What is Hisser?
Hisser is a messaging service for mobile devices with a strong focus on security. It offers several features to keep all your communication safe.
- Confidentiality: Hisser uses end-to-end encryption for the message content to make sure that only the one the message was sent to will able to read it. During communication between two clients, new encryption keys (via Diffie-Hellman) are exchanged to prevent that the breaking of one encryption key will reveal the entire communication. Communication between client and server (HTTPS) is also encrypted, which makes the message content double encrypted.
- Anonymity: If the first layer of encryption is broken, the message header information doesn't reveal the sender or receiver of the message.
- Spam protection: The built-in spam protection makes sure the system won't be abused for unwanted messages.
- Robustness: Because Hisser allows you to run your own server, it's very hard for governments to interfere with your communication.
How does it work?
Hisser users can only exchange messages if they are on each other's contact list. This requires an invitation from one side and an acceptance from the other side. During this process, the public keys of both users will be exchanged. It's very important that both users validate each others public key to prevent a man in the middle attack. The client will guide the user through this step. Future releases will have the option to exchange public keys via QR-codes for improved security.
During the invitation process, both client applications also create a unique alias for their user and exchange them as well. Messages can only be send to an alias of the receiver. This prevents other users from sending messages (spam), because they don't have an alias for that user. A client informs the server about a new alias, so spam messages can already be dropped by the server. Because the alias of the receiver is the only user-information a message header contains, not much information about who is communicating with whom is revealed when the first encryption layer is broken. Users won't notice anything of the alias business, because the client application takes care of it all.
A Hisser address is like an e-mail address, a username and a hostname separated by an @. This makes it possible for everybody to run their own Hisser server. This form of distributed networking makes it very hard for governments to interfere with your communication.
The server application is a PHP web application which uses a MySQL database. Any webserver will do, but we recommend the Hiawatha webserver. Clients will be available for iPhone, Android and Windows.