Kyrne Thanks you for your answer. I really don't want to offense you, this discussion is quite important for me, sorry if my words are a little raw.
Kyrne I made my own as a fun project to do. I have an extensive background in cryptography and cyber security. Also that library hasn't been updated in years, there are some better and more efficient ways to implement the algorithm in JS in 2020.
I think fun is a self-sufficient reason for scripting. You're right, the code hasn't been updated past two years.
Kyrne People can request the source code to do a security audit, closed source to prevent admin tampering.
I understand and indeed It prevent admin tampering (although it's possible to disassemble it), but it don't prevent dev tampering, so the problem is the same, how can we trust your app ? Not just me, maybe I can review the code, and also I would like to compile it myself to be sure no backdoor added since my review. The privacy policy of the forum I manage don't allow us to use proprietary software (and we don't spy users for very short), and admins are organized as a transparent nonprofit collegial association. It's not perfect of course but users can trust this organization. What about one person who said "trust me, I'm cyber security expert" ? I really want to trust you, and I think you are well-meaning, but I can't be sure. Do you think people trust more one dev than admins who are hosting the forum where they choose to be. Honestly I don't know...
f00wl in your design is there something prevent the manipulation of keys server side ?
Kyrne Please see my post a few up from this, it details the processing of keys on the server.
Kyrne The server in the protocol is an untrusted entity, it simply stores preKeys
Kyrne These PreKeys are signed by the IdentityKey
If binary is necessary to prevent admin tampering, so yes the server is an untrusted MITM entity, so there is no way to be sure that is a real e2e encrypted session unless users are able to verify keys through another trusted channel, like signal does with safety numbers in fact.
Kyrne rob006 to clear things up, I'm not making the source private to prevent exploits, I'm making it private in an attempt to prevent admins from modifying it and stealing a user's keys to read their messages.
I fully agree that admins have to much power on user data, generally I mean. And that is why we want to host opensource software our self. One thing great with opensource is that if I don't trust any community admins I can host my own. And flarum is opensource <3.
Kyrne Would you rather I just release it paid?
Of course not, really, that is not the point. The point is what happen if at anytime you want to sell it ? Or just stop maintain it ? I want to provide a long term support/security/stability to the community, I can't made a part of it dependent of only one person. This is not a good strategy for us.
Kyrne How is this a step toward the market model, but my other premium exts aren't? It's totally free.
I'm new, I didn't even know that you developed premium exts. Indeed they are. Thanks for pointing that, this is an other subject just as important. I will probably open a thread about this.
Kyrne I've put more hours into this extension than any other I've made, it's the most requested extension of all time (and thus likely very sellable), and yet I'm giving it away for free.
Yeah, It's a really good idea and I'm personally happy because I care about privacy, and I'm very grateful you share it with us freely and many thanks for all your contributions! I receive your proposal very seriously. NB: There is a difference between free no cost and free libre (in french).
If you didn't planned to sell it, then you can opensource it. I didn't find a full review but the question about opensource more/less secure than closedsource is far as trivial. I notice that in this whitepaper (first ranked in google scholar with query open source software more secure
):
In this research, we have been unable to demonstrate greater security through obsecurity or cloaking, and thus unable to assert that closed source offers additional protections or tangible security features we can leverage in pursuit of a more secure system.
So, If we can't decide only with the security point, and as you say money is not your goal so...
Kyrne Also I'm not hiding my code, since I made it, I get to choose what I do with it.
rob006 "Because I don't want to" is good enough reason to keep your code private. 😉
You're free to do what you want with it :-)
Kyrne Once again you can request the source code to do an audit if you'd like, no one is going to force you to use it.
If you change you're mind and open source the full code publicly, let me know I will be very glad to audit it. I would like to use it but I can't because of all stuff I wrote here and because of our chart (and I fully support it).