Germ DM is now on Messaging Layer Security!
We’re thrilled to announce the release of Germ DM 2.1, featuring Messaging Layer Security (MLS). Germ empowers people to form effortless digital connections without oversharing, now with best-in-class end-to-end encryption.
MLS is a new internet standard for end-to-end encrypting (E2EE) messages, published just last year by the IETF, to support broadened global access to secure conversations. All conversations in Germ DM 2.1 are protected by MLS. We’re proud to join the community of builders on MLS, and to be the first consumer appsusing this protocol.
As a standard, MLS has been contributed to and validated by security experts from across industry. Building atop standardized encryption is a critical enabler for us to continue our innovation in identity and authentication, atop a foundation of trust with security researchers and with our users. The integration unites MLS’s world-class open source end-to-end encryption with Germ’s unique identity technology, which enables users to create multiple profiles and manage multiple partitioned social networks for private messaging.
MLS is a trustworthy cryptographic foundation. Getting an end-to-end encryption protocol right is tremendously difficult. Building a new secure messenger today gives us the privilege and the clarity to build on a decade of learning in end-to-end encrypted messaging engineering. The messaging industry has spent the last decade inventing a series of ad-hoc E2EE protocols, only for most of them to have critical vulnerabilities. Building on MLS empowers us to start on a bedrock of validated, standardized cryptography. We look forward to our continued collaboration with partners in this space toward the shared goal of securing all people’s internet communications.
MLS enables us to innovate on identity. Firm foundations ground new engineering. Building on top of MLS allows us to focus on innovating the identity layer. On Germ, you are who you say you are. Only people who you’ve granted permission to contact you can reach you.
Legacy apps that rely on single identities like phone numbers or usernames leave people vulnerable to unwanted contact from spammers, stalkers, and spies. At Germ, we’re building the identity layer for the internet age. MLS empowers us to innovate identity with cryptography we can trust. We’ve built our identity system on a new, interoperable identity and transport protocol, and we’ll have more to share about this in the coming weeks.
MLS gives us a path to Post Quantum Cryptography—without a staff of cryptographers. The IETF is in the process of adapting internet encryption standards, including MLS, for PQC, so that they remain secure into a future where quantum computers can be used to attack cryptography. We are following this work closely and plan to adopt it as it matures. Building on MLS positions us with continual access to best-in-class cryptography.
*
As a one-person engineering team, we’ve had to make some tradeoffs to move boldly into this phase of our development. To deploy MLS in Germ 2.1, we had to drop support for iOS 16. Our MLS implementation depends on CryptoKit’s implementation of HPKE, which first shipped in iOS 17. This transition has also allowed us to adopt JPEG XL, Swift Data, Swift Observation, and Swift Testing as we move out of the prototype phase onto a modern footing.
All conversations in Germ DM have always been end-to-end encrypted, previously using an appropriate cryptographic primitive from the iOS SDK (e.g. HPKE in iOS 17). To provide you with the highest level of security, Germ 2.1 no longer uses our pre-MLS encryption protocols. Nonetheless, your conversations can continue! Using the identity keys and transport paths you’ve previously exchanged and negotiated, the Germ app will opportunistically negotiate a new MLS session so that you can keep your contacts and continue messaging.
*
We are thankful to our technical advisors, Richard Barnes and Nick Sullivan, whose guidance on design and implementation were essential to this milestone. We are also indebted to the mls-rs community and contributors, whose MLS implementation we’ve adapted for Germ 2.1. We are excited to be a part of the MLS community and look forward to sharing our work and contributing to the development and adoption of MLS.
In the coming weeks on this blog, we will explain in further detail the autonomous identity protocol that powers Germ, and how our interoperable identity and transport layers integrate with MLS as the core cryptographic primitive. We’ll also be open sourcing corresponding libraries to show our work and foster further exploration of expanding users’ autonomy over their identities and relationships. We look forward to growing Germ around your feedback - please don’t hesitate to reach out over e-mail or in our Discord.