Auto-Onboard Logic (AOL)¶
A primary goal of our work on "Awesome App", the next generation user experience for ChatSecure, is to make it a great deal easier for users who are unfamiliar with XMPP, Jabber, or even the idea of a "server", to quickly setup and start using the app. To do this, we must greatly reduce the number of steps that currently exist in our current Account Wizard Setup user interface in ChatSecure v14. We must also handle
issues of connectivity to, or filtering/blocking of, specific servers, more gracefully and intelligently.
We are developing an Auto-Onboard Logic (AOL) to handle this process, in order to broaden the amount of users we can assist with securing their communication.
Assumptions¶
- Most users don't care what XMPP server they are using, as long as they can connect to who they want to communicate with
- Some users may have a geographic preference to where their XMPP server is due to political, legal or sentimental reasons
- Most users will only access an account from one device, and don't need to know their password (they only need to be able to reset it or somehow get access to their account if a device is lost/stolen)
- Some users may want to see a set of possible domains/servers and choose from that short list
Goals¶
- After user enters a desired username, the rest of the AOL setup process is "one tap"
- App stores and can refresh a list of desirable servers along with information about then: connect server hostname and IP address, certificate pins, ports, geographic data, logo, etc
- AOL can iterate through a list of servers to handle certain domains being blocked or DNS poisoned
- AOL can use Tor if Orbot is installed and activated, and may prompt the user if they want to try using Tor as an option
Workflow¶
- Optional: refresh remote list of server info JSON from S3 or Github (some unblocked source)
- iterate through server list in linear or random sequence (need to decide how we want to prioritize servers)
- automatically generate a temporary password for the user, that they can later be shown or change if they want, but use that for the registration w/o prompting them
- if you can connect to a server, try to register username; if not available, iterate with some number sequence or other unique appendage (should we prompt the user for appendage type?)
- if you cannot connect to a server, try connecting using the direct connect server w/o DNS SRV lookup, and then try with the IP address from the server JSON file instead of any DNS
- if you still cannot connect, then try to connect using Tor
- throughout this process, provide some feedback to the user, to keep them patiently waiting; should show progress or simple update "trying next place..."
- if you cannot connect to any servers, prompt user to fresh server JSON file, and/or tell them "sorry it seems like your internet connection really doesn't like us"