December 6 2009, 23:10:32 #542 [1 Agree] [0 S] [0 T]
Site operator here. Is anybody interested in the ability to have private threads that are fully encrypted?
The idea is this:
* The thread is stored and transmitted in a fully encrypted state
* The decryption and encryption are handled entirely in the browser (javascript)
* The key is unknown to the server
* The thread URL is private and not listed anywhere - if you lose it, you're screwed! Threads will be pruned after a few months of inactivity.
* There would be no record of poster ID, no google analytics and no moderation.
This is the encryption method I'm thinking about using for this: http://rascalcode.home.bresnan.net/rascal.html [link]
Now, if I implement this, you'd better not be using it for:
* Sharing copy-written material
* Subverting censorship
* Organizing militias
* Other things the government doesn't like
Of course, if you did, I wouldn't be able to find out. Honor system!
Replies: 34
December 6 2009, 23:23:47 #547 [0 Agree] [0 S] [1 T]
How do we know you aren't working for some government?
December 6 2009, 23:26:35 #548 [0 Agree] [0 S] [-1 T]
@547 You don't, but the communication between server and client is encrypted, and by nature of being a web application it's all open source. You'd be able to scan for any kind of bugging. Without the key being transmitted to the server, the encrypted data in the database is essentially useless.
December 6 2009, 23:31:26 #553 [0 Agree] [0 S] [0 T]
@548
Interesting idea. I'm not sure how it'd be useful, but that hasn't stopped services from succeeding in the past.
December 6 2009, 23:42:01 #561 [1 Agree] [0 S] [0 T]
@553 Remember that this is not a commercial service - it is an idealogical service; that is, because I believe that freedom of speech is a human right which should never be denied to any person for any reason, I'm willing to operate at my own expense a "safe haven" of sorts for free speech without fear of government or other surveillance or censorship.
Which kinda makes me sound like a fag, but I swear I'm not.
December 6 2009, 23:56:59 #564 [0 Agree] [0 S] [0 T]
@561 Girls like me dig guys like you! Seriously!!! (this will be awkward if you're a girl... haha)
December 6 2009, 23:59:45 #565 [0 Agree] [0 S] [0 T]
@564 I'm a guy, and I appreciate the sentiment. I'm taken though :D
December 7 2009, 00:03:45 #568 [0 Agree] [0 S] [0 T]
@565 Bummer... but you sound happy about it, lol.
December 10 2009, 01:20:45 #636 [0 Agree] [1 S] [0 T]
I approve this and I'm not any of the people who already posted!
also could I pose a question to 564?
December 10 2009, 01:22:09 #637 [0 Agree] [1 S] [0 T]
@564
(proceeding with question anyway)
on a board where the whole point is to be truly anonymous how did you plan on getting info about 561? sorry if it seems rude but I am really just plain curious.
December 10 2009, 08:09:34 #642 [0 Agree] [0 S] [0 T]
@637 haha, I was just paying the guy a compliment. It's not like I thought I had a chance of actually getting to know him in real life or something.
December 10 2009, 12:40:00 #645 [0 Agree] [0 S] [0 T]
Well I appreciate the compliments. :D Anybody else have ideas/feedback on the idea?
December 10 2009, 16:04:09 #648 [0 Agree] [0 S] [0 T]
oh ok, sorry, was just wondering (I have met people that DO try...)
December 10 2009, 20:18:05 #654 [0 Agree] [0 S] [0 T]
@648 Haha well if he wasn't taken and if there WAS a way I would probably try ;)
December 10 2009, 23:25:13 #674 [0 Agree] [0 S] [0 T]
@662 Yeah but you aren't the awesome person who thought of this site ;)
December 20 2009, 13:43:46 #834 [1 Agree] [0 S] [0 T]
I'm a guy, I'm not taken, I don't want to be taken, and I refuse to slobber all over the site creator, albeit admittedly this is a great site.
@547 Your question is dumb. You yourself could be a government official for all anybody here knows. No matter what reply he gives you, you'll still have to trust the answer.
More to the point: decryption on the browser will prevent sniffing attacks (man in the middle) and will prevent compromise of server data (it's encrypted, not plaintext). As long as the server and the key never meet, and by design I understand they can't, then I like it.
December 20 2009, 14:26:17 #836 [0 Agree] [0 S] [0 T]
Yep, most of the reason for the in-browser encryption is because you don't have to trust any of the other points of travel. Because you can't anyway... the internet is NOT a secure transport.
January 2 2010, 02:45:00 #980 [0 Agree] [0 S] [0 T]
cool story bro, I'd like to see this implemented
January 10 2010, 12:08:21 #1028 [2 Agree] [0 S] [0 T]
This feature was donated by Joshua Gross (joshisgross.com) - many props to him!
To use it, click [New Thread] and you will see (depending on your browser) either a checkbox or a link to create an encrypted thread. Please note that encrypted threads do not work if you're in mobile mode, and decryption can be extremely slow in Internet Explorer.
Let us know what sort of things you use it for! ;P
January 10 2010, 13:40:00 #1032 [1 Agree] [0 S] [0 T]
@1028
I'd like to point out that while I donated much of the feature, OP made it look pretty and smoothed several issues out. Lookin' good.
January 10 2010, 14:43:28 #1039 [2 Agree] [0 S] [0 T]
Yo Josh. I only met you once, but I'd like to say that you're a pretty cool dude.
January 10 2010, 20:07:07 #1045 [0 Agree] [0 S] [0 T]
@1039
anonymous compliment instead of flaming, this is unprecedented in the history of bulletin boards
January 11 2010, 12:08:19 #1059 [0 Agree] [0 S] [4 T]
yo josh. i only sucked your cock once, but id like to say that it's rather tasty.
January 11 2010, 12:57:25 #1061 [3 Agree] [0 S] [0 T]
@645 Good job on the encryption mechanism, guys. I like.
January 13 2010, 00:36:25 #1071 [0 Agree] [0 S] [0 T]
Interesting mechanism, however, especially on an anonymous board, I don't see how much good it is, as you still have to somehow securely transmit the key to all other interested parties.
January 13 2010, 03:02:06 #1073 [1 Agree] [0 S] [0 T]
@1071
There's no way to solve thisĀ "problem" * without breaching security by transferring keys over a network.
* this is the point of the feature: keys never leave your computer/trusted parties' computers unless you want them to.
Give them to someone in a text file on a USB drive, etc.
January 13 2010, 08:31:20 #1076 [0 Agree] [0 S] [0 T]
@1071 @1073 The idea is to enable secure communication between trusted parties. Say you have a friend in another state with whom you would like to be able to communicate privately. You can email him the link, but tell him the passphrases over the phone, and the thread remains secure.
If the email gets intercepted, they still won't have the keys to be able to view the thread. If they intercept the phone conversation, they won't know where the thread is located.
Depending on your level of paranoia, you can exchange keys via phone, email, IM, postal mail, face-to-face meeting, encrypted thumb drive, etc. That part's up to the user!
January 13 2010, 23:16:27 #1082 [0 Agree] [0 S] [0 T]
I'm totally not using it to exchange private links to movies & music with friends.