In the light of Edward Snowden’s revelations last year, interest in truly secure ways of communicating online has been on the rise. OneOne is a new app for Android and iOS that offers “private and untraceable” text messaging.
Photographer and entrepreneur Kevin Abosch is the man behind OneOne. It follows on from his Lenka monochrome photography app, and (more relevantly) his KwikDesk anonymous semi-public messaging platform.
Here’s how it works. Once you’ve installed the app, there’s no logging-in or account creation to be done – you immediately have seven ‘channels’ available. Each of these can be taken up with a conversation with another user. You tap a channel, give it a name and then send an invite via email or by pasting a direct link wherever you want to invite someone from. They then use the link to open your channel in their app and away you go.
Messages are automatically deleted after 24 hours, but either side of a conversation can remove a channel from their device at any time. Doing so deletes all their messages from the other person’s device.
I discovered this the hard way after I asked Abosch some questions about the app in a OneOne channel, thinking I had 24 hours to do something with his answers. However, he deleted the channel a little later and his answers were removed from the device. “When we say deleted, it’s really gone. Not like many other apps.” Abosch says.
OneOne is limited to text at the moment, but images and document transfers are planned for the future.
Are messages really untraceable?
OneOne isn’t without competition, with Telegram being probably the most high-profile rival. However, OneOne’s lack of user logins is an advantage for those wanting an extra level of untracability.
It’s bold of Abosch to declare that messages are ‘untraceable’, but it’s clear that OneOne has been designed from the ground up with this in mind. It operates in a similar way to PGP encryption, albeit potentially more secure.
“OneOne encrypts and decrypts messages directly on your device using secret keys that never leave your device. It’s impossible for anyone, including OneOne servers, to decrypt the message’s content (as they do not have access to the secret keys on your device),” says Absoch. The lack of any kind of user account adds to security, and it’s claimed that OneOne doesn’t send, capture, or store any identifiable device information.
So, it’s similar to the way the PGP email protocol works? “There are similarities to PGP but the Kwikdesk platform only allows two participants per secure channel providing an extra measure of security,” says Abosch. “Also, OneOne doesn’t rely on user authentication in any way, providing yet more privacy. With PGP, the public key would be associated with a user’s email address or phone-number. Each OneOne channel generates its own set of public and private keys.”
Privacy First Products
Of course, all this security on OneOne’s side doesn’t necessarily make it completely ‘unhackable’ but it’s the ‘traceability’ that Abosch feels has been solved with his app.
“As a matter of principle I would never say something isn’t hackable, but the point of the app is about not being able to trace a message back to a device. At the end of the day, in a court of law, this is what matters, traceability.”
OneOne is an example of what Abosch calls a PFP (Privacy First Product). You can read more about this concept in a Medium post that he wrote on the subject, but essentially it boils down to designing products without any form of user identification, tracking or analytics.
Given that so many free apps base their business model around user data, how does Abosch propose to monetize OneOne? “OneOne is built upon the Kwikdesk platform. The Kwikdesk Partner API is available for developers to build their own products upon the same back-end that powers OneOne. After reaching a certain threshold, software developers pay for this service.
“We are also in negotiations for both OEM and white-label versions of OneOne with mobile providers across the globe,” Abosch adds.
Abosch expects top-ranking CEOs and lawyers to find OneOne particularly useful, but anyone who wants a private conversation will find value here. “Anonymity and ephemerality are cute, and we have that too, but the reason lawyers like to discuss sensitive issues with clients on OneOne is the untracaebility.”
Finally, any service that promises security relies largely on the word of the developer that it’s as secure as claimed. Abosch supports my suggestion from last year that a low-cost security audit aimed at startups is something that’s required if users can ever really trust the apps they use.
“Kwikdesk wants to be the trusted platform that powers privacy,” he says. “OneOne is an example of what type of product we can power.”