Its Time For a Hybrid Telegram & Signal Messenger

What a combined version of Telegram & Signal will look like on Holochain

Some of you may have read my recent article which talks about the current state of social media, the political influences the purpose of that was to try and provide a pathway to overcome censorship.

In it I also spoke of how Holochain could help change things and cater for any individuals regardless of their political persuasions or other beliefs.

I have spent the last few weeks comparing social messaging platforms and applications including privacy based applications. In this time I have also spoken to the Holochain hierarchy and developers about what is and isn't possible or feasible.

I even went to the lengths of writing a white-paper style document about how a new version of Telegram and Signal could be combined into one application and hosted on Holo hosting.

Below is the results of my research.

The Social Messaging Market

Not going to bore you with too many facts or incites about social media market size but I think its important to touch on it to further validate the need for new and improved services.

Starting with Telegram, it recently said it reach 500 Million users, a huge number, for Signal it is about to surpass 1 Million daily active users.

For a comprehensive look at Telegram statistics this article from only a few days ago by Mansoor Iqbal is very informative.

Obviously there is a huge demand for messaging applications and particularly those that are focused on privacy and whom are somewhat censorship resistant.

Facebook messenger and others like Wechat and WhatsApp are still very popular with many people, especially in parts of Asia. But WhatsApp has seen a decline recently due to its terms and conditions in relation to Facebook.

This dynamic has changed in recent weeks. Image taken from:https://www.messengerpeople.com

The Major Differences between Signal and Telegram

Both are not owned by large tech companies with Telegram owned by founders Nikolai Durov and Pavel Durov while Signal is a not for profit organization.

Both provide some of their code as open source, the end-to-end encryption (E2E) of Signal Protocol is a very good piece of software I was informed by Holochain Devs and Telegram uses the MTProto encryption protocol

The other differences at a glance are related to the security of the messages and the different mediums each use to facilitate communications along with the file sending limitations.

For example Telegram allows “Groups” of up to 200,000 people while with Signal the maximum is 1000. And for this reason it is likely what Signal does not allow “bots” while Telegram does to assist in the management of such groups. But those 1000 per groups in Signal have E2E messages.

Moving onto security, Signal uses E2E for all of its conversations while Telegram only uses E2E for a private person to person chat. With Signal they state that the data you use lives on your device while with Telegram it is stored on their privately owned data centers this is also why Telegram is able to allow you to have your conversations synchronized between your devices.

As for file transfers Telegram allows up to 2GB while Signal only allows a maximum of 100MB.

So as you can see both have good points and bad points below is the choices each platform gives you.

  • Large groups with no encryption or small groups with encryption?
  • Higher security but less portability? (synchronization between devices)
  • Keeping your personal data on your device or in privately owned data centers?
  • Ability to transfer large files and have less security or transfer smaller files with higher security?
  • Having bots for ease of management or not having to ensure higher security?

Telegram has some big problems

I have been on some other cryptocurrency Telegram groups for over a year and a half and ended up being a volunteer administrator at one stage and seeing what goes on both behind the scenes and publicly really highlighted to me how easy it is to exploit people and/or push an agenda.

These issues are not unique and could be applied to any public Telegram groups.

Because signing up or creating a new account only requires a phone number this is exploited by people who have an agenda or want to bypass any bans they have incurred.

People have the ability to create and operate literally hundreds of sock puppet accounts endlessly through online purchases of bulk SMS services.

It may not seem to be that big of a deal but it highlights the fact that the “ban” function essentially has no use, it cannot stop a person or persons creating hundreds or thousands of accounts to bypass any administrative action taken.

Imagine if your project, business, action group, or community had some extreme opposite views or intentions by a minority group of people who wanted to try and harm your social media image or to try and persuade a conversation in a direction that suites them.

They could go out and hire 1, 10, 20 people to disrupt your group, and if those 20 people had unlimited accounts, its very scary to think that you could be in a room with 50 people talking and really its only 7 or 8 individual people all of the others are 1 or 2 people.

