For $2200 I'll build you a system that not even the NSA could mathematically break, using good old fashioned one time pads based on high entropy random numbers.
Fuck signal.
Then you have the problem of keeping the OTP secure at all ends of the conversation.
Then you have the problem of keeping the OTP secure at all ends of the conversation.
I solved for that already.
A zero trust model is easy to come up with in one sitting, so I did.
Theres actually two approaches. One where a service (potentially selectable on the users side, much like torrent trackers) acts as a mediator for initial connection. And one where dedicated servers are more involved, but theres still no server-side decryption (tradeoff is latency because it requires multiple back and forth round trips for encrypting, sending, and decrypting on the other users end).
Number I wrote is what it would cost me to drop work right now, and build it. Once built though, it would only cost somewhere between $10 per user on the low end for one implementation, up to $35-40 per user on the high end implementation. Those are the actual numbers for the two specific implementations.
Involving servers ain't gonna work unless there's an easy way for any user to verify that the encryption is happening locally and there's no way for the servers to have access to the keys. Unfortunately, that's impossible. A trojan horse app could easily encrypt stuff locally and slip the key in and encrypt it with the server's key. Everything looks good on the user's end. Things are encrypted locally. Then they send the message and the server decrypts it to get the key, which can be used to decrypt the message. The encrypted message can be forwarded on to the recipient.
Any system that "does the encryption for you" is suspect.
(post is archived)