Status.im is a safe instant messaging app for iOS and Android that aims to rival Signal and WhatsApp.
The new open-source messenger includes end-to-end encryption for encrypted communications, a cryptocurrency wallet for ETH and ERC20 token storage, and a Web3 browser that enables access to DApps and anonymous web browsing.
Is it worthwhile to install the open-source messaging and wallet service on your device so you can use it as a messenger and a bitcoin wallet?
The themes of privacy and data security have rapidly gained popularity, and new businesses are continually springing up to try to satisfy customer demand for privacy.
Additionally, as more and more individuals want to invest in cryptocurrencies due to Bitcoin reaching record highs, there is a growing need from these customers for safe wallet integration that they can use on mobile devices.
By offering private browsing, chat, and a location to store alternative currencies all under one roof, Status. im hopes to attract privacy advocates to use its service.
The project that produced Status.im, released in 2020, included developers worldwide. Despite the collaborative character of the project, Status has its formal headquarters in Switzerland, which is regarded as having reasonable privacy protections.
There are iOS and Android versions of the Status app. It offers a Web3 browser, a crypto wallet, and peer-to-peer instant messaging. Waku, a Whisper protocol clone, is used by the app to provide encrypted P2P conversations. The Ethereum P2P protocol has undergone a unique fork that, in the opinion of its creators, makes it less resource-intensive and more appropriate for mobile devices.
Because the Status App is open-source and downloadable from GitHub, independent cryptography specialists may examine its source code. The programme is still in its early stages. Therefore it may include flaws that an audit of this kind has yet to discover.
The good news is that the business has already paid for independent audits on two separate occasions. Before the beta version of Status was released in 2018, the first test was conducted by Déjà vu Security in Seattle. Trail of Bits conducted another audit before the production v1 release. As a result, the organization has made every effort to validate its work.
The good news is that the audits discovered problems that were subsequently fixed. Of course, there might be further flaws, but there is no denying that Status is making significant efforts to open-source everything and collaborate with expert auditors to ensure that everything is as secure as possible,
Status is an app that you can download for free and use right away. In reality, if you install a Status node as a community member, you become a stakeholder. You are eligible to get SNT tokens (an ERC-20 token used to access and power decentralized services in the Status Network and application). That implies that utilizing the service might result in your receiving money.
We further included various use cases for the SNT token in the post. Please remember that some of these features, such as Tribute to Talk and Node Incentivization, are currently under development and are not yet accessible to users. As a result, they are now only a goal on Status' road plan. Despite this, they are highly intriguing qualities that need deeper examination.
The SNT token incentivizes network users to install network nodes that will be functional in the event that the Status-hosted cluster goes down. Users that do this are compensated for keeping encrypted communications on their computers and then passing them to the appropriate recipient when the computer is back online.
Additionally, users have the option to create their stickers and buy or sell them. These stickers provide a different method for creating and exchanging SNT tokens by allowing users to participate in conversations.
- Peer-to-peer communications that limit the possibility of third parties eavesdropping
- Perfect Forward Secrecy by default with end-to-end message encryption (leverages the double ratchet algorithm).
- Delivery of messages might be entirely decentralized, eliminating the need for corporate servers.
- The capacity to communicate with a group of Status users through the private, group, or public channels
- Account identifiers use cryptographic keys to increase privacy and allow pseudonymity.
- The app's capacity to transmit money internationally (avoiding exchange rates and fees and facilitating rapid value liquidity across borders)
- By producing stickers or setting up a node, you may send and earn SNT coins.
- When creating a private account, there is no need to submit a name, email address, phone number, or payment information.
- A network that is independent of data and resistant to censorship.
- A platform that is open-source and available for examination by anybody
- A non-custodial cryptocurrency wallet that enables users to transmit and store any ERC20 tokens (such as ETH, SNT, and DAI), ERC721 tokens, collectibles, and non-fungible tokens securely (NFTs)
The ERC20 status Token itself is one advantage of Status. This allows spam protection by design and rewards users who contribute to the network by serving as nodes.
This raises the possibility that the P2P network will last longer by enabling it to become decentralized and theoretically enabling each user to get paid for their participation.
