Hemlis blog

Sometimes you understand

The road is long and winding and what lies ahead is often not as it looked.


Lately we have been awfully quiet. The reasons are many, sad and non important right now. They have though made this project drag along and that made us understand a thing we feared for quite a while but neglected to accept. New messengers fails miserably. While we have been working with Hemlis has several new and old messenger been released and updated. None has yet though even managed to make even a small scratch in the surface of the big. They have just grown bigger.

Each new attempt have made us understand that our goal of creating a mass market messenger just based on the fact that it is private, secure and beautiful, is not nearly enough. As the only reason we are doing this is to give you viable huge scale alternative to the existing systems is there really only one thing to do at this stage. Accept our current roadmap and goals as defunct. We understand that banging our heads into this wall does not serve a purpose. Releasing something that too few people will use, creates a product that can’t live without external capital. A road we are not willing to go.

So it is with a sad, tired and frustrated heart we feel we have to announce the current Hemlis roadmap and product dead. Hemlis can not live in the form we planned. We are ever so grateful for the love from our supporters, fans, beta testers and funders. It seems we can’t offer what we wanted from the shadows of the gigants.

Read Peters own thoughts »

Please note: The beta will be closed.

Hemlis update #9 – Beta testing


This is a “beta” in Swedish

Summer has ended and we have had a pretty nice time (despite things) and are now getting into the mode of releasing this. Development has moved on even during the crazy long Swedish summer days but we have run into more issues that we anticipated. One never learns that doing stuff you never done before is, pretty hard. Maybe we have now… or not.

In the process iOS8 has been released, something that is great for us. We always wanted to do a broad beta-test of the system. Something that prior to iOS8 has not been possible on iOS. Beta testing on iOS is now much simpler and allows for up to 1000 testers instead of previous 100. The problem being that it is yet only open for 25 internal testers. The full system is quote,”Coming soon”.

On Android beta testing is possible as we are not forced to distribute the App via Google play. There are other problems, but at least it’s not about how many that can test it.

So what we are doing right now is working on the last things before we can actually do a real beta test.

Now for the sad part. 1000 testers on iOS is nowhere near enough for all funders with iOS to get access to a beta.  Specially as getting access to a messaging app before everyone else is useless as you at least need one friend to message. So giving 1000 random people access does not work. We need people to actually use Hemlis be able to know if things are working as they are supposed to. Beta testing is about helping us finish the system, not about getting early access.

How exactly we are going to make this as fair as possible and also work out the kinks is still something we really don’t know.  In reality most of you can’t get access to the beta. Sure, we never promised any funders access to a beta (we knew it was not possible to do on iOS) but it has always been our goal to give funders access earlier if it was possible. But we have to live with what can be done.

The chance of registering a username early will obviously be available for the funders who should get that regardless of how the beta will work.

Update Oct 24: Apple has finally released TestFlight for external testers and we will start to use it when Apples review of the app is done. But as we have said, it’s maximum 1000 users (we had over 10 000 funders). And the beta test is to fix issues with the app not a treat for funders. So no, don’t count on getting an email with an invite. Exactly how many we will let in the beta Android app before release have we not decided yet, it is to be seen. Our goal are great apps, nothing else.

Hemlis update #8 – Video

We just updated our webpage https://heml.is with a brand new video showcasing the current beta apps!

In the video can you see the conversation list, initiating a new conversation, our emotes, sending attachments and quick reply.

Right now we are working on the server scaling. Both when it comes to handling millions of users and the gigantic amounts of attachments you will send with Hemlis each day. The system features group chat and allows multiple devices per account. Both these creates a vast amount of data and connections the servers need to handle.

Once we have that and the last bugs sorted out we are ready to start the work to rolling out in the app stores.

Hemlis update #7 – The state of the union

As you can see, Hemlis will work, in the future.

We agree with you! It has taken us far to long to get Hemlis ready and we’ve been terrible at updating you of our progress. We had the ambition to fill the void between the existing secure apps and the accessible messengers out there. Simply making a secure messenger wasn’t enough, we wanted it to be innovative and highly accessible as well. We underestimated the amount of work that was needed to get all thing in place, running and absolutely perfect.

As you might have read elsewhere, Peter got arrested two days ago and will now serve a 5-8 months in prison for promoting copyright infringement, obviously a bullshit charge. Peters imprisonment will not directly affect the release of Hemlis, but it does however affect us as individuals and as a team. Everything is currently in turmoil but we are doing our best to get things back on track and Hemlis on to your devices.

The good news is that we are a whole lot better at writing code than we are at writing blog posts. Hemlis is currently in closed beta, yes you read that right. We have invited a number of people to help us weed out the worst bugs and so far things are going very smoothly. We are happy with the results and are proud to say that we have compromised very little with what we set out to do. There are still a few items on our todo-list, but we are confident that we’ll have them sorted very soon. We are close to actually start rolling out!

