Akseli on Nostr: I wrote down some things about a chat protocol I would find ideal these days. I don't ...

I wrote down some things about a chat protocol I would find ideal these days.
I don't want security over usability, I want safety and usability over security.

It's not a spec. It's nothing but list of ideas and thoughts. It's nothing concrete. But this is something I would like to see.#



Super Simple Chat protocolA chat protocol where safety is first and security second. UX is the major driver.
Bullet points with (?) are things I'm unsure about.<li>Federated chats, so one server going down isn't dropping all of them<ul><li>Room is hosted per server though, so if server goes down, so does the room</li><li>Rooms can be given backup rooms, so conversation will move to other room in another trusted server in the meanwhile if needed</li></ul></li><li>Direct messages that could be encrypted with PGP or similar<ul><li>User login password is also their PGP password<ul><li>Insecure I guess but also good UX</li></ul></li><li>User can opt in to use different password for the PGP</li><li>The key is saved on users account but since it has a password that server doesnt know about, it should be secure-ish (?)</li></ul></li><li>Effortless group chats<ul><li>One room</li><li>Multiple channels in room</li></ul></li><li>Markdown messages</li><li>Custom emote support</li><li>Custom sticker support</li><li>Avatars</li><li>Profile text</li><li>Nickname and nick colors</li><li>No threads inside chats (?)<ul><li>They fracture chats even further and make things hard to follow</li><li>Just make a new room</li></ul></li><li>File sharing (upload to server, it makes a link that anyone can open)<ul><li>The file is never uploaded to anyone elses server except the users</li></ul></li><li>Safety over security<ul><li>Messages can be deleted, destroyed</li><li>Federation can be either blocklist <em>or</em> allowlist</li><li>Anti-spam tools<ul><li>Auto-ban and account deletion if certain words are used for example</li></ul></li><li>E2EE is not as important as the safety of users<ul><li>One can argue that E2EE is safety but it's so much more than that</li></ul></li><li>Images/files will not be cached by the servers receiving them (?)<ul><li>The responsibility of owning an image is on the server sending it</li></ul></li><li>Servers with open registration can be limited/blocked<ul><li>For example user can set "block anyone on open-register server from DM'ing me"</li></ul></li><li>Open registration is in general highly discouraged<ul><li>Defaults are to encourage vetting your users</li></ul></li><li>Roles for all kinds of operational actions, that affect whole room<ul><li>Per channel overrides (like announcement channel can have different rules than the room rules)</li></ul></li></ul></li><li>UX is the key<ul><li>Client more important than server</li><li>Have basic client implementation that allows all the necessary things</li><li>Allow custom clients</li><li>When user uses a client, client must inform the server owning the room about it's capabilities<ul><li>This is to avoid situations where some people use feature 1 and client can't see them</li><li>Instead client will see a "unsupported feature: feature_name" and general information about it</li></ul></li></ul></li><li>Bots are just users with custom clients<ul><li>Bots could be flagged as one and other users will see BOT tag (?)</li><li>Moderation should never need a bot<ul><li>Moderation can however be automated with one (like automated community ban lists)</li></ul></li></ul></li><li>Voice and video chat can be added much later when text part works (?)<ul><li>These could be somekind of media streams that just play</li><li>Client would handle the microphone etc. settings</li><li>Or just use mumble lol, idk if everything needs to be done in same app</li></ul></li><li>Messages could be just JSON data between servers (?)<ul><li>Timestamp</li><li>Room-ID</li><li>User</li><li>Message</li><li>????</li></ul></li>