In the modern world, interaction between people and organizations is rapidly moving from offline to online format. Messengers, corporate environments for document management, platforms for virtual conferences – a modern person, on average, uses not even one, but several applications to interact in the network. The combined user base of the leading instant messengers and social media applications has already exceeded the number of inhabitants of the planet. But along with the growth of use, the question of the security of data transmitted through instant messengers is becoming more acute. Reports of hacks, leaks and interceptions of personal data began to appear with depressing regularity.
Most modern instant messengers are not the safest
It's not safe to use WhatsApp
On May 1, 2018, billionaire Jeff Bezos, the richest man in the world with a fortune of almost $ 190 billion (according to Forbes estimates as of July 2020), received a message in one of the most popular instant messengers in the world – WhatsApp. It was a video that Bezos was sent from a number allegedly belonging to the Crown Prince of Saudi Arabia, Mohammad bin Salman. The video file contained malicious code that infected the smartphone and made it possible to download the data stored on the billionaire's phone. It is not known what exactly the hackers could have stolen, but nine months later, Bezos was blackmailed by the National Enquirer tabloid, who threatened to publish private messages and intimate photos received from his phone. How exactly the publication received such private data, it was not possible to find out.
In its marketing, WhatsApp uses the words 'end-to-end encryption' as a magic spell that should automatically make all communications secure by itself. However, this technology alone cannot guarantee you absolute confidentiality, – Pavel Durov, the creator of another popular messenger, Telegram, did not fail to prick a competing service.
If you look closely at WhatsApp's privacy policy, it turns out that the messenger collects and stores huge databases of information about its users, including device information, contacts, location, statuses, metadata, data backups. While some of this data can be prevented from being copied, most users do not, and the application sends the information to the attached Google or iCloud account.
To restore confidentiality to communication, and to people – the opportunity to interact online without fear – this is the mission of the team of creators of the new Omega messenger, which uses the fast and secure Proteus protocol. This protocol is an independent implementation of the Axolotl / Double Ratchet protocols – the successor to Off-The-Record, which has firmly held the palm in the field of secure communications for many years.
Omega is one of the safest instant messengers
Secure end-to-end encryption relies on Axolotl, an independent implementation of the Double Ratchet protocol, a fork of the well-known Off-The-Record (OTR) protocol. These are open source protocols for which there are no mechanisms for third parties to decrypt the correspondence.
Proteus, of which Double Ratchet is a part, is an open source protocol. It is available for study, any specialist can independently view it and make sure that there are no vulnerabilities and bookmarks that allow you to monitor users, – note the Cicada3301 team, which develops the Omega messenger, which uses the implementation of the Double Ratchet protocol as part of the Proteus protocol.
But the creators of Omega decided to go further and equip the messenger with a wide range of available services, make the application really convenient, and also think over functionality for secure business communication with reliable authentication of contacts and transmitted data.
What is Omega IM
Omega IM – encrypted messenger
Omega IM provides end-to-end encryption where messages are encrypted on the sender's device and decrypted on the recipient's device. To provide end-to-end encryption, an open source implementation of the Proteus protocol is used, including the methods provided by the libsodium library. No one, including the personnel of telecom operators, attackers and even employees of the Omega Group, has the ability to view the transmitted messages or modify them in any way. The Diffie-Hellman method, in conjunction with the concept of pre-shared keys, provides a secure exchange of encryption keys during the conversation establishment phase. Communication with the platform servers is carried out over SSL using TLS version 1.3 encryption.
All information on Omega's servers, including user IDs, is encrypted into real-time synchronized object storages located in geographically remote data centers in different jurisdictions. Data is stored separately from encryption keys. Thus, the risk of access to data by third parties is leveled, even with physical access to the servers.
Unlike other popular instant messengers, Omega does not store the history of correspondence, does not reveal metadata such as the user's IP address, does not require linking to a social media account and access to the address book. Omega IM will provide users with the ability to create completely anonymous accounts. This approach makes it impossible for unwanted user identification, because only an impersonal subscriber identifier is stored on the servers.
