Reading dymaxion.org Please Stop Writing Secure Messaging Tools
Dymaxion: Please Stop Writing Secure Messaging Tools
He states the necessary functionalities missing from existing secure tools, I find a clear correspondance with what is in progress in DREAM. Role aware being in my experience the most needed.
- Multi-user , because teams are more than just two people
- Multi-device , because people travel and need to swap out or switch between hardware
- Decentralized , because leaving a server somewhere is risky, inconvenient, sometimes prohibitively expensive, and can cause latency issues
- Client-side end-to-end encrypted , so everything that’s trusted with data is physically with someone trusted
- Offline-friendly , because the Internet isn’t always on and people need to collaborate locally when it isn’t
- Role-aware , because teams tend have different people doing different things, and software that doesn’t support this doesn’t let them work effectively; design for security means designing for community
- Secure by design for everything from basic communications architecture and protocol parsing through cryptographic enforcement of roles and permissions, because attackers will exploit policy weaknesses otherwise
- Metadata-sensitive , because adversaries don’t always need content
- Multi-organization , because cross-organization collaboration is critical but complicates role structures and authorizations and tools that enforce silos hurt field outcomes