End-to-End Encryption GDPR Problems

Just to throw this in here, this is how political the GDPR can be as soon as you make personalised data from a home environment and then make it available to a wider audience via social media without consent

BBC News - Grandmother ordered to delete Facebook photos under GDPR
https://www.bbc.co.uk/news/technology-52758787

Might help to chime in on some of the specifics of the encryption implementation.

At the current state, admins will be completely unable to decrypt messages. The private keys for each user will be stored on the server but will be AES-256-GCM encrypted with the user's password ran through PBKDF2 with 12800 iterations to stretch it to 256 bits. The actual keys to decrypt messages are double ratchet keys, meaning they change after each use. If a hacker or admin managed to get ahold of one of these keys, they'd only be able to decrypt 1 message.

Double ratchet creates a problem with reading old messages however. Once a message is read, it is simply encrypted with that same stretched password. If a user loses access to their password, he will lose access to previous messages as well.

Any admin of Flarum or any other website could conceivably steal any of their user's passwords by using bad JS code. This could be mitigated in a few ways but makes the user experience significantly worse (having to export and manually keep track of keys).

JS is at the moment is an inherently insecure programming language, I am taking as many steps as possible in the extension to prevent tampering by any party (including the admin) and I will make these steps clear in the final version. But once the code leaves my computer there isn't a lot I can do to JS to secure it from a bad admin.

Kyrne there's a couple of questions that arise from this methodology. JS isn't secure enough to guarantee maximum protection possible without the risk of tamper via inject and this creates an immediate security issue which on the face of it is likely insurmountable.

If you consider how WordPress handles this from a plugin perspective, it is not encrypted. My question here would be why we need to encrypt messages in the first place in a forum. Based on the above, there should be an option to enable or disable depending on your preference. The messages are still private, but not encrypted and controlled by permissions instead.

[deleted] the JS code of the ext is verified using Subresource integrity which is a feature in JS. This means that as long as you are using https, the implementation is secure, no one but the site admin can tamper with the js code.

It's important to think about how apple could totally read your iMessages if they want, they just need to get your password which again is very possible.

The only way in the world to have 100% secure true end to end encryption is decentralized peer to peer messaging (the platform doesn't have control of the client). This is something no popular encrypted messaging service can provide

Kyrne that's correct of course in the sense of decentralised messaging, but what about the ability to disable or enable the encryption ? Requesting users to control their own keys is asking for it.

[deleted] The current system doesn't require users to manage their keys. My current plan is to release the ext as is, encryption required with little to no settings. After that, I will incrementally add features in order of popularity.