But for this to happen, the value of Status Token, when converted into another asset (like fiat currency), has to be high enough to justify doing those chores. The token exchange will only provide enough value to sustain the ecosystem if the token's value is high enough.
In the decentralized autonomous organization (DAO), SNT is also utilized for governance. Users may spend SNT to vote on suggestions for the platform's future development.
The only possible drawback customers may have with SNT, and Status is that they must convert some flat or cryptocurrency monies into SNT to get their unique ENS User Name (Instead of using the random one supplied by Status).
Although it's a little compliant, it could irritate some customers who want a personalized name but don't want to go to SNT. The cost of unique ENS is 10 SNT. You have a year to keep the name or cancel the contract to get your money back. You essentially get nothing by utilizing SNT to create a unique identity for Status messenger.
As was already indicated, several SNT (Tribute to Talk and Node Incentivization) use cases still need to be implemented. As a result, they remain on the roadmap, and you will need to keep an eye on the messenger to find out when those features are ultimately made available.
It's straightforward to access Status on an Android or iOS smartphone. Just visit its website, where you may find a link to the software you can download from the Apple or Google Play Store. After installing the programme, a "obtain your keys" popup appears. To achieve this, use the Generate keys button. This takes a little while.
You must choose a chat name for one of the Keys produced for conversations. You can't select this chat name yourself, unfortunately. Instead, you have five options.
As you can see, ours were the following: Guilty Oily Kangaroo, Even Shy Adouri, Square Smoggy Brown butterfly, Orderly Quick Herring, and Floralwhile Quirky Golden-mantled Ground squirrel.
The password you choose next will safeguard your keys and be required to open Status. After that, select your notification preferences and start the app. Since it took a few minutes, setting up Status was undoubtedly simple and quick.
You may start a conversation with other users by sending them the Chat key, a code associated with your pre-defined chat name. This is the public key component of the public-key (asymmetric) cryptography used in the E2EE encryption.
By selecting Profile from the app's bottom navigation menu, followed by your name at the top, you may provide your public key to start a conversation.
Click Sharing link to bring up the share screen. Email, another messenger, social media, cloud storage, or even airdropping may be used to distribute this. Additionally, you may save it locally as a test file to share later.
Your signature phrase is shown when you first open the wallet. You may use this three-word Phrase to check that everything is safe before signing each transaction. Before confirming a transaction, Status prompts you to verify this three-word verification code. If you notice a different combination, cancel the transaction and sign out.
After that, you have access to your Ethereum wallet, which has an Ethereum address that you may share with others to receive ether, SNT, or any other ERC20 tokens. Create more accounts to get money whenever you like.
For a brief period, individuals who have kept their coins in different hardware, software, and paper wallets throughout the years may think that this built-in wallet is some magic. It is undoubtedly simple to see why this rapid accessibility (in conjunction with a secure messenger) is intriguing.
The wallet helps inform you of the overall worth of your holdings in USD and how much ETH and SNT you have saved. To ensure everything functions as it should, we sent a small amount of ETH to the wallet's address. As you can see, there were no errors in the account balance update:
You must allow these permissions to monitor collectibles from inside Status. Remember that your digital memorabilia and other cryptocurrencies will still be stored in the third-party wallet; you can only watch them from the Status wallet.
You may join public forums to start talks and meet new people, keep and transfer cryptocurrency assets with friends, and communicate directly with them. Click on the hashtag that interests you to join one of these conversations and start interacting with the other funny (automatically named) participants.
An open-source initiative called Security Status makes its source code available on GitHub. This implies that anybody may check the platform's security and functionality. However, since Status has not yet undergone an audit by a reputable, impartial third party, ensuring that the platform is 100 percent safe isn't easy.
Nevertheless, the open-source, extremely reliable cryptographic primitives from which the messaging platform is developed are used in their creation. This should imply that, even though Status Messenger is still a relatively young service, its end-to-end encryption may be trusted.
What Is the Real Operation of the Peer-to-Peer Messaging Network?
Status used the Waku protocol, an Ethereum Whisper fork, for transport privacy. Status created the Waku protocol to improve the usability of devices with limited resources, such as cell phones.
