The Bourbon Protocol
A key strength of the traditional telephony system is its neutrality, allowing users to maintain their phone number — a crucial aspect of their identity — regardless of their service provider. This means that an individual can send and receive SMS messages with anyone, regardless of the recipient’s carrier. For example, a T-Mobile user can exchange messages with a Verizon user, and if the Verizon user switches to AT&T, their phone number remains the same. This phone number effectively serves as a unique identifier, enabling others to contact them directly.
The Bourbon Protocol preserves this important feature, ensuring that users can maintain a consistent and reliable means of communication. But, it also extends this feature to include DNS and ENS, two other important forms of identity on the Internet.
Important aspects of the Bourbon Protocol
Credibility Neutral — The network itself must remain credibly neutral and not owned or gated by one company. It must be a multi-polar network.
Sovereign user account — Users should be able to control their account at all times. Two examples of user sovereign accounts are Farcaster and Bluesky decentralized social networks. In both of these social networks, the account is set up and controlled by the individual. In the event of lost account keys or passwords, these platforms offer account recovery methods that may or may not involve a third party, ensuring users can regain access in a secure and reliable manner, and ultimately providing a new standard for user autonomy and security in the digital landscape.
Permissionless for users — Users should be able to privately join the network and update their accounts without censorship and without KYC. Note: Using a phone number on the Bourbon Network requires compliance with country KYC requirements.
Permissionless for operators — Operators should be able to stand up equipment to operate relay nodes on the network without requiring permission. Note: Gateway nodes on the Bourbon Network must abide by country-specific rules for using the legacy phone network, so operators of gateway nodes cannot be established in a permissionless manner.
Signal-level encryption — The end-to-end encryption should ensure forward secrecy, post-compromise security, repudiation, replay protection, and out of order messaging.
Non-correlative — Who you are communicating with should be private along with the content of your messages. To achieve this, metadata is encrypted, inboxes for conversations are ephemeral, per-device, and non-linkable to participants. The use of mixnets (eg. Tor, Nym) is an application decision, and not part of the Bourbon Protocol, though may be considered in a future version.
Based on IP not SS7/VoLTE — The Bourbon Protocol functions via an Internet connection using new modern encrypted protocol based on IP, not legacy SS7/VoLTE protocols. On a mobile phone this means only a data eSIM is required to call and message others.
Governence
The Bourbon Protocol is an open, permissionless framework designed and advanced by a collaborative ecosystem of stakeholders. At its core are the subscribers — whose security, privacy and trust drive the protocol’s purpose — alongside operators, who maintain and optimize network functionality on behalf of these subscriber stakeholders. Governance is steered by a dedicated foundation, comprising both operators and subscribers, which oversees and approves updates to the protocol’s features and capabilities. This inclusive structure ensures that Bourbon Protocol evolves dynamically, balancing subscriber needs for cutting-edge security with operator expertise, positioning it as a resilient, future-proof solution in the face of threats like Salt Typhoon.
Bourbon Protocol in Depth
Bourbon Protocol Messaging
The core of the Bourbon Protocol is a decentralized end-to-end encrypted messaging protocol utilizing a sovereign user account for identity. The messaging layer supports the ability to carry different “dialects” of messaging protocols. A SIP dialect enables clients to negotiate WebRTC calls with other clients, enabling private voice and video calls. An SMS/MSS dialect enables clients to speak to legacy SMS/MMS nodes via a gateway node. There is also a messaging native dialect to support rich messaging users have come to expect from other popular messaging apps.
We looked into using MLS for the end-to-end encrypted messaging, but encrypted group messaging using MLS requires centralized coordination to manage group membership. This approach will not work for a mulit-polar decentralized network. The Bourbon Protocol messaging layer will be based on the AT-SMS protocol being developed on top AT Protocol.
Identity on the Bourbon Protocol
Establishing identity on the internet has long been a complex challenge, requiring a delicate balance between three competing demands: user control over online credentials, seamless recovery for lost or forgotten credentials, and human-readable identifiers that are easy to use and remember. Achieving this balance has proven elusive, with many solutions compromising on one aspect to prioritize others.
On the Bourbon Network, each subscriber has a decentralized account ID, which can be either a Bluesky DID or a Farcaster FID. Human-readable names and phone numbers, typically considered essential aspects of identity, are cryptographically linked to this decentralized account ID. This approach allows multiple names or phone numbers to be associated with a single decentralized account ID. Subscribers can add or remove different names or phone numbers while keeping the existing account ID, facilitating flexible and secure communication. Messages are sent too and from accounts, not the name or phone number associated with the account.
An advantage of using Farcaster and Bluesky accounts is that the profile information for accounts can be looked up and shown as part of the user experience. This is especially useful when used by a business or government. Imagine receiving an inbound message from support.irs.gov, you can be certain that it is not someone pretending to be the IRS.
