[ABD] [DEV] Encrypted PMs

[Dugi]

I'm looking forward to this. Thanks!

[FredQ]

Overall it does sound like a a good idea.

Someone mentioned PGP and I think it's a valid case, but we can go even further.
To make it secure: I can imagine a system where you can store your private key into your browser local storage, and the browser will decrypt the message for you - not phpBB at that stage. Same for the encryption, the message is encrypted by the browser before sending.

The keys will need to be generated inside the browser as well, as the OP could intercept them if generated by phpBB.

It is technically possible, but a little more challenging

[Senky]

...browser will decrypt the message for you - not phpBB at that stage. Same for the encryption, the message is encrypted by the browser before sending...

This is already part of the specs.

[FredQ]

This is already part of the specs.

My bad... My brain was melting or I was drunk, or maybe I was thinking about something else. It's all in the specs indeed

[thecoalman]

This is already part of the specs.

I realize this gets difficult not using the password but if someone hacks the server and could edit the script they could capture the password on login, yes? Obviously that compromises the entire account including anything encrypted but I think you need to be careful about giving people a false sense of security.

You could generate a key client side and leave it to them to store it but that requires JS also susceptible to being modified by someone that has access to the server.

Correct me if I'm wrong but the only way I see to secure this against a a compromised server is with a browser extension.

[Senky]

Correct me if I'm wrong but the only way I see to secure this against a a compromised server is with a browser extension.

Even browser extension can be compromised. The only 100% secure way is when you encrypt the PM on your (secure) PC, then paste encrypted contents to the PM message field. The receiver then needs to copy the contents and decrypt it on a secure location. Such a procedure is obviously extremely unusable, while browser extension is amusing as well. The way I plan to do it makes it theoretically vulnerable (everything is vulnerable when it comes to encryption) but requires no browser extension, no PC/mobile app, just tick one checkbox and it is done.

[thecoalman]

Even browser extension can be compromised.

That's why I said "compromised server", if the extension was only made available through official browser services it would be more secure.

I realize this is probably way beyond the scope of your intentions. Anything is better than nothing.

[Senky]

I realize this is probably way beyond the scope of your intentions.

On the contrary, this is very interesting idea!

[NastyBoy]

Any News of Dev? Is it finish to test

[fluffybits]

This would be great, have you made any progress?

If there was an optional field for admin & users to add their PGP key, then an extension could be made so when anyone messages someone else, there's an option to 'encrypt message with targets PGP key'.

Would simplify the process and wouldn't have to keep adding contacts to kleopatra.

[DocSommer]

Hi everyone!

You see, there is an extension for reading user private messages. Am I the only one feeling bad for this?

No, actually I feel bad knowing that somebody felt the need to develop such an extention. I do everything I can to optimize privacy so it would be nice to see some reviving energy for this ext development.

[[Dimetrodon]]

Only issue I'm worried about is the possibility of people being unable to report private messages, which is a necessary feature. If a user chooses to encrypt a message, they accept the risk of something going wrong with the encryption, such as a lost password, etc.

That being said, I like this idea, and it would be a layer of protection in case of a hacked database.

[halil16]

Having an option to encrypt messages can also result in user insecurity. It means that other people could read my previous messages, they say. Best of all, this extension doesn't have such an option and it encrypts all messages end-to-end. However, an administrator or moderator with permission should still be able to access the reported messages.

[DocSommer]

Having an option to encrypt messages can also result in user insecurity. It means that other people could read my previous messages, they say. Best of all, this extension doesn't have such an option and it encrypts all messages end-to-end. However, an administrator or moderator with permission should still be able to access the reported messages.

That would make the whole thing partially obsolete. People can do screenshots or quote content in case they feel the need to report something.

[halil16]

Having an option to encrypt messages can also result in user insecurity. It means that other people could read my previous messages, they say. Best of all, this extension doesn't have such an option and it encrypts all messages end-to-end. However, an administrator or moderator with permission should still be able to access the reported messages.

That would make the whole thing partially obsolete. People can do screenshots or quote content in case they feel the need to report something.

I mean all messages are end-to-end encrypted by default. Moreover, there is no need to offer users an extra option. By default phpBB has the option to report private messages to a moderator. This feature must be available. Therefore, in case of a complaint, the moderator should also be able to access it.