New Messaging Layer Security standard improves group chat security and privacy
Our private conversations are increasingly moving online through messaging apps, chat services, and social platforms. From one-on-one communications to communications with small and large groups.
With communication moving online, malicious groups, governments, marketing companies and other third-parties are interested in gaining access to these communications. An emerging technology called the Messaging Layer Security (MLS) protocol may provide an answer by improving the security and privacy of communication and especially group communications.
The Internet Engineering Task Force has released the standard for Messaging Layer Security protocol this week. It claims that MLS "provides unsurpassed security and privacy for users of group communications applications".
The new standard provides end-to-end encryption for group communication, which ensures that communication is private and secure. This prevents the servers, operators, or anyone else from accessing the private contents, even if they intercept the encrypted data packets being transmitted.
MLS supports security standards and properties such as Forward Secrecy or Post-Compromise Security. The standard uses a continuous group key agreement, which basically means that participants agree on a shared key that is the heart of the communication. Groups may consist of just a few members or thousands, MLS has the capabilities of security the environment.
Group members know which other chat members receive the messages and the legitimacy of new members is checked when entering.
Another benefit of MLS is that is application agnostic. Several major organizations have already pledged to implement and deploy MLS, including Google, Cloudflare, Cisco, Mozilla, Meta and The Matrix.org Foundation.
Advantages of MLS:
- True end-to-end encryption for stronger security and privacy
- Forward secrecy ensures messages stay secure even if encryption keys later become compromised
- Asynchronous messaging support allows secure communication even if both parties are not actively online at the same time
- Flexible architecture integrates well with modern messaging systems and protocols
Potential Issues and Challenges:
- Large group chats can strain performance and require more computing resources
- Metadata like message timestamps are not encrypted, only the content
- Requires consistent software/protocol updates as encryption methods advance
- Legal concerns around enabling truly private discussions online
While not a flawless silver bullet, MLS appears to be a major step forward in balancing message security and practicality for real-world communication systems. As long as the implementation challenges can be overcome, MLS could become an essential component of trustworthy online messaging platforms. (via Mozilla)
yea, that why FB, Twitter, Discord, etc allowed chat encryption by 3. party apps all the years ago … oh wait ..
mho if OTR would be properly implemented it wouldnt need another buzzword. Somehow i doubt twitter, facebook, google and co would ever allow users to communicate w/o them companies spying on the content for their ad targeting, ai feeding or worse.
more important is, to make sure that there are no masterkeys or other methods that allow them to decrypt/read the stuff. also doubt Eu, FBi etc would allow that w/o having their feet between the door.