Five Years Down: The State of Mensago

Friday, April 19 2024 marks five years of searching, thinking, designing, struggling, and coding to make the Internet a safer place. Mensago is no longer crazy ambitious–it’s just ambitious and getting closer and closer to day-to-day use with every passing day. Forward progress has always been electrifying for me, but even more so right now.

First Quarter Feats

At the beginning of the year, I took a side quest to rewrite mensagod, the Mensago server software, in my favorite language, Kotlin. It’s no secret that developers love to rewrite projects, and I’m not gonna lie, it was a lot of fun, but it had a much more important goal: increase reliability and reduce overhead. By using the same programming language for both the server and the desktop software, a lot of code is now shared between the two. This dramatically reduces the amount of maintenance I have to do, and the different environments make me strive even harder for high-quality code. Go, the programming language previously used for the server, is more verbose and has very awkward handling constructs for error states. mensagod has a lot more and better error handling code and the software tests that go with it have set a baseline for expected behavior and code quality.

With the server rewrite out of the way, progress on Mensago Connect continues. The last few weeks saw both projects syncing up their common code. This shared code will eventually become separate libraries, but as I found out the hard way, publishing the JAR archives used for libraries is no small feat. While the rewrite was in progress, the code between the two projects drifted out of sync, and the Mensago specification was updated here and there, so getting things back in a state of working order. Just today I resolved the last outstanding failure in Connect’s software tests. Multifactor authentication is built into the platform, although it’s kept on the down-low because I’m still not convinced that MFA doesn’t stand for Majorly Frustrating Annoyance. 😏 The device sync system on Connect’s side of the relationship is getting some much-needed attention now.

New Takes on Mature Tech

So much of this project has been about building the invisible infrastructure and rethinking long-used technologies that are taken for granted. Mensago’s keycards are just digital certificates that are signed by a third party, but I figure that it’s more likely that you’re going to have some kind of relationship with the people who maintain the server your account is on than some random company halfway across the world whose only business is to sell signatures. Mensago is a platform built around relationships. At the same time, the software doesn’t trust third parties for more than it has to. Keycards are carefully signed and verified by both the server and your computer so that neither side can pull any funny business if compromised.

Not only are keycards a different kind of digital certificate, how they’re distributed is a new take on existing tech. Most people associated blockchain with cryptocurrency. Regardless of your opinion on whether or not cryptocurrency is snake oil tech or a high-risk investment opportunity, the energy usage of the computers involved in it is not very environmentally-friendly. The blockchain constructs used to store and distribute keycards don’t require a lot of unnecessary computation to prove anything, ensure the integrity of a server’s keycard database, and provide a measure of privacy on top of it all.

One major problem with encrypted communications is key exchange–if you want someone to send you an encoded message, how do you give them the encryption key? Doing it securely and safely isn’t as easy as it might sound. Mensago solves this problem handily: keycards have just enough information to locate your account — assuming you’re not using an anonymous account, of course — that someone can send you a Contact Request, a concept that anyone who has used Facebook is familiar with. Contact Requests let you exchange keys unique to your relationship safely and securely. Rekindling a relationship with an old friend suddenly takes on a new light when you’re not subject to surveillance capitalism.

Lastly, these innovations on existing ways of working lead into unheard-of advantages. Contact Requests enable a new model of communication: the opt-in model. Junk postal mail, junk texts, and spam are all symptoms of opt-out communications. What are you to do if you can’t set and enforce boundaries in your life? Mensago means no more spam. Mensago means phishing is a lot harder for bad actors. Mensago also means being able to drop junk subscriptions with little effort. Take back a measure of control over your digital life and get a bit of peace of mind in the process.

Innovation on the Horizon

As if this all weren’t enough, great things are still to come. Like what? A new rich text format similar to HTML that has none of the sharp edges that can be leveraged to hack you. Assistance to help you know if it’s OK to click on a link in a message. Assistance with understanding the threat level of an attachment. For those websites that can’t be bothered to use an actually-secure second factor instead of e-mail or a text, Mensago will enable a free actually-secure second factor to authenticate logins with. For those people who own a business, mailing lists with zero deliverability problems. How about a social media network built on top of Mensago’s secure protocols? Like Facebook without the surveillance or incessant ads. Yeah. I have no shortage of ambition, but these are real things that are mere extensions of the scaffolding being built right now. It’s an exciting time for Mensago. Want to come along?