Combatting Spam
One of the major issues with traditional voice and SMS networks is the prevalence of unwanted calls and messages. It’s often impossible to verify the authenticity of an incoming message, as the only identifying information is a phone number, which can be easily spoofed. To address this problem, a messaging protocol needs a mechanism to identify the sender and allow the recipient to decide whether to accept messages from them.
In contrast to traditional SMS or voice messages, apps using the Bourbon Protocol use a more intentional approach to initiating communication. Instead of automatically receiving incoming messages, users must first receive and accept an invitation to communicate. These invitations include additional context that helps users and built-in AI make informed decisions about whether to accept or decline them. This approach provides a more secure and user-controlled experience, giving individuals the power to choose who they want to interact with.
Who Operates the Bourbon Protocol Network
The Bourbon Protocol operates using relay nodes and gateway nodes. Bourbon relay nodes are responsible for storing and forwarding the encrypted messages that Bourbon Protocol Subscribers use to message one another as well as storing and distributing pre-keys that subscribers publish in order to bootstrap private encrypted communications. The other function of the relay node is to facilitate WebRTC call setup between subscribers. Relay nodes can be operated by anyone willing to stake a commitment to operate the relay node on the network.
Gateway nodes on the Bourbon Protocol Network are responsible for bridging legacy SMS/MMS and voice traffic from Bourbon Protocol Subscribers to the legacy SS7 networks. Multiple Bourbon Protocol Gateway nodes will operate in each phone number country code. These gateway nodes are responsible for managing the real phone numbers used by subscribers. When someone wants to port their number and use it on the Bourbon Protocol Network, they contact someone operating a gateway node. The gateway node operator registers the number with the Bourbon Network and manages the VoIP and SMS bridge for that number.
Relay and Gateway nodes will be operated by new and existing Telecommunications companies. The incentive to operate these nodes will be to share in the revenue paid by subscribers that use the Bourbon Protocol Network.
Bourbon Protocol Network Architecture
Press enter or click to view image in full size
How can I get involved?
Mobile Network Operators and Mobile Virtual Network Operators — We are looking for MNOs and MVNOs to step up and support this effort. This means helping stand up this new network, and providing a path for your subscribers to opt in to this new privacy preserving alternative to the insecure voice and SMS you are currently offering.
Developers — We are looking for developers that understand cryptography including zero knowledge technologies as well as developers familiar with legacy telephony, SIP and WebRTC to help build out the open source stack for this new protocol.
Mobile Subscribers — Perhaps the most important cohort of support needs to come from existing mobile subscribers that want to see our telephony infrastructure upgraded with built-in privacy. We will be launching a service that allows you to port your number and use it on the Bourbon Protocol Network. Sign up here
Why do we need to upgrade the voice and SMS/MMS network?
Lack of privacy and security — This convenience of SMS comes at a steep cost: every time a message or voice call is sent or received, sensitive data is collected and stored by telco operators creating a treasure trove of information that is vulnerable to hacking and exploitation, including the location of every subscriber. In a recent breach, a Chinese hacker group called Salt Typhoon “gained access to U.S. telecommunications networks in a sweeping cybersecurity breach and were able to use their positioning to geolocate millions of individuals and record phone calls at will”. This breach was so catastrophic, that US officials advised all Americans to use encryption apps to safeguard their privacy.
Network effects — The legacy phone-based SMS and voice network is a juggernaut, with over 5.5 billion mobile subscribers relying on it for everyday communication. Its ubiquity has created a powerful network effect, where the value of the network increases exponentially with each additional user, making it an indispensable tool for businesses and individuals alike. This network effect has made it the de facto standard for real-time interactions, such as check-ins at restaurants, doctor’s offices, and government agencies. It will be much easier to upgrade this network than introduce a new network to replace it.
MNO/MVNO losing to WhatsApp — Since WhatsApp also uses a phone number for identity, many businesses check to see if the phone number is a valid WhatsApp user, and if so use WhatsApp instead of SMS to message the user. Over time, customers will only need data access on their phone, with data eSIMs becoming a commodity purchase, MNO/MVNOs risk losing the relationship with the customer.
With the Bourbon Network which also retains the phone number as an identity, MVNO/MVNO can retain the relationship with the customer, and offer new additional value.
Losing to WhatsApp — While apps like WhatsApp offer encrypted communication, they are ultimately controlled by central entities, which can be vulnerable to censorship,surveillance, and data breaches. What we need is an open, interoperable protocol that allows multiple providers to offer secure communication services without being beholden to a single company. It’s time to upgrade the world’s most popular mode of communication with a privacy-first, end-to-end encrypted protocol that puts users in control of their data. By doing so, we can harness the network effect of the existing phone-based system, while ensuring that our communications are secure, private, and resilient against cyber threats.
What is the Bourbon Protocol?
The Bourbon Protocol is a secure end-to-end encrypted voice, video and messaging protocol built to replace the existing phone-based voice and SMS/MMS telecommunications service used by over 5.5 billion subscribers.
