Encrypt all back-end front-end communications

[cskeogh]

As a user, I want back-end 🡘 front-end communications encrypted, To keep the magnitude of my encounters private, and so no-one can associate my phone-number to userID.

Encryption would add an extra layer of protection. The current design doesn't transit personally identifiable information: query encounter tokens are untraceable, and upload encounter tokens are encrypted per #24.

This encryption would:

• protect user's phone number during register (#23 and #32)
• prevent a malicious user from determining a user's number (magnitude) of encounters. Even with encryption, a malicious user could estimate the magnitude based of the number of packets. So a salt should be used.

If we decide to proceed, TLS is one solution. TLS in a production (real-world) app would get encryption certificate from a certificate authority (CA). In our development environment, we would have to mock the certificates. Something like minica to be the mock CA, and generate an end-entity (leaf) encryption certificate for the Slowvid back-end. Each developer would generate their own CA certificate, end-entity (leaf) certificate and add their own CA certificate into their trusted CA store.

[JakeBrown]

This all makes sense. Padding/salting the data so the payload size doesn't give anything away is a really good point too.

We definitely need encryption in transit, and TLS is the de-facto way of doing this. In many cases you'd consider TLS to be a deployment requirement. It's not a common practice to run it in your local dev environment as there is a fair amount of configuration overhead as @cskeogh notes here. So before enforcing it in local development we'd want to be clear about what benefit it gives us.

We could have a guard which allows insecure communication only in local development. Using the express builtin req.secure might suffice and could be used like this:

app.use(function(req, res, next) {
  if (process.env.NODE_ENV != 'development' && !req.secure) {
     res.status(400).send('Requires TLS!')
  }
  next()
})

If we actually want to demonstrate the app communicating over TLS, it could be easier to just deploy it to a staging environment which would give us TLS for zero effort. I'm thinking Firebase, App Engine, Netlify, Vercel, or even something on AWS... though I'm less familiar with that. I'd be happy to set this up and automate it through the CI system.