Implement WhisperSystems Encryption for Voice and Text

Komentarze

Komentarze: 4

  • Leo G.

    I totally agree with this.  It's not necessary for all chats, and would be pretty impossible to do that in a user friendly way anyway.  However, PMs should have the option for E2E encryption at least.  It does present a problem with the mobile app, but I think there is a trade off that can make for a good middle ground.

    For any devs that might see this, I think I have a method of making things work.

    FOR ENCRYPTION:

    1. Let users that care about security generate their own GPG encryption keys.
    2. Have them upload the public key to the Discord Server and store it tied to their user ID (i.e.  notBob#1234).  This could easily be done under the "Privacy & Safety" as it's nothing more than a blob of data.
    3. Implement a way to point the app at the private key stored at whatever location it is stored at on the users computer for later decryption.  Or store the private key locally on the app but DO NOT SYNC IT TO THE CLOUD!
    4. Add a checkbox (and probably a global, server, and/or per channel setting) on the PM system to encrypt a message (and/or REQUIRE a sender to do so based on the settings above).
    5. Have the system automatically check to see if the recipient has a public PGP key uploaded to their account. 
    6. If yes, use it to encrypt the message.  If not, generate a message to the recipient with a link to a webpage explaining how to generate a key and upload it.  Send it on the PM channel so the recipient can let the person know when they have a key available (or have the system automatically notify the person that requested one to be generated).
    7. IF THERE WAS NO KEY:  Let the sender know that the message will not be encrypted and that the recipient will be prompted to generate and upload a public encryption key and that they will be notified when this is done.  Give them the option to send anyway or cancel the message and wait until a key is available.

     

    FOR DECRYPTION:

    1. Since there's not really a way to store the private key locally (not and still have it be secure), wrap the message up and instead display a button that triggers the app to look for the private key at whatever location was specified in step 3 above.
    2. If on a mobile device, just disable the button.  Let the user follow up when they get home.  Some form of automatic way to remind the user would be a good idea.  I would suggest either some form of "Snooze" option or making encrypted messages show as unread until the button has been clicked.  Add an automatic timeout that resets the button to an active state and re-encrypts the message after some fixed interval, say 15 minutes, but without the unread flag.
    11
    Czynności dotyczące komentarzy Łącze bezpośrednie
  • Félix An

    I agree. I sometimes use Discord to share confidential information with my IRL friends and don't want Discord employees to see it.

    2
    Czynności dotyczące komentarzy Łącze bezpośrednie
  • stefanieshiller

    Why do you guys think discord is free? They need access to your texts so they can sell the info they gathered to advertisers and so on, they're not going to strengthen the encryption anytime soon

    1
    Czynności dotyczące komentarzy Łącze bezpośrednie
  • Cpt.Dinosaur

    That wouldn't work for trust and safety team.
    Imagine those child abuse servers if all communications were encrypted.

     

    It has a place on some platforms like telegram/signal/whatsapp, but I don't think discord needs to be encrypted in that way too.

    Sure, user -> discord, discord -> user (which they already do), but the trust and safety team need to read messages for ToS and law breaches.

    -4
    Czynności dotyczące komentarzy Łącze bezpośrednie

Zaloguj się, aby dodać komentarz.