What is to stop your competition putting some accounts in your groups as “volunteers” after some time and flattery they take advantage of peoples willingness to trust first and ask questions later and you have the equivalent of a virus on your device but its a human virus or viruses embedded inside your own public facing community! This has happened with Holochain Telegram unfortunately.

Being able to manipulate the tempo of a Telegram group is as I have just highlighted is very easy to do and when people see it happening it turns them away, they don’t want to be part of it or they stay a part of it but with an obscured view of what the general sentiment of members is.

There are many websites now that use bots to measure the tempo or general feelings and mood within the Telegram groups and they use keywords like “delay”, “dead”, “broken” for the negative and the opposite for words like “awesome” etc just to measure the feel of the people talking within it and theses results are updated and shared across various mediums.

Telegram has a great interface and the ability to communicate with your communities and allowing them to interact, share files, send gifs, post images etc, is perfect but it can all come undone if your software allows for abuse.

I believe Telegram is aware of these exploits but the reason they do not try and address the issue of multiple accounts is because for every new account even if it only posts one time or indeed never says a word it is still considered a “new user” and therefore it is seen by them as a positive statistic another user to add to their tally to impress advertisers or investors.

I have looked at many projects using Telegram as it seems to be the most popular for cryptocurrency enthusiasts to congregate and I have noticed some projects have abandoned it as means of communication and I don’t blame them.

Telegram could mitigate the multiple account issue by requiring a phone number and an email address, yes people can still make multiple accounts with that system but it’s at the very least more time consuming and would really slow down a person or persons ability to disrupt.

This highlights yet another gap in the market where a new application built on Holochain could remove this loophole.

A Telegram clone or version of it could cater to different levels of verification and give organizations the option to choose what level of anonymity they provide to their members, but at the very minimum a phone number and email address should be the starting point.

The Hosting Costs

Telegram spends at least $2 Million per month on hosting in its own private data centers. Who has access to these servers? Something we don’t know which is important to keep in mind when talking about security.

If there is are intelligence agencies paying Telegram for access to their servers you will never know, which is pretty much the same case for all of the commercial ones but with the commercial they are more likely to have people working within the data centers or its parent organization if they need to access data.

Signal as you can see from the image below spends around $57,000 per month for hosting and they use Amazon Web Services predominately.

I suspect this number will rise considerably so with the recent influx of users so that amount may not be entirely correct, but it is still likely to be way less than Telegram because most of the data lives on the users phone and they only allow for a small amount of file transfers.

This information about where your data is held is also for sale commercially, not possible with Holochain

What Am I Proposing Here?

A hybrid version of Telegram and Signal using the best features of both of course.

I have outlined the strengths and weaknesses of both Telegram and Signal and now I am going to explain how a new venture can have the best of both world by using the latest in peer to peer technology and agent centricity through Holochain.

What I think a new and better version of Telegram will be is something along the same format that it has now, but using some of the features that make Signal so popular.

Firstly if you don’t know what Holochain or Holo hosting is I suggest you visit their websites or look at my other articles where I go into detail about this technology.

Or visit www.holochain.org (The underlying technology) or www.holo.host (The peer to peer cloud hosting company).

FYI Holochain just became the first company on Earth to successfully host peer to peer applications without any data centers or servers that are able to to be accessed via a web browser. This has never been accomplished before, so the technology is literally cutting edge and it is also propitiatory protected through patents.

Okay so for ease of explanation lets give this mythical hybrid creation of Telegram and Signal a fictional name and call it Hologram.

So the way it works is Hologram build on Holochain would also inherent Holochains agent centric DNA.

To keep this brief I will not go into too much detail with Holo and Holochain but focus on how Hologram messenger will out perform both Telegram and Signal.

Holochain DNA is “agent centric” or person centric meaning you control your data, it never leaves your device unless you give it permission to do so.

