messages offline, and a set of nodes which allow for onion routing functionality obfuscating users IP Addresses.”
What Makes Loki Messenger Better?
With competitors like Telegram, Viber, Signal, and WhatsApp, you might be wondering why the world needs another end-to-end encrypted, private messenger app. There are three big reasons why we think Loki Messenger has a shot at becoming the private messaging app of the future:
- Loki Messenger is Decentralized
- Loki Messenger is Untraceable
- Loki Messenger is Hack Resistant
Loki Messenger is Decentralized
What do Telegram, Viber, Signal, and other leading encrypted private messaging apps have in common? They are all centralized. This means that there are central servers to hack, and even physical offices for the authorities to visit with subpoenas (and assault weapons) in hand when they want to snoop on someone.
Centralization is a huge vulnerability. Here are some recent examples of the problem:
- After the 2019 Sri Lanka Easter bombings, the Sri Lankan government shut down access to Viber, SnapChat, WhatsApp, and other messaging services within the country. In all, this country has shut down messaging apps at least three times.
- In June of 2019, the CEO of Telegram, Pavel Durov, said they experienced a “state actor-sized” cyber attack. Without revealing details, he indicated that the attack likely came from China and was related to the protests in Hong Kong.
A decentralized messaging app has many advantages. Withou3mt a center, the network is resistant to attempts to shut it down (Think Torrenting, Bitcoin, Tor, etc.). Additionally, there is no one to wave that subpoena at, demanding that they turn over the data on some user.
Loki Messenger relies on Lokinet’s private and decentralized messaging services. The Lokinet network uses a chain of proxy servers connected by onion routing to pass messages. The state of the network is maintained in the Lokinet blockchain, making that information available to every user. The user chooses the route their messages will follow through the network, eliminating the need for a trusted (central) authority in the system.
Loki Messenger is Untraceable
Many messenger apps use end-to-end encryption to protect the messages that flow through them. But they can be vulnerable to adversaries powerful enough to monitor when messages enter and leave the network.
Over time, such an adversary can even do statistical analysis of the messages flowing through the network. Helping them to identify which users are communicating with each other, when certain users are online, and other potentially useful information.
Lokinet addresses this kind of problem by functioning as a mixnet communicating through onion routing. A mixnet passes messages through one or more mixes. A mix receives messages from multiple sources, then sends them on to their destinations in random order. Doing this makes it harder to analyze the flow of messages through the mixnet.
Lokinet connects the mixes in the network using onion routing. The onion routing protocols connect multiple mixes in a chain. Each mix only knows which node in the network sent a message to it, and which node in the network it must send the message to. Thus it ensures that no single mix knows both the original sender of a message and the final recipient.
Even if one of the mixes in the chain is compromised, there is no way for it to trace the entire route of the message.
In addition, Loki Messenger does not require the user to register with a telephone number, and a user’s real IP Address is never exposed to the network. Together, these features make the Loki Messenger untraceable (In theory).
Loki Messenger is Hack Resistant
While it is likely that no network in the world is totally hack-proof, Loki Messenger comes close, thanks to the characteristics of Lokinet. Lokinet uses Service Nodes to provide much of its scalability and networking functionality. Service nodes are paid for their services using Loki, the Lokinet’s native cryptocurrency. But Service Nodes must also stake a large amount of Loki for the privilege of being a Service Node.
The requirement of a large stake makes the type of hack called a Sybil attack, more unlikely. The Lokinet team defines a successful Sybil attack as one that seizes control of at least 30% of the entire Lokinet. To do this, an attacker would need to stake large amounts of Loki on each of the servers it controls. This would drive up the price of Loki, making the attack progressively more expensive.
In addition to the protection provided by Lokinet, Loki Messenger itself uses several techniques to prevent attacks. Deniable Authentication (DA) protects against man-in-the-middle attacks. Perfect Forward Secrecy (PFS) ensures that a new encryption key is used for each message, limiting the damage done if an attacker does somehow get access to a key. In such a case, the attacker would only be able to decode a single message.
Now we’re ready to take a look at Loki Messenger in action.
Creating a Loki Messenger Account
If you are familiar with cryptocurrencies, you may notice that creating a Loki Messenger account looks a lot like creating a cryptocurrency wallet:
The seed phrase is automatically generated by Loki Messenger and is necessary to recover your account if you lose access to it. Or if you move your Loki Messenger account to another device.
