Open J0WI opened 5 years ago
The problem is that this kills search abilities :/
I think this is rather expected than a problem. Full text search does also not work with encrypted files or the index is unencrypted.
Couldn't it be made optional per room, with a warning that the search won't work for this room anymore? EDIT: or not, otherwise I would need an API to set the rooms to be encrypted, too. 😅
Rocket Chat is now offering E2E encryption and I guess this should work the same way in NC-Talk, at least from a UX-perspective: End to End Encryption - rocket.chat
@nickvergessen Tutanota has already integrated it for Mail https://tutanota.com/blog/posts/first-search-encrypted-data/, Matrix is working on it for Riot https://github.com/vector-im/riot-web/issues/2548. Are you still worried that it's technically possible?
Well, did you read what they did? Basically it is keeping a ful un-encrypted record locally. Sure we can also try to do that, and will mostlikely do something like this when we have both search and encryption. But it will only work with the mobile clients. We can not download all your chats everytime to your browser, or even store them in the browser local data storage.
Don't get me wrong, I like e2e encryption and I also like search. The search problem is not preventing us from implementingthis. It's just a matter of the order of things we want to look into.
Well, did you read what they did?
Yes, I did. Do you think that would be a solution for https://github.com/nextcloud/mail ?
But it will only work with the mobile clients.
Would that be a good start to develop Nextcloud in this area?
or even store them in the browser local data storage.
I'm not enough of a technician. Why can't I do this in a browser using the local cache?
It's just a matter of the order of things we want to look into.
So the topic end to end encryption is already there for you, but further steps are not yet on the roadmap? That would be a huge thing. Self-hostable. And end to end encryption understandable and feasible for users out of the box. In the critical application areas.
How do normal end-to-end encrypted messenger apps perform the search part?
They store everything unencrypted on the device, or they can only filter the messages that have been loaded and decrypted already.
And this would technically only be an inadequate solution for Spreed/Talk? Because currently everything is in plaintext in an unencrypted database, right? Probably wouldn't matter if the databases could be encrypted, would it? I am asking because of "technical debt" label. Got the priority part of your message above.
First thing first a huge thanks for the amazing work you are doing :)
Quote from https://nextcloud.com/talk/
Stay in control End-to-end encrypted calls on your own server
Nextcloud Talk goes further than other encrypted communication technologies by keeping even metadata from leaking.
It's kind a frustrating to notice that the chats are not encrypted on the db even if the encryption plugin is enabled... i quoted the website because that make us guess that this feature is already implemented.
I know thing are complicated sometime but i think this is a must feature... at least the user may choose between search and encryption before getting everything working together.
Or do the encryption to the whole db, and encrypt/decrypt on each call... I guess that such implementation would implicate adding an interface to manage the db in an un-encrypted manner Or create a secondary db that would be un-encrypted and it would get generated/deleted with a button on the settings panel. (in the case of a full encrypted db of course)
@nickvergessen
Well, did you read what they did? Basically it is keeping a ful un-encrypted record locally. Sure we can also try to do that, and will mostlikely do something like this when we have both search and encryption. But it will only work with the mobile clients.
Yeah, I just re-read it. Under: "How does Tutanota's safe search through encrypted data work?" it says literally: "2. The search index is encrypted and stored locally on the client."
So what makes you say that the local record is fully unencrypted?
Search index fully stored on the client doesn't work for a browser....
@nickvergessen
Search index fully stored on the client doesn't work for a browser....
The Tutanota developers told me: "Works also in the browser, memory is no problem these days". However, so far without further explanation. Or may that be true for mails, but not for chat messages?
What about adding encryption directly to the client and ignore the whole thing, where we could have a feature to start an encrypted chat directly from the client let say talk for android... And technically just add the api of the app "OpenKeychain" like that we could manage add/remove/distribute the used key by our selve... this would require some change just on the client, nothing need to be changed on the server and it would remain a great additional feature.
@nickvergessen said:
Well, did you read what they did? Basically it is keeping a ful un-encrypted record locally.
For what it's worth, matrix-seshat indexes events clientside with Tantivy and then stores the indexes encrypted on disk, optionally also storing the original events encrypted on disk. You're welcome to use it in nextcloud (although I'd kinda wish you'd just use Matrix rather than figuring this stuff all out from scratch yourselves...)
Search index fully stored on the client doesn't work for a browser....
Why not? You have the normal problem of where to store key data, but that happens with E2EE of any kind. Otherwise, we're just waiting for WASM to support threads and we'll compile Seshat down to WASM and put it in Riot/Web.
What about adding encryption directly to the client and ignore the whole thing, where we could have a feature to start an encrypted chat directly from the client let say talk for android... And technically just add the api of the app "OpenKeychain" like that we could manage add/remove/distribute the used key by our selve... this would require some change just on the client, nothing need to be changed on the server and it would remain a great additional feature.
This would be great, I already thought of opening an issue to implement gpg, but than I found this one. Apparently there is an openpgp.js library, maybe than one can be used for the browser integration? Please tell me if I am wrong, I am not really coding much in JS
The problem is that this kills search abilities :/
I personally don't care about being able to search in the chat, wouldn't it be possible to just let the user choose to enable/disable encryption and display a warning that with enabled encryption search abilities won't be accessible?
Looks like it doesn't have to be a question of either search or encryption. https://github.com/nextcloud/spreed/issues/1437#issuecomment-586468169
What about encrypting the complete database?
Really like to see something similar to Telegram's "secret chat" be implemented into Talk.
This feature missing is the biggest reason I installed a complete matrix instance and using an sso provider, to get easy login into both. With this feature I would probably not done it, this way I disabled talk.
Talk is great, but E2EE is for many people probably a mandatory feature.
At the risk of sounding ignorant, don't we already have a parallel setup with libsodium in Passwords? I haven't looked at all at the client source but wondering if we could use the same sort of methods (but encrypted to yourself and the other user) for incognito 1 on 1 chats, even if it's at the expense of not having voice/video in those specific chats?
Is there any news regarding this feature? As @jonathanmmm said, it's a pity you have to switch to other chat environments for this feature.
Hi, same request like @handkerchief333.
Please create a way to store chats encrypted or simply create an option to not store a chat history on the server in the first place. (only on the enduser apps. )
would be perfectly fine for my organisation. Kind regards and thanks for all the work and effort.
Expected behavior
Chats should be stored encrypted with user/server keys.
Actual behavior
Chats are stored in plain text in database.
See also:
37 for E2E (client side) encryption