PS: We wanted to post a teaser video of the app in action but we obviously suck at getting things done in time so we’ll post that later this week. Hopefully.


Update: Obviously you all started to ask about an open beta. We would love to do that, but Apple does not allow for it. On iOS the only way to get installed on more than 100 devices is to launch in the Appstore. We could do a public beta for Android, but a beta test that only tests one app is kind of not a great test. Do not worry though, we have some great ideas on how to roll out in a way that will get funders into the system first. More about that later.

Hemlis update #6 – Contact discovery

After the Snapchat exploits, we have been getting questions from concerned people wondering what we are doing to protect our system from this kind of data leakage.

We are pretty sure you don't want this.

We are pretty sure you don’t want this.

In the early days of instant messaging users found each other through word of mouth or through other out-of-band communication. Instead of searching for your friends you asked them for their username or in some cases a long unique identifier (yes icq we are talking about you) which you then had to type in to your IM client in order to talk with them. While tedious this system is obviously still in use for most IM’s and other internet services like email and web pages (remember when we didn’t have search engines?).

You have likely already done the manual labor of finding your friends at least once by using social networks like Facebook, or in the case of mobile phones, by adding them to the phones address book. Lets be honest here, today most of us don’t have the patience to do all that work over and over again each time we add a new social application. If we can’t get it working within a few minutes, we move on to the next thing.

That is exactly why contact discovery is so common and quite necessary.

Malicious lookups
The basic principle of contact discovery is that an application extracts identifiers from a contact list and then uploads it to a server in order to match it against a list of known users. Implementations differ in how they upload the data, where some send everything in plain text others will use hashes or better yet hashes sent over encrypted connections. For any matching user the server will then reply with an identifier that the application can use in further contact with that particular user. Now depending on the implementation this is a potential problem.

When building a user search the easiest way to implement it would be to do something like the following:

  • The client sends the phone number 123456 to the server which matches it to user abcd and returns abcd to the client.
  • The client then sends the email foo@bar which again matches the user abcd so the server responds abcd.
  • The client now knows that abcd = 123456 and foo@bar.

A malicious client could now repeatedly and systematically ask for new matches until it had managed to assemble a huge database of users and their information. Which is what happened to Snapchat.

A small change to the servers response could completely avoid this problem. By giving each identifier a unique response it is impossible for the client to know which user a certain identifier belongs to. Now this solution wouldn’t work for a service with public profiles, like Facebook, but it happens to work quite well for an instant messenger where a client only needs to be able to send a message to a given address.

Another potential problem lies in the data that the client sends to the server during contact discovery. Even if the client sends the data hashed (obfuscated), the server will still get access to information that some people might not want that server to have. Although we wouldn’t be able to connect an email to a specific user unless that user had uploaded their email, we could create a huge database of email addresses, which in itself is valuable to certain companies (read: spammers). In a perfect world we could have contact discovery without sharing any information with the server, but unfortunatelly we don’t know of any practical way to do this.

Hemlis update #5 – New year new progress

Welcome to 2014, the year we make a change. It’s very due we gave all of you an update. It’s easy to think that a project like this is just a question of two clients, but it’s not. Here are the full spectrum of what we have been and are up to.

Both clients (iOS & Android) are neck to neck in development and we are starting to see the final product. We are testing the app heavily ourselves and it even got it’s own notification sound. A new way of handling emotes have been implemented that we are very satisfied with. And yes it’s as user friendly and beautiful as we wanted to be.


The Hemlis servers that are up and running so far.

Right now we are focusing on getting the backend software finished. There are quite a few parts to this puzzle. Login and client distribution, the XMPP servers, key exchange, attachment distribution, user lookup and most importantly scalability.

Although we initially said we would base our encryption on PGP we are actually using the asymmetric encryption capabilities of Daniel J. Bernstein’s nacl or more specifically the libsodium implementation of it. The private key will of course never be uploaded to the server or shared in any way. We will also provide a way for users to verify the authenticity of each others public keys, both in band and out of band.


The anycast nodes are getting spread out and configured. They will route traffic hidden away from snooping eyes to our server cluster. The rest of the hardware is also being set up. So far we have two digit numbers of machines dedicated for message handling. Next in line are the file clusters for attachments (images etc). Coming up on the agenda is load balancing and client distribution.

As always, can you also find us on Twitter and Facebook if you want to follow progress in the smaller of details.

Keep it secret, keep it safe.

Hemlis update #4 – First video!

We thought it was time to give you a look at the alpha apps! So we made a short video showing conversation between two Android clients and one iPhone client.


Get every new post delivered to your Inbox.

Join 363 other followers