I'm diving into a project to create a messaging app that prioritizes user privacy by ensuring the architecture is based on a zero-knowledge model. This means the server won't store user messages or keys in any readable form, making it completely 'blind' to user interactions. My system's setup includes:
- The server only holds encrypted messages and public keys, while private keys are stored securely on users' devices.
- Decryption occurs on the client-side, meaning without the right keys, no messages can be accessed.
What I'm looking for assistance with is two main aspects:
1. Developing mobile apps (for both Android and iOS) that deliver a native experience, allowing users to manage their private keys directly on their phones.
2. Designing the user interface and experience for the chat functionality, while ensuring that the key management (including generating, backing up, and importing keys) is intuitive for everyday users.
My aim is to keep this project open-source and free for everyone to use. If you have experience in mobile development (Flutter or React Native) or UI/UX design and are passionate about privacy-focused tools, I'd love your insights or help!
1 Answer
This sounds like an amazing project! For managing keys, have you considered methods used by apps like Signal or Session for account recovery? They make it user-friendly without sacrificing security. I'd love to see the GitHub repo once it's up!
Thanks! I'm actually looking into Session’s mnemonic phrases approach, as it seems quite user-friendly for local key handling. My vision includes:
1. **Encrypted Backups**: Users can download a password-protected encrypted file for easy recovery.
2. **Freedom in Management**: Users will have the flexibility to create new keys, upload their own, or generate them from scratch.
3. **Clear Privacy Terms**: If users change or rotate keys, they'll lose access to old messages—proving there's no backdoor on the server.
I haven’t made the GitHub repo public yet because I want to ensure it's stable and well-documented first. I’ll let you know when it's live for your feedback!