The cryptographic primitives used by Status.im Messenger are listed below:
- Elliptic curve Diffie-Hellman key exchange, (secp256k1)
- MAC using HMAC-SHA-256
- Diffie-Hellman key exchange using an elliptic curve (Curve25519)
- AES-256-CTR combined with a key-derived HMAC-SHA-256 and IV encryption
- Using HKDF, the key derivation is performed.
Due to the Double Ratchet technique for Perfect Forward Secrecy, these cryptographic primitives are fundamentally sound, and the E2EE seems to be very durable and future-proof.
While this is great, we cannot fully vouch for the encryption used by Status until we have seen a complete third-party audit of the Waku protocol. Thus, even though Status seems secure based on what we have learned from the whole paper, it is still new and has yet to have a chance to establish its dependability (much like WireGuard when it first came on the scene for VPNs a few years back).
Because Status is built for decentralized Peer-to-Peer connections rather than requiring the client to interact with centralized, corporate servers to deliver messages to the receiver, it stands apart from other communicators like Signal or WhatsApp. Instead, Status may employ a peer-to-peer network of nodes that users have contributed to relay messages to other users (in a securely encrypted state).
However, as long as the general public adopts the project, the need for those company-owned servers will eventually disappear. This implies that consumers may continue to use the service to transmit encrypted P2P communications over the decentralized nodes even if the firm goes out of business.
You will discover that you have a notification in the privacy area of the app after downloading and configuring a Status.im account. This prompt requests that you write down and save a seed phrase of 12 separate words.
This seed phrase offers you a mechanism to reclaim your money if you misplace your phone or need to reinstall the app for whatever reason, and it may be used at any moment to demonstrate that the crypto wallet is indeed yours.
You must write down and keep this seed Phrase safely since you will only see it once. You need to remember to access your wallet cash in the case of an issue.
The Status will ask you to type a few words once you have saved your seed phrase to ensure you understand it. The next thing is to finish this phase.
In addition to the Seed Phrase, you must keep a three-word signing phrase in mind. These three phrases will show every time you transfer money using your Status wallet.
As a user, all you have to do is keep these three words in mind to ensure they are accurate when you make a transaction. This is intended to stop phishing attempts, so always check the signing phrase. If the words seem strange to you (or if there is no signing phrase), immediately log out of Status and notify Status of the security problem.
End-to-end encryption for messages is used by status messengers by default.
A cryptographic key pair is generated when you create a Status account so that your communications may be encrypted. This key pair is kept on your device locally.
To send messages securely over the network, you exchange public keys when you create a messaging contact in Status. As a result, Status employs standard asymmetric encryption techniques typical of this kind of messenger.
Perfect Forward Secrecy (PFS) is part of the asymmetric encryption used by Status for all communications. Providing a system that prohibits anybody from reading communications in the future, even if they compromise the public key, assures that the security of messages is future-proof.
Status uses the X3DH and Double Ratchet Standards created by Open Whisper Systems to achieve PFS (the company that made Signal). However, it expands on those requirements to fit Status' decentralized message exchange mechanism.
The Status.im website's policy is accessible there, not on the messenger or wallet itself.
According to the policy, data such as the user's IP address are automatically gathered when a user accesses a website. The business uses this information for analysis. Users are also warned by Status.im that any information they freely put on the website, including their email address, will be collected.
Among these third parties are, for instance, technical service providers, postal carriers, hosting providers, IT firms, and communications agencies. According to the policy, Status may acquire information about website users from these third parties. Nothing about this is uncommon.
Status Messenger is quite intriguing, prioritizes innovation in its service, and offers many advantages to customers. And it can build an environment for private communications that is unstoppable and free from the possibility of government interference.
A P2P messenger with strong E2EE is an excellent idea, and including an ETH wallet is unique. The SNT token, which will compensate users for serving as network nodes, is unique because it prevents spam and encourages users to choose this messenger over others.
Despite this, it appears reasonable to claim that this service is still in its early stages and that its user base is still relatively small. Therefore, it isn't easy to assess how effective the open-source project could be until more individuals join and the community expands.