Signal uses E2E but the but the data still passes through data centers, AWS in Signals case. Everyone knows that centralized data centers (that can be and are snooped upon) are a primary place of intelligence agencies gathering data in bulk. Even if they cannot initially read your encrypted message through the data center, no doubt they have a record of the actually messages being sent.

But with Holo hosting of Holochain applications there is no data centers involved, it is server-less. You data is sharded (broken into small encrypted pieces) and sent to random peers around the world to validate and then propagate your message, this happens at light speed.

Every message be it a group or private with Holochain is encrypted using TLS, this is bank level security bank-level security and it allows two peers to negotiate a shared encryption key without broadcasting it to each other over the wire.

On top of that as I alluded to above Holochain uses random peer validation, encrypted signatures and Gossip for security, and that along with not passing through any data centers and your send data is sharded ensures your messages are private and at the very least are miles ahead of both Signal and Telegram when it comes to privacy and security.

The Signal protocol is great for when each participant keeps one private key on their machine for a long time but the longer those keys exist, the greater the chance there is of malware (or something else) leaking those keys.

The encryption intention with Signal is designed so that it makes a leaked key unimportant — because it keeps rotating keys. So even if the ‘root’ key is leaked, it’s no big deal some claim but if it is leaked then you have a security issue. There were major security leaks reported about Signal recently where it was reported that an attacker could call the victim and initiate an “auto-answer” without the user accepting the call. .

I won’t bother to go into Telegrams encryption as a comparison as Signal has better encryption therefore it should be the only one compared with.

The important take-away is that people are always trying to exploit and attack any of these encryption services available to the public, and removing a central attack vector like a centralized cloud hosting company is a step in the right direction for mitigating that particular risk of exploitation.

To read more about how Holochain manages data integrity visit: https://holo.host/faq/how-does-holochain-manage-consensus-data-integrity/

A Secure Messenger on Holochain

In this section I will cover how a new secure messaging on application on Holochain might look, the features it can have that no others can provide, the differing levels of security and hosting costs and the benefit to the end users.

Account:

Both Telegram and Signal use telephone numbers for accounts. I would say that the creator may even consider the option of signing up to Hologram to not require a phone number but also allow an email signup as well, requiring a phone number removes the presumption of privacy.

And as I covered above a phone number in this digital age is basically worthless as being a means to ensure there is no abuse of multiple accounts created.

One of the advantages of Holo hosting (You don’t need to be a host to use any services on Holo hosting, can just be a web sign up) is that it can also provide you with your own identity management. I won’t go into depth about it here but the premise is your identity is held by you and you alone and lives on your device(s) and not on servers.

Holochain enables GDPR requirements to be met and exceeded. Companies might use Holochain as a gateway into other applications, ensuring users are in control of their identities and personal information for connecting.

As I mentioned earlier requiring different levels of identity verification could be a service included in the application where the application provider can offer differing levels of authentication of the person and have this attached to their profiles publicly and allow group creators to choose the level of authenticity they require.

This also falls into the monetization of the application for the creator.

Groups:

As I mentioned above Signal has to manage its group sizes to less than 1000 for security reasons. Telegram allows up to 200 thousand which is also possible on Holochain or even more, it is up to the application creator, the security remains high no matter how many are in the groups.

Paul d’Aoust from Holochain advised me that the likely reason that Signal puts a cap on the size of their groups is because E2EE communication gets linearly more expensive as the group size grows. You have to maintain a set of rotating keys with every other person in the group.

So the question remains then would a secure-as-Signal messaging app on Holochain inherit that same inefficiency?

I am not a developer but my understanding is that it would if it tried to use the Signal protocol for encryption but because Holochain applications are by default encrypted with 3 layers , Peer validation, Gossip and cryptographic signatures, this along with the TLS security I believe would mitigate any vulnerabilities.

That said I am not a developer but I do know that unlike traditional applications a Holochain application that is under attack the DNA of the applications code in the DHT will reject any malicious or altered data and then gossip the attacking node out of the DHT and cause them to fork their own (incorrect) version of the truth.

