Which admins have the ability to read DMs

Demontrich · October 24, 2020, 1:27am

What the hell!

Really!

RedundantAlexithymia · October 24, 2020, 1:27am

Anything you have not encrypted on your machine assume anyone else can read.

@Future without end to end encryption that plugin is utterly a joke. Trusting the server for key storage also is absurd security wise

Everyone: Use PGP

Demontrich · October 24, 2020, 1:28am

I’m still using Morris code.

RedundantAlexithymia · October 24, 2020, 1:29am

One time pad and a carrier pigeon ftw

Rowan · October 24, 2020, 1:30am

Future · October 24, 2020, 1:36am

This part

Technical details

At no point in time will any non encrypted private conversation or private credentials be sent to the server. The only trust that will be placed on the server is that nobody messed with the JavaScript payload sent to the client.

Private and public key pairs will be generated 100% on the client side and then the private key will be encrypted using AES symmetric encryption prior to handing it to the server for safekeeping, we will stretch the passphrase using randomly generated salt stored on the server. Key stretching will be done on the client using PBKDF2 (available in web crypto api). The private/public key pair will be stored on the client in IndexDB using a non exportable CryptoKey object. Exportable CryptoKey data will be removed from memory as soon as possible.

Encrypted private key and public key will be stored in a user custom fields. Only current_user will be allowed to read/write the encrypted private key, all logged on users will be allowed to read public keys for all users.

Conversation keys will be generated client side on conversation initiation or invite and encrypted using all the public keys involved in the conversation. This data will be stored in a dedicated table (user_id, topic_id, encrypted_conversation_key) , this row will be creatable by any user in the conversation but only readable by current_user == user_id .

Lead me to belive it was secure, maybe I’m mistaken

RedundantAlexithymia · October 24, 2020, 1:41am

a. Storing the keys on the server isn’t good security practice, encypted or not
b. any newly created implementation of any secure messaging should be taken with several grains of salt. Lack of maturity and 3rd party auditing makes any implementation questionable at best

In short, i wouldn’t trust my freedom on it being secure.

sidco · October 24, 2020, 5:13am

@cxojinu designed our logo, helped pick the color scheme, and has been a pal for over 10 years. Much love.
Technically in Discourse just admins have access to another persons account, including DMs, as @Future posted above. Vultr does the hosting. I and them are the only ones with access to a system console (ssh) including database, files, logs and such. I am the only one with the gpg keys to the backups.
Treat anything you do here like it’s happening in a public place.
If both users delete the DM it gets purged from the live DB.
Use GPG, end to end free to use (open source) encryption. I understand easier said than done, but a quick online search of gpg+yourOS will get you well on your way.

TheGratefulPhil · October 24, 2020, 5:43am

I don’t understand any of this—but does it mean only you and the developer can see DMs?

Soxhlet · October 24, 2020, 12:39pm

If he could take your job i’d eat my hat!

sidco · October 25, 2020, 12:43am

Anyone on this list Future4200 and Vultr the hosting company Vultr Privacy Policy - Vultr.com could potentially view our DMs, and some other identifiable information like your current IP address.
I am the only one with access to the backup DB.

Developer isn’t the right word exactly. Discourse, the people who develop this platform cannot see our DMs.

TheMightySeaman · May 11, 2021, 3:00pm

You think Emails are private?
If you’re not whispering into someone’s ear while loud music plays in the background, chances are that it’s not in all actuality private & available to someone who’s in the right place at the right time to pick it up.

SubstituteCreature · May 11, 2021, 3:18pm

There’s a difference between then surveilling everything and them actually listening to what they record - don’t act stupid and give them a reason to type in your name to their super secret federal government search bar and you’re fine.

Capttripppp · May 11, 2021, 3:21pm

Sure, there’s the distinct possibly that somebody put a camera in my bathroom just to watch me shit… I think…
Just kidding, I know I’m not that important. If you aren’t doing things that you have to worry about being read by others than the concern is moot in my opinion. I’m certainly not doing anything here that I wouldn’t share with either Future or Sidco, or anyone else for that matter. But I get your point. Privacy (complete privacy) is a rare commodity these days…

thumper · May 11, 2021, 4:07pm

So dont trust- and then they say im a cop because i dont trust enough to post pics online in 2021.

stoopkid · May 11, 2021, 4:25pm

The new Alexa devices can pick up voice commands over loud music.

Just wanted to share that lol

Apothecary36 · May 11, 2021, 4:30pm

Music producer tricks

I wonder if they use phase cancelation to hone in on your voice

thumper · May 11, 2021, 4:43pm

the alexa is fucked- for it to hear you say alexa it has to be listening the whole time. I have a fire stick but its in the garden on a monitor to entertain while working, it only hears fans. Im done for= my amazon purchases are obv a grower but whatever- im busted. Just dont cancel culture me. Its so bad how obv it is based on just my amazon. phresh filters, nutes, all obvious huh> oops. I used to literally park a block from the hydro store. times have changed, weed is legal in my state.

SidViscous · May 13, 2021, 12:09am

And yet NSA still ships shit to my billing address…

moveweight · May 13, 2021, 12:12am

move enough and they’ll never know what state or city you’re in by the time it matters.