GuestNo new alerts

Conversations

- Planned Features40
 
I'm not sure when I'll get around to this one, but there are two variants which I'd like to cover:

Standard conversations which make use of post level encryption with an encryption key held by the app. I'm not sure how well this'll work with backups, but it would be nice, if we could add that extra level of security.


The other uses end to end encryption to communicate without an admin potentially snooping in.

This is pretty hard to prevent considering that an adversarial admin can deploy whatever JavaScript they want, however this might? be possible with vetted open source apps.

I'm not sure on what the specifics might be there exactly, but a public encryption key would be held for both sides on the server, while the private key pairs would be held only by the two conversants.

To facilitate one side reporting a message, a checksum could be stored on the server for each message sent back and forth. This checksum could be encrypted by a separate sent at the top of every message.

When a user reports a message, the message itself and the release key could be sent to the intermediary server and the intermediary server will be able to decrypt the checksum and confirm that it is in-fact the message that was sent from that other user and not a fabrication.

It is entirely possible that an admin may just disable this and just reject messages which they can't read, but at the very least, it'll ensure the integrity of ones which do make it through (assuming they don't switch the publically shown public keys for fakes to fool you into trusting the wrong one).

I'm still brainstorming over this stuff, however and there might be better approaches for this.