So the natural security applied to all Holochain applications is miles ahead of its competition from the get-go.

Interestingly I also asked some of the Holochain developers if they could employ the Signal Protocol to a Holochain application and they said it would likely be possible to add it to Holochain’s DNA for all apps, therefore adding another entire layer of security.

At the time of writing I am unsure if this will ever take place or if it would even be necessary.

Data Limits:

The creator of a Hologram messenger would just need to add this into the application design the limit is up to the creator, Holochain has endless scaling, similar to that of a Torrent, meaning the busier the site becomes the faster it becomes.

As for storage the same applies.

And although Holochain can scale infinitely using the advantages of a torrent style peer system it also means that it is able to scale higher when more people want to access the same data.

For example a cryptocurrency built on Holochain would see that every host is serving information about that currency and its transactions in perpetuity meaning that it will be ultra fast because everyone is either uploading or downloading information pertaining to the history and validation of any transactions for that particular application which is that digital currency.

But with messaging it is different because not is that everyone wants the same piece of data at the same time and what you’re looking at is that people are always producing new data but as the network grows each participant carries less of the burden. So the efficiency gains you get aren’t the same as would be with a currency application or other Holochain application where the data being created and disseminated is exclusively what all of the hApp holders are focused on, like a companies supply chain or retail application where every evolution is sped up by the number of them in active use.

Therefore with a Holochain application each user will have a roughly constant experience of performance because worldwide performance scales linearly with the number of users.

What this means for a an individual user of Hologram if it suddenly exploded in popularity and went viral with millions of concurrent downloads and users is that the application feels no better or worse than it did before this happens because of Holochains ability to scale, which is the opposite of what would happen to a Blockchain or Data center/cloud hosting application it would struggle and curl up in the fetal position until more resources were added to aid it.

Note that this applies only to a messenger type scenario where the hosts are regularly serving different and new data from multiple agents each adding their own workload like chat and files etc, a more simple version say for example Twitter where its mostly just messages and short videos the opposite would happen, the more users there were that the faster it would become because everyone is only serving a certain type of new data.

And while we are speaking about data its important to remind everyone again that with every Holochain application you own your data, the end users keep a copy of their data (if they wish to) on their devices and at anytime can revoke access to an application and also demand to be “forgotten”.

Having the right to be forgotten is one feature of Holochain that is not really spoken of enough, how many times have you heard about a data breach that happened to a website you used to use 5 years ago? Your data remains on its servers forever and is harvested, analyzed and sold or stolen if it can be used to sell something to you or exploit you.

For example, if Telegram messenger was sold, all of your information is sold along with it, and you don’t have a back up copy.

You don’t even know where your data lives with Telegram, its servers and locations are secret. For all anyone knows it has been sold to a Russian or Israeli or US intelligence agency, or access to it has been sold.

We are not all criminals or have major secrets to hide but that is beside point, you have the right to own and control your data.

You control what comes out of your mouth when and where, but what comes out of your fingers is shared everywhere.

Same with Twitter, you don’t own your tweets, Twitter does, they live on their servers, but with Holochain your data lives on your device and you decide who has access to it.

Bots:

Same for bots, stickers, gifs and Polls, all of these features that Telegram has will work fine in Hologram they just be an agent controlled service rather than a UI.

Self Destructing Messages:

Possible with Holochain, either through using a specific command to send another command to override a sent message once validated on the DHT if the rules in that message were for it to self destruct, or it would be that both parties would run a scheduled task to delete their copy of the data from their own stores and purge from the DHT.

These are the tradeoffs I mentioned above that separate & functionality for both Signal & Telegram, Holochain mitigates them all & allows for all functions by its design

Features Only Available to Holochain Based Applications

As well as being to incorporate all of the current features of both Telegram and Signal by using Holochain as the framework for the application creation it allows for features not available on any other platform.

Offline Usage:

Holochain can work offline, you can send and receive messages while offline, then when you are back online again they will be auto sent, or if you pass by someone who is online and also has their Bluetooth on their copy of the application may receive your messages via Bluetooth and gossip them, it would all depend on the creators design of the application and the users phone settings.

