@phoenixrd.bsky.social
More end-to-end-encryption. More privacy.
We did a thing. We combined TLS and MLS into a hybrid protocol.
Why? Because sometimes you need connections that last for weeks, quantum-resistant security, or simpler certificates.
The experiment is open-source. Here's the story ๐
We are #hiring a Freelance Junior Product Manager to help us build the next generation of private & secure messaging.
If youโre interested in joining our team, please apply today!
For friends of secure messaging ๐ฅท, please share our post with potential candidates.
Happy to announce that Iโll be speaking at @passthesaltcon.bsky.social on July 2nd!
Iโll discuss end-to-end encryption with MLS, the growing MLS ecosystem, the MIMI IETF working group, and metadata protection.
Itโs my first time attending, and I look forward to connecting with the French community!
The MLS Architecture document โ the companion document to the MLS Protocol document โ is now finally available as RFC 9750:
www.rfc-editor.org/info/rfc9750
MLS is efficient, but what does that mean in practice?
This paper sheds some light on the question by building a test framework for OpenMLS.
arxiv.org/pdf/2502.18303
We are happy @opentechfund.bsky.social is supporting our mission to bridge the gap in the secure messenger space by developing a new technological foundation for secure and private messaging that combines functional, privacy, and security features in a way that addresses a variety of threat models.
21.01.2025 13:17 โ ๐ 3 ๐ 1 ๐ฌ 0 ๐ 0
A good part of the team joined the #38C3 which was a good way to end the year. 2025 will be an exciting year for us, we will share updates about our work along the way. You can follow us here or subscribe to our blog at blog.phnx.im/#/portal/signup.
(๐งต2/2)
๐ธ Leah Oswald (CC BY-SA 2.0)
Happy New Year! Phoenix R&D enters 2025 with some good news! Over the last few months we have doubled our team size, which will help us shorten our development cycles.
We are excited about the new research projects. These projects also allow us to further diversify our sources of income.
(๐งต1/2)
This weekend, @raphaelrobert.bsky.social and @julianmair.com are joining the #GlobalGathering.
We will be hosting a booth and circle on Saturday to discuss the current state of privacy preserving and decentralized messengers.
We look forward to seeing you at there! Feel free to ping us!
We #hiring a full-time and a freelance Senior Rust Engineer to help us build the next generation of private & secure messaging.
If youโre interested in joining our team, please apply today! For friends of secure messaging ๐ฅท, please share our post with potential candidates.
- Prospective integration in platforms, like Firefox and Android
- Metadata protection in MLS
- Using MLS as a general purpose key establishment mechanism beyond messaging in e.g.: video conferencing, password managers, hypervisors, enclaves, etc.
(๐งต2/2)
Raphael Robert standing on RWC stage
We attended the Real World Crypto Symposium in Toronto ๐จ๐ฆ where @raphaelrobert.bsky.social talked about how far MLS has come since RWC 2019.
Highlights:
- Post-quantum resistance and how easy it is to upgrade from current schemes
- Deployment in existing products like Webex and Discord
(๐งต1/2)
WhatsApp shared first details on how they will comply with the #DMA. We are critical of the Signal protocol, as there has never been a complete specification that allows secure implementation of the protocol. This was one of the main reasons to develop MLS.
Our conversation with @netzpolitik.org๐
In case you missed our talk about Messaging Layer Security (MLS) at #37C3, you can re-watch it now.
MLS brings substantial improvements in performance and security compared to existing protocols.
#securemessaging #encryption #e2ee #messaginglayersecurity
Raphael presenting MLS at 37C3
We ended 2023 with a talk at #37C3. @raphaelrobert.bsky.social and Konrad presented Messaging Layer Security (MLS).
The room was packed and some people couldn't attend โ luckily the talk is now online.
๐ฟ media.ccc.de/v/37c3-12064...
#securemessaging #encryption #e2ee #messaginglayersecurity
Today at #37c3, 3:45pm, Konrad and I will give a talk in hall Zuse about Messaging Layer Security (MLS).
They call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption, bringing improvements in performance and security.
๐ fahrplan.events.ccc.de/congress/202...
@julianmair.com will be buzzing through the corridors and can be reached via DECT at 4109. If you want to talk about secure messaging or E2EE, let us know!
26.12.2023 13:37 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
Picture from the train with a computer on the table with an open presentation: "RFC 9420 - or how to scale end-to-end encryption with Messaging Layer Security (MLS)".
We are very excited to be at #37c3 in Hamburg after a long pandemic break. On day 3 (29.12., 3:45pm), @raphaelrobert.bsky.social and Konrad will give a talk on โRFC 9420 โ or how to scale end-to-end encryption with Messaging Layer Security (MLS)โ
๐ fahrplan.events.ccc.de/congress/202...
After @netzpolitik.orgโs recent investigation into surveillance through push notifications, many people have been concerned about how their own privacy is affected when using messengers anonymously.
In this blog post we examined the problem and what to do about it. Check it out ๐
Check out our blog post where we examine the push notification problem and address potential misconceptions!
In the wake of recent reports on surveillance via push notifications, many people have been confused about it and how it affects their own privacy when using messengers anonymously.
First impactful measure following last week's splash about push notification surveillance:
www.reuters.com/technology/a...
Let's make this crystal clear: If you think you are anonymous because you
- used a throwaway number for Signal
- picked a completely random username for Wire/Matrix
- were given a random username with Threema/Session
YOU ARE NOT! You can be identified by the push tokens.
This has been bothering me for a while and I'm glad there's finally more discussion about this. Push notifications are a problem for privacy, we need more transparency and changes in the way they work.
netzpolitik.org/2023/push-di...
These contributions from academia have been particularly useful in mitigating security issues before deploying in production environments.
New to MLS?
Check out our blog post for a high-level overview of MLS, its practical applications, and why it matters.
Numerous cryptography experts analyzed the Messaging Layer Security protocol. Thรฉophile Wallez presented at the USENIX Security '23 conference the contributions of Jonathan Protzenko, Benjamin Beurdouche, Karthikeyan Bhargavan, and himself and why it is not a good idea to roll your own crypto.
06.12.2023 08:54 โ ๐ 1 ๐ 1 ๐ฌ 1 ๐ 0
photorealistic brass padlock broken into many pieces over a background of the EU flag
After #chatcontrol, lawmakers are now trying to mandate government-controlled certificates in browsers. Along with 400 experts and researchers from around the world, our Head of Research Konrad Kohbrok has signed an open letter to abandon the #eIDAS plans.
eidas-open-letter.org
Direkt zur Podcast-Episode geht es hier: chaosradio.de/cr284-dicke-...
31.10.2023 14:07 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
@raphaelrobert.bsky.social hat im Chaosradio mit Constanze Kurz von @netzpolitik.org und Elisa darรผber gesprochen, welche dicken Bretter er mit anderen bei der IETF gebohrt hat und wie er Ende-zu-Ende-Verschlรผsselung fรผr alle zugรคnglich machen mรถchte.
Hรถrt rein ๐ง