how to promote the messenger?
In my personal opinion, move on. This protocol is not gonna get any traction.
Despite all the widely known information about Google/Facebook/NSA/FSB/FiveEyes/whatever spying on people indiscriminately, only a small number of people actually try and do something. The rest just do not care enough.
Take a look at somewhat similar attempt to build Level - in the end the demand for something better was simply not there.
There is no business opportunity here (this forum is dedicated to making money with software, eh).
There is even no chance for a wide adoption for OSS - for similar reasons: nobody except some geeks cares. We had Jabber which had a large traction, and even Google Talk is based on Jabber - but at the end the end users did not care about the protocol, but cared about features and convenience, and so today the messengers are almost all use proprietary protocols. This is just better for business - you can implement features fast without thinking about not breaking the protocol compatibility.
Users communicate without servers. No server is able to sniff contact book, by tracking sender and receiver IDs
I’m not working for government, but AFAIK today generally the traffic is read not by MITM, but by injecting a sniffer right into the user device. Google/Apple cooperate with the authorities when served a legitimate subpoena, and Google/Apple are able to inject anything into your device with any update - and you’d continue using your “secure” messenger, not aware that every your keypress is logged.
Not even mentioning a number of zero-day ways into devices that were known to NSA long before the general public. It is reasonable to assume they know some more still.
There is no link between user ID and phone number / email
Only important for throw-away phones, i.e. for a clear criminal use. For regular users the link can be established very fast and will stay stable.
So:
- The feature that looks good on paper doesn’t actually work for law-abiding citizens
- The protocol apparently contains a feature aimed at supporting terrorists
The protocol and implementation is done by a single developer with no rush and with high quality.
Well, this is just alarming. What happens if you get hit by a bus? What about the old rule “one pair of eyes is good, but two is better”?
User’s personal data (private keys and contact book) is stored only at his own device
And what happens if I lose my device? Do I also lose all my contacts, chat history and the established trusts? Nah, I’m not ready to pay with this for a security (which I still do not get - governments are resourceful).
The “INVITE” requests do not contain any information about the users
You probably have some workaround, but - if I get an INVITE from someone, how do I know who are they? How do I verify that is actually them and not colonel Petroff or agent Smith?
