Prior to the incalculably game-changing Snowden revelations of 2013 privacy was something assumed by most as being guaranteed. Following them, not so much. The credibility of cryptographic algorithms came into dispute, as did the credibility of most major telco’s, service providers and equipment manufacturers (Facebook, Google, Microsoft, Cisco etc).
A project of mine, now dubbed Akelarre (the meeting place of witches), began several months ago as an experiment with a real-time server>client communication library named SignalR built on top of PostgreSQL.
I wanted to develop a simple group chat application. As most projects tend to, this quickly spiraled out of control as I came up with more and more ideas: server-side encryption, per-group encryption, secure invites and secure file uploads… but then I thought: but what if the admin goes rogue or the database and key(s) are compromised?
Enter the concept of host-proof applications, where the host cannot be trusted with sensitive data.
Note: This project is no longer maintained. I may revisit it at a later date.
Continue reading “zero trust”