WingNews logo WingNews GitHub [2]
top | item 32136202

Show HN: PubKey – Communicate Privately in Anonymous Public Spaces

131 points| popcalc | 3 years ago |pubkey.pm

A little while back I remember seeing a user on a certain anonymous imageboard asking for an invite to a selective email host. Only after a few minutes did the guy realize the perplexity of the situation. How do you insure against a race condition in a public forum with no way to direct message?

Luckily, he nabbed the invite code, but it got me thinking about using PGP to provide a solution. This is meant to be a rough PoC and the UX is definitely not ready for the average Joe, but the functionality I'd like to think is there.

What catbox.moe is to dropbox is what I'd like this to eventually be to keybase. Btw, "this page uses NO SERVER" just means it's static. I'm not trying to fool anyone lol.

Edit: Source Code: https://codeberg.org/popcalc/pubKey

65 comments

order
[+] hardwaresofton|3 years ago|reply
So I've had this idea on my radar for a while, but here was my angle:

What if you made this a web extension, and took control of textareas everywhere on the web?

Why not be able to turn any message delivery (ex. facebook messenger) into a delivery for private messaging. What keybase used to be (a repository for peoples' public keys) would be a great integration point -- if the person has a public key listed (maybe in a twitter bio, etc), you can send them messages that are encrypted with a generated symmetric key + nonce (the usual safe enveloping rigor you need) -- and every message you send them might start with the URL or the actual encrypted message itself (and it would be up to them to use the extension to decode it).

It would be easy to get this working with a browser (a sufficiently powered web extension would do), but a bit harder to get it working on phones since the APIs aren't QUITE there, but IIRC there are some screen scraping APIs that could actually work (as long as your read the screen text, convert that to a message, then decode etc).

[+] exabrial|3 years ago|reply
This was called PGP and it was cool for awhile
[+] rapnie|3 years ago|reply
Should talk to the folks of Keyoxide [0] [1] to see how this aligns (Keyoxide is like Keybase identity parts, and then FOSS).

[0] https://keyoxide.org

[1] https://codeberg.org/keyoxide/

[+] popcalc|3 years ago|reply
Keyoxide looks awesome, thanks for mentioning! I'm going to look deeper into it. As far as pubKey, the idea is really to keep it ephemeral. Most important steps would probably be looking into different crypto libraries and implementations, then UX.
[+] jstanley|3 years ago|reply
It's good that you're taking steps to make sure your tool is completely client-side. Good job!

You're loading bootstrap.bundle.min.js from jsdelivr. This opens you up to an unnecessary supply-chain attack (i.e. if jsdelivr becomes compromised or malicious, it can ship a modified version that exfiltrates user data). You're also loading crypto-js.min.js from cloudflare, which has the same problem.

I would recommend moving both of those 2 script files to your own domain so that the user is only trusting 1 site instead of 3.

EDIT: I just noticed you are using subresource integrity to mitigate this problem. Never mind then, carry on!

[+] luke-stanley|3 years ago|reply
I wonder if there is a popular way for the user to pin a hash of a webpage (to be warned if it changes)? IPFS probably has a way to do hashes of pages, but for other hosting methods, maybe a popular extension to verify contents of the site would be good. Like a hash for the whole page that can be verified. I think I saw a site specific thing for doing that but popularity across multiple sites would help adoption. It's weird that Some of the Javascript has resource hashes and some doesn't. Not that this makes it especially more secure...
[+] popcalc|3 years ago|reply
Speaking of IPFS, I actually had it pinned for a bit and it worked great. I was going to look into Pinata, as I had used them years ago. Turns out they've completely pivoted to NFTs and the same plan costs 10x what it used to. I could host on my home server but don't want to leak my IP. Is IPFS over TOR a thing?
[+] effisfor|3 years ago|reply
Thanks for this. Related to it, does anybody have any resources showing the state of the art for non-tech audience to remember client generated private keys?

What are options? Password manager (most people I know don't use one), Browser keychain (no guarantee of sync between user devices), WebAuthn (same problem), IndexedDB or localstorage, (both can be purged, again, no sync).

Unless I'm missing something, I feel this is problem worthwhile solving as a community, it would unlock a lot of utility/privacy for the average web user.

Would love to hear any more qualified takes on this.

[+] ttyprintk|3 years ago|reply
Or base64 encoded as a document anchor in the url, like zerobin. This relies on bookmark storage (so, you start to worry about shredding such a key).
[+] ryukafalz|3 years ago|reply
IMO the recent announcement of synced WebAuthn platform authenticators that’ll be supported by major platforms is probably the closest thing, at this point.
[+] kaoD|3 years ago|reply
I suggest using hash instead of query params so the keys are not sent to the server.
[+] makeworld|3 years ago|reply
To be clear, you mean the fragment part of the URL, everything that comes after the pound sign. Not a cryptographic hash.
[+] davidy123|3 years ago|reply
There are formal efforts to create 'decentralized identifiers,' including W3C DIDs[1] and KERI[2].

1. https://www.w3.org/TR/did-core/ 2. https://keri.one/keri-resources/

The former has good traction, why not support that? (they don't require a blockchain btw, though some implementations propose perhaps one of the most appropriate uses of one, simply to store public keys and revocations).

[+] upofadown|3 years ago|reply
Kudos for using some sort of preexisting standard rather than pointlessly developing your own.
[+] kaoD|3 years ago|reply
Can we get a quick summary of the whole crypto system?
[+] jstanley|3 years ago|reply
It says:

> The URL generated contains an ECC curve25519 ciphertext (wrapped in AES simply to throw off SIGINT) that contains an armored version of the public key corresponding to the provided private key. People can visit this custom link and enter their message to encrypt it only for your eyes.

I don't quite understand the idea behind wrapping the ciphertext in AES, with a constant key of "123NSA".

The implementation is pretty short: https://www.pubkey.pm/index.js

[+] tptacek|3 years ago|reply
It's not completely client side, because you have to hit a server to load the code. If anybody actually started using this for real, that'd be the weak link that would be (easily) attacked.
[+] aardvarkr|3 years ago|reply
How would you attack it? It’s hosted on GitHub with ssl encryption and any changes would require someone to merge malicious code that would be obvious to any maintainer of the project. Everything is hackable to someone motivated and well funded but github should be pretty dang tough to penetrate.
[+] balderdash|3 years ago|reply
I think you need a way of not destroying the human readability of the chat - if I came here and there were piles of cipher text blobs I’d be very turned off
[+] pmoriarty|3 years ago|reply
What makes this anonymous?
[+] capableweb|3 years ago|reply
It's not that it makes anything anonymous, the usage was made for already anonymous spaces.
[+] nikolay|3 years ago|reply
No source code, no thank you!
[+] popcalc|3 years ago|reply
Should have it linked within 15 min! Obviously I don't condone anyone to use this for serious things as of this stage.

Edit: Source repo in original post!

[+] nibbleshifter|3 years ago|reply
view-source (its all client side)