Mesh Networking:

Holochain is unique in that it can incorporate mesh networking as part of its DNA as described by co-founder Eric Harris-Braun. This means it can still operate via HF or VHF radio, Cellular signal, Bluetooth or any other means of communication that allows messages to be sent.

Holochain can also work also via its own Wifi networks for applications where app have WiFi running without the need for ANY internet.

So if you are in an oppressed country or have a movement where the government shuts down your internet, you can still organize and work offline through mesh net working. Holochain is Https agnostic.

An analogy for this use could be a shopping mall. Most large malls these days provide free wifi (usually unsecured) to customers. So if you are in a public place like a shopping mall you may have the chat application downloaded and running and you would then receive notifications from other users within the mall, without having to know them personally.

The DHT knows they are running an authentic copy of the application and your device will gossip with other devices, the same if you are sitting at a set of traffic lights next to another vehicle or even driving nearby to them the nodes connect to each other via the DHT and information is sent and received and gossiped, now extrapolate this by having many hundreds or thousands of people in your town or city having the same application and it is very easy to picture a functioning chat or any other Holochain application able to function entirely offline.

This is the beauty of peer validation and gossip, not every holder of the application needs to verify an evolution, only certain numbers depending on the creators desired security levels.

Holochain is customizable this way where you can make it “loose” for simple exchanging of text messages to a Fort Knox mode of validation rules within the application.

It really is an amazing innovation.

With both Telegram and Signal your data passes through one of these giant data centers, with Holo hosting it is 100 percent peer to peer serverless

Hosting Of Hologram

To host a hybrid version of Telegram and Signal our fictitious application Hologram will be hosted on Holo hosting. As I said earlier if you want to learn what that is please visit their website or read some of my other explainer articles.

(Just getting back to my example above using Wifi, it would not NEED to be hosted by Holo hosting, but if the application wanted to also point to the Internet with Browser access it would need Holo hosting, this also would not remove the mesh networking capabilities but would likely require a higher level of validation amongst peers)

Basically Holo hosting is peer to peer hosting without using web servers or data centers. Hosts can host from devices called HoloPorts or download the software Holo OS and host from their device.

So this means across the globe thousands of people hosting small, encrypted data sharded into little pieces that is all joined up to form a message you just sent or are about to receive.

The best way to look at it is that Holo hosting is the Airbnb or Uber of Web Hosting.

Just like the Taxis were disrupted by Uber and the Hotels by Airbnb, Holo hosting will disrupt Amazon AWS and Google hosting services by giving the power to the people to host each other and be paid for it in micropayments en masse.

So if I am a Holo host, my Holoport may be hosting 5 other applications at the same time, I cannot see what is inside it, cannot get to the data and even if I could it is small garbled encrypted pieces of jumbled code that makes no sense even if it were able to be decrypted.

A sufficiently curious and technically adept host may find a way to access the data on their HoloPort, but the data is both sharded and encrypted at rest.

Important to note again that, as an end user of Hologram application the person does not need to be a Holo host or even be aware that it is hosted entirely peer to peer without data centers, although likely this would be used in marketing as a feature.

Mock up of a Holo Hosts dashboard

Other Features

Monetization:

This would be the decision of the creators. And there are many ways to monetize such a venture. As you know both Signal and Telegram are free of charge for now, with Telegram planning on monetizing again after a failed previous attempt.

Pavel Durov said the messaging app will introduce advertising next year and said that the ad platform will be “one that is user-friendly, respects privacy and allows us to cover the costs of server and traffic.”

I have written an entire white paper on this and the conceptual means of monetizing this application.

Advertising:

Again this is something for the creators to decide in their business model.

Censorship:

Holochain applications are hosted through Holo hosting and will be able to be downloaded from the Holo app store or “hApp store” as it will be known with the H being for Holochain.