Once you register your seed, you create your optional username and password:
Hit Save and you are ready to roll.
As you can see, the Loki Messenger window looks a lot like any other messenger app. It does, however, have a couple of differences.
First, notice the long random string of characters below the username on the top left. That is the user’s public key. Sharing this public key is how users connect. For maximum privacy, users would be advised to share these keys offline, preventing snoops from getting a copy of them.
Once a user has someone’s public key, they can send a friend request, which can be either accepted or declined:
If both parties are online, communication is relatively straightforward. Their messenger apps can resolve each other’s public keys and create an onion-routed path through Lokinet for live chatting. All without exposing their IP Address, telephone number, or any other personally identifiable information (PII).
Messages appear in the chat window as you would expect.
If you hover over a message, a “three-dot” icon appears. Clicking that displays a menu of options for that specific message, as shown above.
Offline messaging, where the intended recipient of a message is not currently online, is more complicated. It depends on groups of Service Nodes called Swarms. Every Loki Messenger user belongs to a Swarm. Swarms are groups of Service Nodes that can store messages offline.
When a message gets sent to a user that isn’t online, the message gets stored (in encrypted form) on one or more of the Service Nodes in the recipient’s Swarm. When the user comes online, their copy of Loki Messenger queries any node in their Swarm to see if the Swarm is holding any messages for them. If so, the recipient’s copy of Loki Messenger downloads the messages.
If the recipient replies to a message, Loki Messenger then attempts to form a direct connection with the sender as normal.
Additional Features of Loki Messenger
Beyond the basic messaging features that we’ve already looked at, Loki Messenger has some additional features that you will like. They range from usability improvements to privacy enhancements, and include:
- Disappearing Messages
- Safety Numbers
- Changing Username and Nicknames
- Light / Dark Modes
There are times when you want to send someone a message, but you don’t want it to be a permanent part of the conversation. This is where Disappearing Messages come into play.
Clicking the gear icon in a chat window displays message options for that chat. One of the options in that menu is to set new messages in this chat to disappear after an interval, with options that range from off (turn off disappearing messages) to 5 seconds, up to one week.
After this, any messages will automatically disappear from your chat window and that of the recipient. Loki Messenger makes it clear at the top of the chat window if Disappearing Messages are active and how long they stay visible (See above image).
Safety numbers are a set of 12, 5-digit numbers that can be used to verify the security of the end-to-end encryption of the connection with another user.
If the safety numbers that appear in your app match those that appear in the other person’s app, the end-to-end encryption of the connection is secure.
Changing Username and Nicknames
Because Loki Messenger identifies users by their public keys instead of usernames, it allows you to change your username at any time.
Likewise, it allows you to change your nickname for someone you are friends with. This doesn’t affect their username but does change what name you see for them in your app.
I can see changing nicknames to be useful for identifying someone you don’t contact frequently. Changing the name you see in your app, from “Lashana Lynch” to “The New 007”, could make it easier to keep track of who you are talking to.
Light / Dark Modes
App developers are finally moving away from the light-colored text on a black background interface trend. Like many newer apps, Loki Messenger offers both a Light and a Dark mode. I’ve been using the default Light mode throughout this article; here’s what the Dark mode looks like:
This is easier on the eyes (my eyes, anyway) and seems like a good option for someone interested in privacy who wants to be a little more subtle while viewing messages.
While it is still too early to say that it will be the private messenger we all use in 2020. Loki Messenger packs a lot of privacy and security features into one package.
We’ll be watching the development of Loki Messenger as it works its way through beta. We’ll also be keeping an eye on the progress of Lokinet, which plans to offer several other privacy-related capabilities soon.
Bonus Tip: Enhance Your Privacy Further With a VPN
If you enjoyed this article and want to improve your privacy instantly, we recommend getting a good VPN service that lets you browse torrent websites and whatever you want, without leaving any logs. If you’re interested, check out our best VPN guide, or go right to our favorite Nordvpn.
For another perspective on Loki Messenger, check out this video:
- What is a Man-in-the-Middle Attack?
- Definition of Personally Identifiable Information
- Mix Network (mixnet) Explained