Basically I am looking for a messaging platform like signal or? but with anonymous signup, perfect forward secrecy, capable of video chat, sending photos the usual uses in today’s life. But with a panic button. So that any party member could use said button to wipe all other members devices of any data instantly inside the messaging app. So if one member gets compromised, or lost their device, stolen device ect, any other member could wipe all chats, call log, and any other data strictly inside the messaging client instantly for everyone involved. Disolving the group like it never existed rendering the data unrecoverable. Amazons Wickr used to have most of these features but it is being discontinued December 2023 and who trusts amazon with their data. Does something like this exist? Sorry if I’m not explaining it well I’ll do my best to clarify and update this post. I am not trying to delete the whole device. Just the data inside the messaging app. If that does not exist. What about a separate app that could delete the entire messaging platform from the device when triggered. Assume all necessary requirements are met and this is for daily use. Between a group of trusted parties.
Updated wording to clarify the objective as replies where getting misunderstood.
If a device is recovered by authorities or stolen by spies, assume you’ll never get a signal to it before the flash storage is dumped, possibly with the decryption key as well. It’s trivial to put a phone into a Faraday cage and cut off all communication.
In theory you could have an app that tries to wipe itself when it detects a complete lack of signal, but then you’re one annoyingly long power outage away from losing all of your messages.
Remote wipe is available for Google and Apple devices and will wipe all data, not just messenger data. The device owner needs to log in and click the wipe button and that’s the best you can hope for.
On Android you could use work profiles to give a group of people remote access to a “work profile” manager which will let you wipe the apps remotely through Google’s API. That will leave some details intact (everything outside the work profile most likely) but it’ll work for any chat app inside such a profile.
I’m not sure of Apple’s MDM features allow for the same capabilities, but it’s worth looking into.
I hate relying on anything big corp for privacy. Thanks for the reply and I’ll keep this in mind. It seems so far matrix chat is the only e2e chat that can remove the conversation from an individuals device once their removed from a room. I will have to do deeper research into matrix to see it it fits my use cases. I’m just not sure how it stacks up against other big name chat platforms as far as security/privacy goes. I’ve heard of it before. Never deep dived into the data.
I would recommend reading up on Matrix if you’re going to use it in some kind of oppressive regime or whatever. E2EE works but compared to alternatives like Signal it sends a LOT of plaintext metadata.
I believe there used to be alternative solutions for dealing with MDM and remote wipes, but I’m not sure if that’s still allowed with modern API protections. Prey used to offer a kill switch, but I don’t think they still do on mobile devices. Perhaps there are others, I’m not very familiar with these apps. They mostly target businesses and business owned devices, but perhaps you could look for something that still offers a data wipe feature.
Its my understanding the metadata is only stored on the home server that runs for the clients, so under a self host scenario the hoster would be the only party that could access such metadata. One big con to Matrix is that it lacks ephemeral messaging so I’m not sure if chat history is stored on client side once the server goes offline? I cannot find an answer through browser search or documentation. Couldn’t the hosted server be restarted anytime and it would essentially delete the metadata generated each cycle and chat history as well because the chat room would be deleted? Or ran inside say persistent Tails and with a device shutdown or unplug all data would be wiped due to its ram only nature while persistence only keeps the base setup of matrix not a full carbon copy so a new chat would be generated each power cycle. Similar to VPN services running on ram. Thoughts anyone?
User account data is stored on the homeserver, yes, but the plaintext metadata that gets transmitted to every other server will allow an attacker to deduce what people are talking to what other people how often in what rooms, and in some cases it’ll also leak metadata like “this message is a reply to thst other message”.
There’s no technical requirement for storing all data on the client device (in theory you could write a slow client that will download messages every time) but in most clients the messages get stored in a local database. E2EE search requires a local database that gets indexed on the client side.
Restarting the server without old rooms will trigger failure states in clients. The rooms may be gone on the server but they will still be known on the client, and how the client deals with that isn’t reliably specified. The UI may or may not hide the rooms, but I have no idea if the underlying database is actually cleared when that happens. You wouldn’t want your entire account to get cleared our when the server admin mistypes the path to a key file during maintenance, so I’m guessing the data is kept for the same amount of time it takes for a server key to get invalidated (days).
There have been prototypes of peer to peer Matrix setups, where every phone runs its own server, but those lack your panic button requirement.
It’s not finished yet, but in terms of forensic protection and privacy perhaps something like Veilid Chat serves your needs better. It’ll work peer to peer over a network with Tor-like security.
On Android you could also try finding apps that work with Ripple which is intended to be a panic button other apps can integrate with (though you’ll have to grab it from F-Droid because it hasn’t been updates for ages). Perhaps you can convince the Veilid devs or Matrix devs to integrate with Ripple? I don’t know how open they would be to your use case, you may need to write the code yourself.