How does the Bourbon Protocol work?
The Bourbon Protocol is a new protocol built from the ground up to support secure, privacy preserving, end-to-end encrypted communications (voice, video and messaging). Like the existing phone network it is a multi-polar network operated by many different stake holders and uses a decentralized account model enabling each subscriber to maintain full control over their account and the encryption keys that secure it.
The protocol is capable of carrying SMS/MMS as well as SIP-based voice calls enabling Bourbon Protocol apps to communicate with the legacy phone network. Subscribers can optionally register a phone number on the Bourbon Protocol. When a Bourbon Protocol capable app desires to message a phone number, it first looks up the number to determine if it has been registered with the Bourbon Protocol, and if it has it uses the secure, private Bourbon Protocol to message the other number. In this way, as more and more people register their number with the Bourbon Protocol, more and more subscribers will be protected by secure, private messaging.
Does the Bourbon Protocol use a blockchain?
Users of the Bourbon Protocol do not need to interact with a blockchain in order to communicate with other users on the Bourbon Protocol. But, several aspects of the Bourbon Protocol make use of public blockchains as a credibly neutral platform to store and update various aspects of the user identity.
Why does the Bourbon Protocol use Bluesky and Farcaster for decentralized account IDs?
The concept of identity on the internet has been a longstanding challenge, with the need to balance three competing demands: granting users full control over their online credentials, providing a seamless recovery process for lost or forgotten credentials, and creating human-readable identifiers that are easy to use and remember. This balance has proven difficult to achieve, with many solutions sacrificing one aspect for the others.
Recent innovations in the Farcaster and ATproto protocols, as used by Bluesky, have made significant strides in addressing this challenge. Their identity layers have successfully struck a balance between user control, recovery, and readability, providing a robust and user-friendly solution. By building on these advancements, the Bourbon Protocol can leverage their streamlined user onboarding processes and establish itself as a common communications layer for users across both platforms.
Do I need a Mobile plan to use the Bourbon Protocol?
The Bourbon Protocol operates seamlessly over the internet, leveraging similar infrastructure that powers popular messaging apps like Signal and WhatsApp. As a result, users can communicate freely with anyone, anywhere, as long as they have an internet connection. This means that whether you’re at home, in the office, or on-the-go, you can stay connected with friends, family, and colleagues without worrying about cellular coverage. Mobile plans will continue to play a vital role in providing the data access needed to power the Bourbon Protocol, ensuring that users can enjoy uninterrupted communication regardless of their location.
What role will traditional telecom providers play in the Bourbon Protocol?
Telecom providers will continue to play two important roles in the Bourbon Protocol. First, some will operate nodes on the Bourbon Protocol that serve as gateways between the new end-to-end encrypted network, and the legacy SMS & voice networks. Second, many will operate Bourbon Protocol relay nodes and offer mobile plans to their customers that provide data access along with Bourbon Protocol based voice, video and messaging.
Do I need to pay to use the Bourbon Prococol?
There is a small protocol fee to use the network estimated to be $1 - $2 / month. This fee is used to pay for the infrastructure to run the Bourbon Protocol Relays.
If you want to use the Bourbon Protocol for phone-based communication, there is a cost to register a phone number with the Bourbon Protocol. This fee depends on which country the number is from. At launch, only +1 US-based numbers will be supported. We expect these numbers to cost $2 / month.
Why is it called the Bourbon Protocol?
The Bourbon Protocol establishes an end-to-end encrypted messaging layer over which WebRTC and SIP are used to establish voice calls. We wanted a name that highlighted that this new protocol was great for SIPping, and bourbon is great for sipping.
Why not just use Matrix?
Matrix relies on a “Home Server” and your Matrix ID is based on this home server, and specifically the DNS name of this Home Server. There are two reasons this will not work for the Bourbon Protocol.
You cannot take your identity with you to a new service provider the same way you can take your phone number with you to a new Mobile Network Operator.
Your ID is tied to DNS which means you cannot change your username without all the people you talk to also updating their contact info.
Similar to Bluesky, the Bourbon Protocol relies on a decentralized account (DID) to abstract the account from the name or phone numbers used to look up the account.
Why not use XMTP?
XMTP is a messaging-only platform which does not support voice and video. In addition to this, governance of the network is controlled by one entity, and it is unclear if it this will ever be opened up to be multi-polar.
Why not use Signal?
Signal is an amazing app, and we love it! Ironically, much of the inspiration for the Bourbon Protocol comes from early versions of Signal which used to support SMS as a fallback for people not yet on the app. But, Signal operates as a centralized service using an account model where you must have a valid phone number to join instead of optionally supporting phone numbers.
Why not RCS?
RCS was designed to depend on traditional carrier infrastructure and not designed to protect the metadata of the participants that use it. It allows large providers like Google to track everyone that uses it.