As we are in closed beta we thought it was about time to give some more in depth information about what we have done, are doing, thinking and planning. So without further a due here is an interview Linus did with No dogma podcast
Summer has ended and we have had a pretty nice time (despite things) and are now getting into the mode of releasing this. Development has moved on even during the crazy long Swedish summer days but we have run into more issues that we anticipated. One never learns that doing stuff you never done before is, pretty hard. Maybe we have now… or not.
In the process iOS8 has been released, something that is great for us. We always wanted to do a broad beta-test of the system. Something that prior to iOS8 has not been possible on iOS. Beta testing on iOS is now much simpler and allows for up to 1000 testers instead of previous 100. The problem being that it is yet only open for 25 internal testers. The full system is quote,”Coming soon”.
On Android beta testing is possible as we are not forced to distribute the App via Google play. There are other problems, but at least it’s not about how many that can test it.
So what we are doing right now is working on the last things before we can actually do a real beta test.
Now for the sad part. 1000 testers on iOS is nowhere near enough for all funders with iOS to get access to a beta. Specially as getting access to a messaging app before everyone else is useless as you at least need one friend to message. So giving 1000 random people access does not work. We need people to actually use Hemlis be able to know if things are working as they are supposed to. Beta testing is about helping us finish the system, not about getting early access.
How exactly we are going to make this as fair as possible and also work out the kinks is still something we really don’t know. In reality most of you can’t get access to the beta. Sure, we never promised any funders access to a beta (we knew it was not possible to do on iOS) but it has always been our goal to give funders access earlier if it was possible. But we have to live with what can be done.
The chance of registering a username early will obviously be available for the funders who should get that regardless of how the beta will work.
Update Oct 24: Apple has finally released TestFlight for external testers and we will start to use it when Apples review of the app is done. But as we have said, it’s maximum 1000 users (we had over 10 000 funders). And the beta test is to fix issues with the app not a treat for funders. So no, don’t count on getting an email with an invite. Exactly how many we will let in the beta Android app before release have we not decided yet, it is to be seen. Our goal are great apps, nothing else.
We just updated our webpage https://heml.is with a brand new video showcasing the current beta apps!
In the video can you see the conversation list, initiating a new conversation, our emotes, sending attachments and quick reply.
Right now we are working on the server scaling. Both when it comes to handling millions of users and the gigantic amounts of attachments you will send with Hemlis each day. The system features group chat and allows multiple devices per account. Both these creates a vast amount of data and connections the servers need to handle.
Once we have that and the last bugs sorted out we are ready to start the work to rolling out in the app stores.
We agree with you! It has taken us far to long to get Hemlis ready and we’ve been terrible at updating you of our progress. We had the ambition to fill the void between the existing secure apps and the accessible messengers out there. Simply making a secure messenger wasn’t enough, we wanted it to be innovative and highly accessible as well. We underestimated the amount of work that was needed to get all thing in place, running and absolutely perfect.
As you might have read elsewhere, Peter got arrested two days ago and will now serve a 5-8 months in prison for promoting copyright infringement, obviously a bullshit charge. Peters imprisonment will not directly affect the release of Hemlis, but it does however affect us as individuals and as a team. Everything is currently in turmoil but we are doing our best to get things back on track and Hemlis on to your devices.
The good news is that we are a whole lot better at writing code than we are at writing blog posts. Hemlis is currently in closed beta, yes you read that right. We have invited a number of people to help us weed out the worst bugs and so far things are going very smoothly. We are happy with the results and are proud to say that we have compromised very little with what we set out to do. There are still a few items on our todo-list, but we are confident that we’ll have them sorted very soon. We are close to actually start rolling out!
PS: We wanted to post a teaser video of the app in action but we obviously suck at getting things done in time so we’ll post that later this week. Hopefully.
Update: Obviously you all started to ask about an open beta. We would love to do that, but Apple does not allow for it. On iOS the only way to get installed on more than 100 devices is to launch in the Appstore. We could do a public beta for Android, but a beta test that only tests one app is kind of not a great test. Do not worry though, we have some great ideas on how to roll out in a way that will get funders into the system first. More about that later.
After the Snapchat exploits, we have been getting questions from concerned people wondering what we are doing to protect our system from this kind of data leakage.
In the early days of instant messaging users found each other through word of mouth or through other out-of-band communication. Instead of searching for your friends you asked them for their username or in some cases a long unique identifier (yes icq we are talking about you) which you then had to type in to your IM client in order to talk with them. While tedious this system is obviously still in use for most IM’s and other internet services like email and web pages (remember when we didn’t have search engines?).
You have likely already done the manual labor of finding your friends at least once by using social networks like Facebook, or in the case of mobile phones, by adding them to the phones address book. Lets be honest here, today most of us don’t have the patience to do all that work over and over again each time we add a new social application. If we can’t get it working within a few minutes, we move on to the next thing.
That is exactly why contact discovery is so common and quite necessary.
The basic principle of contact discovery is that an application extracts identifiers from a contact list and then uploads it to a server in order to match it against a list of known users. Implementations differ in how they upload the data, where some send everything in plain text others will use hashes or better yet hashes sent over encrypted connections. For any matching user the server will then reply with an identifier that the application can use in further contact with that particular user. Now depending on the implementation this is a potential problem.
When building a user search the easiest way to implement it would be to do something like the following:
A malicious client could now repeatedly and systematically ask for new matches until it had managed to assemble a huge database of users and their information. Which is what happened to Snapchat.
A small change to the servers response could completely avoid this problem. By giving each identifier a unique response it is impossible for the client to know which user a certain identifier belongs to. Now this solution wouldn’t work for a service with public profiles, like Facebook, but it happens to work quite well for an instant messenger where a client only needs to be able to send a message to a given address.
