Redefining secure group communication with MLS

As part of Plaintext, I collaborated with Phoenix R&D to design and develop a secure messaging application based on the Messaging Layer Security (MLS) protocol, now standardized as RFC 9420. The project aimed to create a privacy-focused messaging solution that addresses the limitations of existing platforms while implementing the latest advancements in cryptographic standards.

A critical insight driving our approach was recognizing how current messaging platforms impose a uniform level of trust across all interactions—your child's school group, a delivery person, an AI health assistant, all exist within the same interface with identical privacy controls. We challenged this paradigm by conceptualizing trust as a spectrum rather than a binary state. Our design exploration focused on creating tools that honor the nuanced nature of trust and return ownership of data and privacy decisions to users through meaningful consent mechanisms.

Organization: Phoenix R&D ft Plaintext
URL: https://phnx.im/
Date: 2024 - 2025
Role: Product Designer, Lead
What I did: Product, UX, UI

Challenge

Despite the growing importance of secure digital communications, existing messaging platforms present users with a difficult choice: convenience at the cost of privacy (centralized platforms) or security at the cost of usability (decentralized solutions). While protocols like Signal provide excellent encryption for one-to-one communications, they face scalability and performance challenges in group settings.

The Messaging Layer Security (MLS) protocol represents a significant advancement for secure group messaging, offering better scalability, more efficient key management, and stronger security guarantees for large groups. However, these technical advantages needed to be translated into tangible user benefits. Our challenge was to create an application that not only leverages MLS's cryptographic advantages but also delivers an intuitive and consentful user experience that emphasizes privacy by design, making advanced security accessible to everyday users.

Init process: Discovery & Research

We began with comprehensive research to understand the technical foundations and user experience opportunities:

• Analyzed the MLS specification (RFC 9420) and architectural documentation
• Conducted competitive analysis of major messaging platforms (WhatsApp, Signal, Telegram, iMessage, Facebook Messenger)
• Reviewed academic literature on security and usability in group messaging
• Mapped assumptions and mental models related to secure group communications

This phase revealed significant opportunities to improve on existing solutions, particularly around:

• Transparency in security features
• Clear membership status and identity verification
• Flexible administrative controls
• Consent-based interaction patterns
• Privacy-preserving defaults

Product Strategy & Definition

Working closely with stakeholders from Phoenix R&D, we facilitated collaborative design sessions to establish:

1. Product Definition: It was transparent to stakeholders that providing a usable, secure and privacy-preserving group messaging app is what we were building. We were doing so by discussing the underlying technology that enables these features in open standards bodies with the freedom and transparency of operating public funding. And we do so because, more than ever, communications between peers must remain consensual, private, and secure. A messaging application built on the MLS protocol that focuses on secure group communications with privacy and usability at its core value proposition: providing a secure, private group messaging platform that offers more control over data and trust without sacrificing usability.

2. Feature Mapping & Design Exploration: Over several months, we conducted weekly design sessions focusing on critical areas:

• Key Material Management: Creating secure yet intuitive flows for account creation, recovery, and deletion encouraging keys ownership.
• Identity Management: Defining username, display name, and alias systems that balance privacy with usability while increasing ownership on understanding trust as an spectrum.
• Privacy Features: Implementing anonymous sharing links, secure defaults, and granular roles management.

We prioritized features using a double-axis matrix to create a roadmap that balanced technical feasibility with user value.

Outcome

The project resulted in a comprehensive product strategy and design framework for Phoenix's MLS-based messenger that:

• Incorporates enhanced security features with improved usability
• Provides clear explanations of privacy and security features at key moments
• Offers flexible configurations that respect user consent and privacy preferences
• Establishes secure defaults for group creation and management
• Creates intuitive methods for managing group membership and establishing trust

Impact

While still in development, Phoenix's MLS-based messenger demonstrates the potential to raise the standard for what users should expect from secure messaging applications. By combining the cryptographic advantages of the MLS protocol with thoughtful user experience design, the application provides a meaningful alternative to existing messaging platforms. The open-source nature of the project and its foundation on open standards ensures transparency and the potential for wider adoption, setting a new benchmark for secure, privacy-preserving group communication.