-
Notifications
You must be signed in to change notification settings - Fork 212
How and when your data can be compromised?
End to end encryption ensures that once the encrypted data leaves our device can not be read by anyone else other than the recipient, considering the private/public keys are not comprised.
What happens if your device is compromised?
The encrypted data, required keys stay in your RAM i.e. short lived. If your device is compromised (stolen, cloned etc.), one can retrieve keys (with forensic tool and enough technical skills) and decrypt the data and read messages in plain text. However in this case, the other user's identity is still unknown. But is it possible to know that as well? - Somewhat.
Can a third party get to know with who you are talking?
Not completely but up-to certain extent, only if any of your device is compromised. It's technically possible to retrieve unique link (that you used for chatting) from memory trace. By analyzing network packets that were sent over internet it's possible to reach the other end of the node. But this issue is rather relevant with staying anonymous in the internet in general, not related to this application.
Is there anything that can be implemented in application level to keep end nodes unidentifiable / hidden ?
Yes, although the anonymity is dependent on no of node present in the network. The idea is to send the packet to every connected node but can be decrypted by only recipient. In this way, packet analysis will lead you to all connected node, hence the particular user can't be identified. Only makes sense to implement when there are enough active users.
Example:
- In network 4 users
a
,b
,c
,d
are connected. -
a
sends a message tob
. - The server takes the encrypted message from a and send it to
b
,c
,d
. - As only
b
has the right key, onlyb
can read the message.
So, in this case, the network packet analysis of a
will lead to b
, c
, d
. Considering the large no of connected node, it'll be impossible to identify the end user.