Code Monkey home page Code Monkey logo

Comments (3)

lovasoa avatar lovasoa commented on July 29, 2024

Hello and thank you for the kind words :)
Currently, the server does read messages, and this allows it to maintain long-lived boards such as boards/anonymous. If the messages were completely encrypted (and thus not readable by the server), then the server would have to keep the list of every single message that was sent and send all of them back to clients when they connect. This wouldn't be a problem for small boards, but would quickly become unmanageable for boards that have a lot of text (where one message is sent by keystroke), or where objects are deleted and recreated often. The server also validates that messages are well-formed, and you would have to remove that validation, and let it store potentially invalid messages.

This leaves you with two possibilities if you want to implement this feature :

  1. Only encrypt the messages partially. You could keep only the information about the message type and object id, and not the position/size/tool used.
  2. Encrypt the message completely, and accept that encrypted boards will take longer to load, and will see their old objects disappear more quickly than in clear boards.

Anyway, a PR is welcome !

from whitebophir.

pozzo-balbi avatar pozzo-balbi commented on July 29, 2024

If you are so concerned about privacy, why don't you just host it yourself.

  1. Get a VPS, setup your own DDNS service with your own (free) domain name or use a free/paid DDNS service (just in case you don't have a static IP like most users)
  2. Enable port forwarding on your home router and connect to DDNS service to update your IP regularly
  3. Setup whitebophir on your private computer and get free let's encrypt ssl certificates for it
  4. Share your private url and enjoy!

End-to-end encryption is not needed, in my opinion.

from whitebophir.

iblech avatar iblech commented on July 29, 2024

Sorry that I forgot this issue for so long. @pozzo-balbi, indeed, thank you for your suggestion, in fact I'm doing that exactly as you describe. The reason I'm still interested in end-to-end encryption is because I want my friends, colleagues and students not need to trust me to not look at their boards. (However, right now this issue has a very low priority in my life. Will most likely not get around to implementing it in the next couple months.)

from whitebophir.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.