Building the next-gen privacy-centric chat platform

This project is no longer in development.

For a while now, I've been trying to find a secure and private replacement to Discord. Ever since Discord's conception in 2015, it's been gaining popularity increasingly quickly among gamers, programmers and even just normal everyday people. What makes Discord so unique and compelling is its new approach to chatting. Emotes, stickers, GIFs, statuses, bios, servers and roles are just a few of the concepts Discord has introduced to people all around the world. They've done a fantastic job of creating a fun and extremely featured chat platform for all sorts of communities, whether they're for small friend groups, clubs, study groups or large communities with a common interest. However, with this fame and growing user-base comes some concerns revolving around privacy.

The Problem

On Discord, messages are stored unencrypted. This means that abusive Discord staff and law enforcement are able to view any conversation at any time. Same with calls as they're only encrypted in-transit, not end-to-end. Discord could log the data passing through their VoIP servers to reconstruct call recordings.

Unencrypted message storage and call transmission can have all sorts of negative repercussions, including for ordinary people. For example, the recently overturned Roe v Wade case would mean that the US government could subpeona Discord for messages mentioning having abortions in a state where it's illegal in order to prosecute them.

IP addresses and device information are also stored indefinitely and unencrypted, which can be dangerous for activists, journalists and other high-profile individuals who wish to remain anonymous. In countries, like China and Russia, where freedom of speech is pretty much non-existent, their governments could threaten Discord to hand over or scan messages from citizens criticizing the government using a few IP addresses.

For employees, all it takes is a database credential, and for law enforcement, an email, or a valid subpoena.

Some users justify this data collection as a necessity to develop all of these social networking features, but I'm here to prove them wrong.

My Solution

Meet Conversely - Truly private spaces. It's a secure, familiar, easy to use and functional chat platform. Imagine a platform with all the features you know and love, like communities, channels, direct messages, stickers, and more, but with security and privacy you can rely on.

I've decided to take on the challenge of creating a Discord-like chat platform that puts user security and privacy first. This means that users on Discord can easily transition and familiarize themselves with a friendly UI and similar feature set and have the peace of mind of having full control over their data.

Conversely is designed for small communities, like friend groups and study groups, that want multiple channel, custom emote and role support, and private one-on-one conversations.

Security

Security is one of the core pillars of Conversely's design. That's why Conversely end-to-end encrypts as much information as possible, while keeping the experience fluid and intuitive.

Conversely's hybrid encryption scheme uses a combination of both asymmetric and symmetric cryptography. 4096-bit RSA-OAEP and RSA-PSS are used for key exchange and rotation, while 256-bit AES-GCM is used for encryption of messages, community metadata, and more.

Something that sets Conversely apart from similar platforms, like Rocket Chat, is that even community names, descriptions, categories and channels are end-to-end encrypted for only the community members. Securing metadata is an important step to implementing top-notch security, especially in high-risk scenarios. An ex-NSA chief said, "We Kill People Based on Metadata".

In addition to encrypting user-generated data, Conversely zero-knowledge encrypts session connection data, like IP addresses and user-agents, with users' public keys. This data is immediately discarded server-side after encrypted storage. This allows users to keep an eye on their active logins, while preserving privacy to the highest extent.

Privacy

One of the main reasons I decided to create Conversely was for private communication. For this reason, pretty much everything even remotely sensitive is end-to-end encrypted. There is absolutely no way I can read messages going through the service.

Of course, user data will never be sold, and even if I wanted to, what am I going to do? Crack the world's toughest encryption algorithms?

Business Model

Conversely will have a freemium business model, meaning the core experience will be free, while extra quality of life features will be locked behind a paywall. This paywall is currently planned to be $3.99 a month or $39.99 a year – cheaper than the competition!

Environmental Sustainability

I love the environment, and that's why I try to incorporate ways to prevent damaging the environment in all of my projects. All server infrastructure will be powered by 100% renewable energy sources, like hydroelectricity and wind electricity. As well, 1% of all Premium subscriptions will go toward Stripe Climate, a carbon removal initiative started by my payment processor.

Launch

Conversely is currently in active development with a small group of beta testers. It will be available to the public as a public beta later this year.

Conclusion

Chat platforms, like Discord, are gaining a lot of popularity, but they're not really taking privacy as seriously as they should. Messages are stored unencrypted and calls are transmitted without end-to-end encryption, meaning employees and law enforcement could access conversations happening on their platforms. My solution is Conversely, a Discord-like chat platform with powerful features we know and love, but with security and privacy we can rely on. Public beta will be launching later this year.

Stay up to date with the latest news regarding Conversely by subscribing to my RSS feed and following Conversely on Twitter.