Encrypted Photo Storage & Social Collaboration
#1
Most of you will have noticed the amount of media attention surrounding Facebook, and it seems were are finally coming to a collective realization of the value of the data that it has been harvesting for over a decade.

I was thinking that now would be a fantastic opportunity to publish an encrypted photo storage app, that basically works like iCloud and Facebook Photos, but stores them encrypted so there is no data, and then de-crypts them client-side (similar to how Photon works), to faciliate social conversation.

The biggest problem I have with my Photos is that I want them in the Cloud, because that functionality is amazing, but I don't want to compromise my data - location, time, device types, etc!

I'm working on a architecture model to facilitate this encryption functionality, and whilst I am fully able to do the backend work myself, I have very little experience in Java or Swift for Android & iPhone apps.

If anyone wants to work with me on this, please let me know!
Reply
#2
Are you thinking something like the mega.nz app for iOS/Android? Encrypted storage, and you can set it to sync all your photos?

Or, is it as "anonymous" upload service that clears EXIF data and such?

(I use a script that clears EXIF data on all pictures I have, and sets the location for where it was taken to 39°6′32″N 76°46′17″W - Also, sets the camera type to "Hubble")
Reply
#3
The idea is to emulate traditional social media functions are much as possible, but in a way that protects the user's privacy. Think Instagram, but in a world where Instagram has no visibility into what photos are being posted.

I believe Mega.nz is basically just an encrypted Cloud repository, whereas my idea also includes the ability to "post" photos online for "friends" to see and comment on, like we currently do. However, if that data is encrypted server side, there's limited potential for the provider to sell user data, as we won't be physically able to extract EXIF data, etc.

The challenge is to develop an encryption scheme that allows a master user (the profile owner) to share a key with friends in order for them to decrypt the content, without us being able to intercept or store that key. I have a few ideas, and am working on a detailed description now.
Reply
#4
Aah, okay. So are you thinking only image sharing, or a broader social media platform ? Like, https://counter.social
Reply
#5
I'd like to make something I can create relatively quickly, so photo sharing seems a nice targeted scope to stick to for an initial launch.

Haven't seen counter.social before, but it seems more aimed at aggressively enforcing bans, whereas I'm interesting in taking away the provider's visibility into user's data - they hold the decryption keys.
Reply
#6
This sounds like an idea! I know there is already some github projects like this. Although one downside with some clientside encryption is that they require JS. Although for your normal netizens that probably doesn't matter.

Some cool projects:
img.bi - https://github.com/imgbi
up1 - https://github.com/Upload/Up1

JS-free alternatives?:
Lufi - https://git.framasoft.org/luc/lufi/ (Client side encryption via html5?)
Gouploaders - https://up.depado.eu/ (Server side encryption)

More projects:
https://github.com/Kickball/awesome-self...rop-upload
https://github.com/Kickball/awesome-self...ronization

These githubs seems to be more of a website upload type of thing. But taking some of the ideas and concepts and making it into an app might not be impossible either.
Reply
#7
(03-21-2018, 02:17 PM)Insider Wrote: Some cool projects: 
img.bi - https://github.com/imgbi
up1 - https://github.com/Upload/Up1

JS-free alternatives?:
Lufi - https://git.framasoft.org/luc/lufi/ (Client side encryption via html5?)
Gouploaders - https://up.depado.eu/ (Server side encryption)

More projects:
https://github.com/Kickball/awesome-self...rop-upload
https://github.com/Kickball/awesome-self...ronization

Thank you for this! These will be very useful as the basis for the library handling the encryption, however, the types method of encryption changes when I need to ensure content is accessible to users that have been "shared" the content.

I drew an architecture that I believe will work today, if there is an appetite here for this project I will put it into Visio and attach it here. I think seeing the architecture will explain the concept better. Whilst there are lots of these 'secure storage' platforms, they aren't social media platforms, which is what I'm aiming for.

More to come!
Reply
#8
(03-21-2018, 02:17 PM)Insider Wrote: Although one downside with some clientside encryption is that they require JS. Although for your normal netizens that probably doesn't matter.

Yes, some of the conversations I've had to day about this idea have been very fruitful. Because the platform is designed to protect user data, not necessarily facilitate anonymity, we can afford to be a bit leniant in some respects. It's also aimed at general users who are sick of traditional social media, so it needs to be as user friendly as possible.

If we were practicing good OPSEC, then our client-side key management processes are critical. However, in this case, I don't actually care what the users do with their keys, and would advise them even to email it to themselves as a record in case they lose it (and lose all their photos!). This is because we are simply aiming for a solution where the platform doesn't see the data, and not trying to protect classified intelligence or hide certain activity - although perhaps that can come later for advanced users who understand the issues better.

I'm actually getting excited about this because I think it could work and actually resemble a social media platform to a reasonable extent.

At this stage I'd prefer anyone to private message me if they're interested, as whilst I will probably make my code open source, I'd rather keep the idea away from public spaces until it is better developed - so please let me know if you want to stay informed / collaborate.
Reply
#9
...Project officially launched. More to come soon.

www.strong-links.org

The quality of the website makes me cringe, but any time spent there is just time spent away from developing the project.
Reply
#10
(03-25-2018, 05:56 PM)EnigmaCookie Wrote: ...Project officially launched. More to come soon.

www.strong-links.org

The quality of the website makes me cringe, but any time spent there is just time spent away from developing the project.

Good luck with it, how are you gonna finance the project tho?
Reply