Hi, I’ve studied Signal, OTR, and OMEMO, and decided to create my own messenger (called Coldwire), it’s still being actively developed, early stages, not yet audited.
It has similar (and sometimes better) properties to OTR (plausible deniability, SMP support)
One improvement it does, is that it Enforces SMP verification, basically making Trust-on-first-use attacks that plague pretty much every single E2EE encrypted protocol, obsolete.
Another difference between it and OTR is, the fact I exclusively use post-quantum cryptography (multiple algorithms, different underlying mathematical properties, to ensure that if one is broken, result is not catastrophic)
Also, unlikely OTR, Coldwire is capable of fully async messaging (either contacts can message each other, even if one is offline, without messages being lost)
It has whole bunch of other paranoid stuff too, some are novel…
Lastly, I’ve omittied implementing features that are often exploited (like memory corruption, or metadata-rich features) like media parsers, public groups, voice calls, video calls, persistent chat history, avatars, bios, last seen, online status, read receipt, delivery receipt. and whole other stuff.
Again, this is unaudited, so even though on paper it is more secure than both Signal and OTR,OMEMO, etc. In real-world, all of these are probably more secure because their protocols are audited, and some of their protocol implementations are audited.
Here is a Python implementation of Coldwire (just a prototype, actual final implementation will be in Rust):
Freedom-Club-Sec/Coldwire: Coldwire - the ultra‑paranoid post‑quantum messenger
Feedback welcome