Secure messaging service for mobile devices

What is Hisser?

Hisser is a messaging service for mobile devices with a strong focus on security. It offers several features to keep all your communication safe.

How does it work?

Hisser users can only exchange messages if they are on each other's contact list. This requires an invitation from one side and an acceptance from the other side. During this process, the public keys of both users will be exchanged. It's very important that both users validate each others public key to prevent a man in the middle attack. The client will guide the user through this step. Future releases will have the option to exchange public keys via QR-codes for improved security.

During the invitation process, both client applications also create a unique alias for their user and exchange them as well. Messages can only be send to an alias of the receiver. This prevents other users from sending messages (spam), because they don't have an alias for that user. A client informs the server about a new alias, so spam messages can already be dropped by the server. Because the alias of the receiver is the only user-information a message header contains, not much information about who is communicating with whom is revealed when the first encryption layer is broken. Users won't notice anything of the alias business, because the client application takes care of it all.

A Hisser address is like an e-mail address, a username and a hostname separated by an @. This makes it possible for everybody to run their own Hisser server. This form of distributed networking makes it very hard for governments to interfere with your communication.

The server application is a PHP web application which uses a MySQL database. Any webserver will do, but we recommend the Hiawatha webserver. Clients will be available for iPhone, Android and Windows.