Encrypt Private Messages

[PoC2]

I would like to suggest that the Private Message system be updated so that messages between participants are encrypted, and can only be decrypted by the involved parties.

This would mean that even admins could not read those Private Messages and more importantly (heaven forbid) if the database were accessed or downloaded without authority then the meaningful content could not be extracted from the database and used for extortion.

Privacy and security are becoming increasingly important, not just for site owners, but also users.

[Adriano Faria]

Well, at this point, if my db were downloaded by someone else, messages would be the least of my worries. You should be worried with most important things like members/clients data, topics, posts, etc.

[PoC2]

No.

Private messages.

Encrypt please.

[Mark]

I'm not sure it would be possible in a way that even the admins couldn't read them if they wanted. The keys to decrypt need to be stored somewhere and unlike a mobile-based app where they can store those keys on the device, the only thing we could do is store it in the browser, which would mean clearing your browser data would wipe the key. Unless we store them in the database which means they're not end-to-end encrypted and anyone with access to the database could decrypt them.

Note that, for example, "secret conversations" in Facebook messenger cannot be viewed in your browser, only on their mobile apps.

[Cyrem]

As Mark said.

And how would conversation reporting work for harassment(and many other worse things) ... if admins could not review the content of the messages as well as context?

[ClubCuddly]

If the messages were encrypted, couldn't an admin still see them by viewing/logging in as x member via the ACP?

[Matt]

We make no allusions that the 'Personal Conversations' area is "private". I can't imagine that anyone would be exchanging credit card details over a forum messenger.

[Misi]

16 hours ago, PoC2 said:

I would like to suggest that the Private Message system be updated so that messages between participants are encrypted, and can only be decrypted by the involved parties.

It would be possible to make an encrypter-decrypter to use, with an agreed password for the parties involved.

How to set-send the password so the admin could not read the messages without it?

Skype, WhatsApp, Viber, etc. ? If the parties do have them they can chat on them without the forum software.

[RevengeFNF]

19 hours ago, PoC2 said:

I would like to suggest that the Private Message system be updated so that messages between participants are encrypted, and can only be decrypted by the involved parties.

This would mean that even admins could not read those Private Messages and more importantly (heaven forbid) if the database were accessed or downloaded without authority then the meaningful content could not be extracted from the database and used for extortion.

Privacy and security are becoming increasingly important, not just for site owners, but also users.

Where would you store the encrypt keys? You can't store them in the database.