In this political climate this might be a good concept for a message app company to protect themselves.

[RandomPoster]

A messaging app company wouldn't have to monitor or be responsible for what their users post if they set it up so that they are incapable of monitoring their user's posts Imagine you are a user of an app where you can post messages. You have a private key stored only on your client device, generated when the user prompts locally after installing. However, you have to be able to share the key with as many users as you like through the app so they can read your posts. The message would be encrypted at the client using symmetric encryption, then broadcast using SSL with a totally unrelated SSL key. Anyone with your private key saved on their device could decrypt your message on their device. Key sharing would only be encrypted with SSL and maybe an additional password pre-exchanged on some other platform, and the hosting company would protect itself from liability by not tracking key exchanges. Also, in addition to the private key and SSL key, messages could have a message specific password you could share via other means.

You post something like you do on Twitter, except your message is a wall of encrypted text to the entire planet, even the hosting company. The private encryption key would be required to decipher even the length of the message. By default, all messages are 2048 characters, unless you can decrypt them and the client app knows to shorten them. The message is only stored in encrypted format on the hosting company's server and they do not have your encryption key. Anyone you share your key with can read your messages until they are deleted. The hosting company also deletes all posts after 48 hours by default or even less if you specify it in your message. You can select an option resulting in your message being deleted in as little as 15 minutes and doing so makes it ineligible to daily backups. Of course the message does not display at what time it is scheduled for deletion. Even your daily backups only go back at most 3 days and are deleted after that. The company would also be scrubbing their equipment periodically to prevent someone from infringing on the privacy of their users.

Also, your account information is limited to username and password, invalid login attempts etc. Not even your IP address is intentionally stored. You go out of your way to protect your user's privacy from even yourself. If anyone accuses you of allowing questionable content on your platform, you can tell them you have no way of monitoring it. An additional option would be for a user to purchase the key exchange app from a completely separate company and the client messaging app from yet another company and your company only handles transmission and posting in order to reduce the amount of trust your customers would have to place in you. You could also reset your private key at will and re-distribute it as well as create new accounts at will.

 

[BULLDOG]

Wow You just invented Email. Congratulations.

 

[RandomPoster]

Wow You just invented Email. Congratulations.

1. Google can read your emails. They store them indefinitely on their own servers. If they are encrypted, it is with a key Google has, so they can decrypt the emails. Twitter and everyone can read your tweets.

I am talking about being able to publicly post encrypted messages that everyone can see, except no one can read unless you give that individual the key. You can set up groups to communicate with and post whatever you want without fear. Even the hosting company can't read them. They don't want to. They want to be able to shrug their shoulders and say we have no idea what anyone is posting so we bear no legal responsibility