MixinNetwork / mips

Messenger Improvement Proposals
https://mixin.one/mm
Apache License 2.0
2 stars 0 forks source link

Allow bots to encrypt custom data using a user's private session key #16

Open liusining opened 4 years ago

liusining commented 4 years ago

It's said that Messenger will support E2EE (#8) for bot conversations, while bots will receive users' public session keys. Under these conditions, an extra feature can be very useful for bot developers:

Allowing bot frontend to encrypt custom data using a user's session key, via Javascript API.

Why this is useful?

Knowing

  1. A user's device status is ACTIVE
  2. The session with which the user is currently interacting (and thus the device platform)
  3. The corresponding public key to decrypt data

A developer will be more confident that a request of the user is from a real mobile Messenger app since it's not easy to get the underlying private key without breaking the above conditions.

Messenger may allow calls to the API only from a bot context, such as the context triggered through clicking on a bot icon, and ignore calls from plain windows.

Things will be even better if the planed E2EE uses a different private session key for each bot conversation, because fraudulent bots will be hardly possible to mimic others. (Of course, this will be much more expensive)

At least, bot developers can use this API to protect some sensitive user info with ease.

cedricfung commented 4 years ago

Where should this encryption happen? In the WebView? Could you please describe a possible use case?

liusining commented 4 years ago

A probable working scenario:

  1. Messenger has an encryption API that can be accessed in a WebView.
  2. A bot (frontend) pass in some data and get an encrypted string.
  3. The bot sends the encrypted string to its backend.
  4. The backend, with the user's public key, decrypt it.

My use case:

TL;DR: encrypt geolocation data to provide additional confidence about the data's authenticity.

I am developing a bot providing some location-based service. I know that location is not fully supported now on Messenger of Android and related features are still in developing, so I'm talking about things afterward.

I have heard that Messenger will have a special API to let developers get a user's geolocation. But as long as the geolocation is given by plain latitude and longitude numbers, I cannot find a way for my backend to make sure its authenticity. That being said, a user may upload any latitude and longitude value by calling my backend APIs through an HTTP client.

However, if the geolocation data can be encrypted by a private key that users are difficult to read, I should be more confident that it is provided by a real Messenger app.

Although I'm still not able to say that a piece of geolocation info is 100% authentic and correct, with the protection of the encryption API, much fraudulence should have been kept from my application.

cedricfung commented 4 years ago

This could be done along with https://github.com/MixinNetwork/mips/issues/8, we have added user Ed25519 key in the API.

crossle commented 2 years ago

Other suggestions Allow Mixin Messenger to encrypt personal sensitive data stored in Mixin Cloud(Maybe decentralized cloud).

  1. User generates a private key encrypted by user PIN(Maybe we use the same private key used by Wallet), use the private key encrypts the personal sensitive data, Like User's ID, Passport, Bank Card, or encryption files(e.g. ID card), save the Data or Files to Mixin Cloud.
  2. When users request sensitive data, request the data from Mixin Cloud, use the PIN to get the private key to decrypt the data.