Any applications hosted by Holo hosting will require the application publisher to go through some varying levels of KYC/AML.

Applications that are built on Holochain but hosted privately or externally have nothing to do with Holo hosting and can be built and hosted alone as Holochain itself is open source.

This would be one way of fighting censorship but it all comes down to what the application publisher deems to be censorship and what their terms and conditions are for users of the application.

This article from Holo explains that Holo hosting it is not going to be a place to harbor criminals.

But there is also nothing stopping a criminal from using the open source Holochain software and running their own application for criminal activities, the same as most people use cash for the right reasons there are some who use it illegally and that's why we have law enforcement agencies.

Illicit Content:

The same applies as per above for the application publisher and their own terms and conditions for the application.

Alternate Revenue:

Telegram has said it wants to raise revenue to cover some of its hosting costs, as shown these are around 2 Million per month or 24 Million per year.

An option for a hybrid Signal/Telegram built on Holochain using Holo hosting would be that the publisher has the option to pass on some of the costs to hosts themselves. For example if I use Hologram application daily and I am a Holo host I may offer to host for free between the hours of 10pm and 6am my local time.

If this kind of thing is done by thousands or hundreds of thousands of people the cost of running this hybrid would be minimal. You could even offer a some kind of in-application reward for certified regular hosts.

Holochain also has the ability to have any type of currency or payment system developed on it, you could create your own currency or also include the in the application a currency for sending and receiving at a global scale, there is no cost to send or a receive a currency built on Holochain as it is not Blockchain does not have the archaic mechanisms and liabilities that blockchain has.

All Holochain applications can easily bridge to HoloFuel so if it were me building this application I would include HoloFuel into the application and use this as a comment tipping feature, a means of payment, a way to help finance particular communities that have groups where the group creator can accept HoloFuel donations or contributions.

By doing this it also not only increases the liquidity for HoloFuel but it grows the entire network.

HoloFuel has the ability to be a secondary world currency, if there is a major shift to Holochain based applications and with the high security levels, accountability and a a receipt for every transaction between two parties with little to no volatility it can be used by regular everyday people who do not have that feeling of worry that their money could disappear in a hear-beat if cryptocurrency markets crash. Asset backed currencies provide a safety net and a level of trust that regular cryptocurrencies can simply not provide.

A rough comparison chart I put together showing features and expenditures of current social media messengers

Final Thoughts

Some of you may be aware that the Holochain team is looking at this in its peripheral vision, obviously the focus is on continuing to build out Holochain and have Holo hosting live for Beta.

But down the road from this, I think if the team did push ahead with a project like Hologram, they would be the best ones to do so rather than a third party, because Holo is a software company and knows the technology themselves better than anyone.

They invented it, so they can push it to its limits and extract the most value out of the tech for the end users with a support infrastructure already in place.

I can envision Holo the company growing to Microsoft size with their technology and the ability to disrupt nearly everything on the internet.

Hologram messenger would end up being just one of many new products for people across the globe to own and control their data.

I was at the point of writing a whitepaper of this so I could better display to myself the advantages of it, the problems it solves and the risks versus rewards.

I think if anyone wanted to run an ICO or seek investment for such a business model it would gain a lot of traction, the world loves to communicate with safety and privacy and 500 million Telegram *users alone prove that.

If Telegram with all of its faults and mystery surrounding its servers can value itself at $2 Billion + then I have no doubt that if this concept becomes a reality it will easily take away a large chunk of Telegram users, knowing your data isn’t sitting on secret Russian servers would be incentive enough for many to make the switch instantly.

Thanks for reading and if you want to contact me about this please send me a message on Twitter, or if you would like to speak directly to the team at Holo you can contact them here.

I am happy to provide the whitepaper when it is finished to any interested entities.

I am very excited about what this technology holds for the future, server-less peer to peer applications will empower thousands of people across the globe and provide them with cheaper options more security and a way of earning a small passive income through hosting.

Adios Amigos

I love IOT, innovations and cloud related technology.