Why this is important is clearly seen from the story with Telegram, which questioned the level of security systems of the messenger with a multi-million user audience. At the beginning of summer 2020, a database of millions of Telegram users with unique identifiers and phone numbers appeared on the network. Fraudsters managed to create such a database thanks to the built-in function of importing contacts during user registration in the messenger. Omega IM has no such risks. Blocking users is also impossible in Omega – neither at the request of third-party organizations, nor at the request of the developers themselves. The messenger software does not allow such a possibility in principle.
The functionality of Omega IM includes both familiar services, such as voice and video messaging, group chats and conference calls, voice and video calls, large file exchange, and some services not available in other messengers. One of them is automatically deleted messages, which is convenient if the user does not want to 'litter' the correspondence with unnecessary or too confidential data. For example, you can send an urgent meeting message to a group chat by setting a time to delete the message. Another interesting detail is the ability to create freehand drawings right in the chat window. This function is convenient if the user urgently needs to sketch a diagram, but there is no time to use third-party services. Finally, the most interesting and non-standard function of the messenger can be called filters for voice messages, which allow you to change the voice or apply additional effects such as echo, large room effect, crowded place effect, and the like. The presence of such a built-in function will allow you to bring communication in the messenger to an even more confidential level.
Omega has tons of features that other messengers don't have.
The developers also thought about the ability to share screen content (although this function is only available in the desktop version), integration with YouTube and SoundCloud services and built-in protection of access to the application with a system password, fingerprint or Face ID (in the version for iOS.
Omega for business
Omega can also be used for corporate use
Special attention should be paid to the messenger functions provided for corporate users. The application allows you to conduct business documents between subagents using a digital signature, which simplifies the process of concluding contractual agreements.
Naturally, the next question from corporate clients concerns verification: how is the identification of the interlocutor ensured, where is the guarantee that his account has not been hacked and messages were sent or received by them? To do this, Omega IM provides a voluntary verification option. Each user who has passed voluntary verification receives a sign that is visible to all interlocutors, confirming his status. There are also restrictions regarding editing and deleting messages sent by verified users, which allows not only to reliably identify the sender of messages, but also to preserve the integrity, and hence the context of the dialogues. The verification procedure does not take much time and takes place automatically. OMEGA IM's identity verification process is provided by a partner company operating in 150 countries and providing services to clients such as Mail.RU Group, Uber, BlaBlaCar, PhillipBank and Exmo.
In addition, Omega IM also offers corporate clients to use the built-in payment system based on the use of ERC-20 tokens. Such calculations can be carried out directly in the chat, where the workflow is being conducted. It also helps to save time, reduce transaction costs and conduct financial interactions with subagents in a confidential and reliable format.
Calculations can be carried out both in the messenger's own payment unit (OMEG token) and in other tokens of the ERC-20 standard. The messenger does not imply any restrictions in choosing a means of payment. But for users of the OMEG token, an additional function is provided – conversion to fiat and back through the digital bank DixiBank, with which the Omega team has entered into a partnership agreement. There are a number of other bonuses: for active participation in the development of the project, users are rewarded in OMEG tokens.
Which messenger to choose
It would be unfair not to mention the possible shortcomings of the project to create a messenger with an increased degree of confidentiality. First, the project is still in development. Apps have already been created for Android and iOS, but not all of the features mentioned in the review can be fully used. Secondly, the main wealth of any messenger is its users. So far, the Omega IM user base cannot compete with the large and already widespread messengers.
At the same time, the operator of the project – Omega Group Ltd – promises to bring the development to the end, for which it concluded long-term contracts with the leading developers of the project. The average term of an employment contract is 10 years. The company also provided for a program to attract users: until September 2020, a crowdfunding campaign is underway, within which OMEG tokens are sold. Users who purchase more than 100 OMEGs during the campaign will receive bonuses equal to 1% of their balance in tokens.
Thus, it is too early to talk about the success of Omega, but the technical characteristics of the messenger and the project team's commitment to the principles of openness and transparency in terms of publishing the program code speak of arousing interest. Especially now, when the space for confidential and private interaction online is rapidly shrinking.