Consider any chat application like gtalk, whatsapp. My question is related to how the server side implementation for these are done. The scenario is:
Client A wants to talk to Client B, via a chat server S. When the communication is implemented, I assume there is NAT (Network Address Translation) server running on S, by which both parties identify themselves to S.
After this point, S or whatever chat server runs on S, acts as the mediator between A and B. When A sends "Hi B, how are you?", this sentence must be going to S, and S would then send it to A.
考虑任何聊天应用程序,比如gtalk、whatsapp。我的问题与服务器端实现的实现有关。的场景是:客户想要跟客户B,通过一个聊天服务器S通信实现时,我认为有NAT(网络地址转换)服务器上运行,由双方确定自己美国在这一点上,或者聊天服务器运行在年代,A和B之间充当中介当发送“嗨,你好吗?”,这个句子必须是S,然后S将它发送给A。
My first question comes here: The communication between the client and server, is it encrypted? I know the data would be packetized according to TCP/IP communication stack, and that the data part of this packet would contain the actual text A sent. But this data part, is it secured by encryption? Meaning, if someone where to sniff the packets and extract the data, will they able to figure out what A send to B?
The reason I ask: If I were to make a chat application, how do I protect the privacy of my users from strangers or even myself (because what A has sent is visible to my server code, and I might as well write it to a file; who knows, Google could be doing this :P).
我的第一个问题是:客户机和服务器之间的通信是加密的吗?我知道数据将根据TCP/IP通信栈进行分组,这个数据包的数据部分将包含发送的实际文本。但是这个数据部分,是加密保护的吗?也就是说,如果有人在哪里嗅探数据包并提取数据,他们能找出A发送给B的是什么吗?我问的原因是:如果我要做一个聊天应用程序,我如何保护我的用户的隐私不受陌生人甚至我自己(因为我的服务器代码可以看到a发送的内容,我也可以把它写到一个文件中;谁知道,谷歌可能会这么做:P)。
Now suppose B was offline, then S would have to delay sending the message to B until B comes online and asks for stored messages. Or at this point, consider an application like dropbox storing a file temporarily.
现在假设B离线,那么S将不得不延迟向B发送消息,直到B上线并请求存储消息。或者在这一点上,考虑像dropbox这样的应用程序暂时存储一个文件。
Second question: How does S store this message or file? How is the encryption done? In short, if I were to make such a product, how could I assure the users that their data is safe and private on our servers, that even I or my company cannot read it, even if we wanted to.
第二个问题:S如何存储这个消息或文件?如何加密?简而言之,如果我要制作这样一个产品,我怎么能向用户保证他们的数据在我们的服务器上是安全的、私有的,即使我或我的公司也不能阅读它,即使我们想阅读它。
To summarize, how does a public domain website manage to keep it's users' data private and secure from strangers and itself?
综上所述,一个公共域网站如何设法使其用户的数据保持隐私,并使其不受陌生人和自身的侵犯?
Thanks for the suggestions!
谢谢你的建议!
1 个解决方案
#1
4
I'm assuming 1:1 communication (in other words, Alice and Bob have a private communication) – group chats are tricky.
我假设是1:1的交流(换句话说,Alice和Bob有一个私人的交流)——群聊很棘手。
Have a look at OTR. Basically, you need end-to-end encryption and the chat client needs to be able to exchange keys with other users automatically and assist the user in determining whether he trusts a key (e.g. using the Socialist Millionaire Protocol that lets two users confirm each other's identity using questions about shared secrets. So, the server doesn't need any special code for this – it just forwards or stores the encrypted data without ever touching it. However, the client needs quite some code:
看看OTR。基本上,您需要端到端加密,聊天客户端需要能够自动与其他用户交换密钥,并帮助用户确定他是否信任某个密钥(例如,使用*百万富翁协议,允许两个用户使用关于共享秘密的问题来确认彼此的身份)。因此,服务器不需要任何特殊的代码——它只是转发或存储加密的数据,而不需要触及它。但是,客户需要一些代码:
- The clients need to be able to exchange public keys automatically when two users talk to each other for the first time.
- 当两个用户第一次对话时,客户端需要能够自动交换公钥。
- The clients need to be able to store other users' public keys so that they notice when someone's key changes.
- 客户端需要能够存储其他用户的公钥,以便当某人的密钥发生变化时,他们能够注意到这一点。
- The clients need to be able to assist the user at confirming the other user's identity (e.g. using the Socialist Millionaire protocol or by exchanging public key fingerprints over the telephone) and store and permanently show information about this trust (e.g. as a small "verified" icon next to the user's name).
- 客户需要能够帮助用户在确认其他用户的身份(如使用*的百万富翁协议或通过交换公钥指纹通过电话)和永久存储和显示这种信任的信息(例如,作为一个小的“验证”图标旁边的用户的名称)。
- The clients need to be able to encrypt/decrypt and sign/verify messages from other peers using the keys that were exchanged on first contact.
- 客户端需要能够使用第一次接触时交换的密钥对来自其他对等点的消息进行加密/解密和签名/验证。
Of course, to convince users that their clients really do what you say, you need to disclose your source code or at least let a few independent parties review it.
当然,为了让用户相信他们的客户真的会按你说的做,你需要公开你的源代码,或者至少让一些独立的团体审查它。
#1
4
I'm assuming 1:1 communication (in other words, Alice and Bob have a private communication) – group chats are tricky.
我假设是1:1的交流(换句话说,Alice和Bob有一个私人的交流)——群聊很棘手。
Have a look at OTR. Basically, you need end-to-end encryption and the chat client needs to be able to exchange keys with other users automatically and assist the user in determining whether he trusts a key (e.g. using the Socialist Millionaire Protocol that lets two users confirm each other's identity using questions about shared secrets. So, the server doesn't need any special code for this – it just forwards or stores the encrypted data without ever touching it. However, the client needs quite some code:
看看OTR。基本上,您需要端到端加密,聊天客户端需要能够自动与其他用户交换密钥,并帮助用户确定他是否信任某个密钥(例如,使用*百万富翁协议,允许两个用户使用关于共享秘密的问题来确认彼此的身份)。因此,服务器不需要任何特殊的代码——它只是转发或存储加密的数据,而不需要触及它。但是,客户需要一些代码:
- The clients need to be able to exchange public keys automatically when two users talk to each other for the first time.
- 当两个用户第一次对话时,客户端需要能够自动交换公钥。
- The clients need to be able to store other users' public keys so that they notice when someone's key changes.
- 客户端需要能够存储其他用户的公钥,以便当某人的密钥发生变化时,他们能够注意到这一点。
- The clients need to be able to assist the user at confirming the other user's identity (e.g. using the Socialist Millionaire protocol or by exchanging public key fingerprints over the telephone) and store and permanently show information about this trust (e.g. as a small "verified" icon next to the user's name).
- 客户需要能够帮助用户在确认其他用户的身份(如使用*的百万富翁协议或通过交换公钥指纹通过电话)和永久存储和显示这种信任的信息(例如,作为一个小的“验证”图标旁边的用户的名称)。
- The clients need to be able to encrypt/decrypt and sign/verify messages from other peers using the keys that were exchanged on first contact.
- 客户端需要能够使用第一次接触时交换的密钥对来自其他对等点的消息进行加密/解密和签名/验证。
Of course, to convince users that their clients really do what you say, you need to disclose your source code or at least let a few independent parties review it.
当然,为了让用户相信他们的客户真的会按你说的做,你需要公开你的源代码,或者至少让一些独立的团体审查它。