Another potential problem lies in the data that the client sends to the server during contact discovery. Even if the client sends the data hashed (obfuscated), the server will still get access to information that some people might not want that server to have. Although we wouldn’t be able to connect an email to a specific user unless that user had uploaded their email, we could create a huge database of email addresses, which in itself is valuable to certain companies (read: spammers). In a perfect world we could have contact discovery without sharing any information with the server, but unfortunatelly we don’t know of any practical way to do this.
Welcome to 2014, the year we make a change. It’s very due we gave all of you an update. It’s easy to think that a project like this is just a question of two clients, but it’s not. Here are the full spectrum of what we have been and are up to.
Both clients (iOS & Android) are neck to neck in development and we are starting to see the final product. We are testing the app heavily ourselves and it even got it’s own notification sound. A new way of handling emotes have been implemented that we are very satisfied with. And yes it’s as user friendly and beautiful as we wanted to be.
Right now we are focusing on getting the backend software finished. There are quite a few parts to this puzzle. Login and client distribution, the XMPP servers, key exchange, attachment distribution, user lookup and most importantly scalability.
Although we initially said we would base our encryption on PGP we are actually using the asymmetric encryption capabilities of Daniel J. Bernstein’s nacl or more specifically the libsodium implementation of it. The private key will of course never be uploaded to the server or shared in any way. We will also provide a way for users to verify the authenticity of each others public keys, both in band and out of band.
The anycast nodes are getting spread out and configured. They will route traffic hidden away from snooping eyes to our server cluster. The rest of the hardware is also being set up. So far we have two digit numbers of machines dedicated for message handling. Next in line are the file clusters for attachments (images etc). Coming up on the agenda is load balancing and client distribution.
Keep it secret, keep it safe.
We thought it was time to give you a look at the alpha apps! So we made a short video showing conversation between two Android clients and one iPhone client.
Linus made an interview the other day with German radio show Breitband (Broadband) on Deutschlandradio.
You can listen to the full radio show in German here.
The parts about Hemlis was based on longer interview (in English) that has been published in whole on Soundcloud.
Dear Heml.is backer! We just wanted to update you a bit on what’s going on with the development of Heml.is!
Since the last update we’ve found a few good people to help out building the app. We’re close to having the full crew now, so it’s really helping a lot with the speed and quality of the service we’re building.
We’ve also decided on infrastructure plans and started building that. It’s important to build a scalable platform that can handle the millions of users that we hope the system is going to serve. We might post a longer explanation on the infrastructure a bit later!
The design for the app is looking really good now! It’s a beauty to see and is becoming more and more intuitive to use. We have come so far that we will now start the development of the iOS version.
The questions about encryption
Most questions about heml.is is about the encryption we’re going to use. How it’s going to work and details about it. For different reasons, we’ve stayed away from talking too much about the details. It’s not because we’re arrogant, it’s just that dealing with the crypto community is really time consuming. Whatever solution we’ve decided on would be criticized and we aren’t really interested in the flame war that’s inevitable. We’d rather create and get things going. Maybe a small lesson for the crypto geeks out there would be to be supportive instead of negative.
After taking all things into careful consideration, we’ve decided exactly how the encryption will work. We’ve listened to all the comments and wishes from you guys and we are now quite happy with the implementation we’re going for. It’s based on free and open source solutions and we’ll release the full source we create for the usage of it. More details will follow later, closer to release.
Until next time!
The Hemlis crew
It’s Friday, the sun is shining and it’s almost time for that after work we’ve been thinking about all week. But before we let our minds wander towards thoughts of golden nectar, here’s another long overdue situation report from the Hemlis team.
Your messages are the center of this application and as a result your running conversations are at the top level of the navigation. By using smart defaults, logical flow and no unnecessary settings we are giving the app a clear sense of purpose and focus.
Beyond text messages
Messaging is not only about words. Lots of nuances are lost when you write short messages compared to actually talking with someone. One thing that we have thought of a lot is how people are using emotes to convey the mood or emotion of the message. We like the idea of conveying emotion in messages, but we do not think that endless pages of emotes and stickers makes for a simple and compelling usage. We want to improve this part of texting and are testing different ideas to see if we can take text messaging to the next level. Emotes and stickers should not only make messages look fun, but also have an emotional spectrum used to carry the emotion or mood of the words.
Don’t get us wrong, your emoji keyboard and usage of : ) ; ) : / will of course be possible.
One of the main reasons for building Hemlis is to circumvent the mass surveillance that we now know several governments are taking part of.
As part of the ongoing mass surveillance, internet traffic is currently being stored and indexed in massive databases, allowing the data to be analyzed, searched and ultimately read at a later time. This affects everything we do online, from emails to search statistics and even our daily activities on social sites such as Facebook or Twitter.
While we wont be able to provide you with 100% privacy, we believe that we can make your conversations private enough to render mass surveillance ineffective. While most people seem to be concerned about the government reading the contents of private communications very few seem concerned about their ability to build sociograms. Our intent is that by encrypting and then tunneling all messages through the Hemlis network we are making it more difficult for them to data mine or build sociograms from your communications. The surveillance systems can see that you are using Hemlis but they can’t see what takes place inside the network.
As we are still testing different ideas and implementations we are currently sticking to one platform. The initial development, is mostly done on Android, although the Android and the iOS application will be released at the same time.
Some people have suggested that we build Hemlis as a web application to make it cross platform by nature. In theory this might sound like a good idea but as we are aiming for stable and fast clients we have decided to use native code.
As a side note we are currently evaluating the possibility of extending our initial reach on to other platforms. But don’t get your hopes up just yet.
Over and out, lets go for beer!