I’m a developer and I’ve created websites and mobile/desktop apps for business and self-employees.
I’m a person who always liked privacy and I’m planning to create a Google photos open source alternative. Alternatives already exist but what makes this project different is that it’s going to be quantum resistant.
This is my plan:
-
Photos backups, sharing, see photos locations in Open Street Map.
-
Use recommended post quantum algorithms by The National Institute of Standards and Technology.
-
Take an hybrid approach, this is quantum and already known encryption.
-
Create the app with Material 3 design.
I’m just creating this post just to see if there would be people interested in this project and to ask if you could share your opinion.
-
Do you think there would be a market for this?
-
Would you be interested in being an early adopter and test it out?
Please share suggestions and opinions! 😁
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.32K Posts
- 54K Comments
- Modlog
A few notes as I’ve been doing some PQ research for my own projects:
With that said, I’d want to know where and how the encryption is going to be applied.
An ideal solution for me:
I suppose you could use a PQ TLS, but if the payload is already AES encrypted, I see little value. You could use PQ to sign each object I suppose in case your AES key is broken, but that would mostly detect tampering of the data.
Thank you for your ideas, I really appreciate it and I’ll have those in mind
I’m not too sure if “it uses a different encryption algorithm” is enough to differentiate from the competition. And to be perfectly honest, from one developer to another, I’m always extremely skeptical when a developer says “I plan to develop X” before I see something concrete like a codebase or some kind of alpha 😛
Sure, thank you, I’ll let you know when there is one 😁
So, something like Pixelfed, but with PQC encryption in the file system and enabled for HTTPS?
Actually it would be a personal gallery, something like google photos. But you’d be able to share albums and photos to family or friends
Have you thought of expanding on what Librephotos to make what you want?
Yes, I’m still thinking if expanding a project or start a new one. But expanding a project is interesting
Where do the encryption algorithms come in to play? In flight or at rest? What threat vectors are you hardening against?
I’ll test which one is better for UX and decide then
(See this post about NIST’s PQC standardization process…)
Thank you for the post, I’ll study what conclusion I can get from there
As a fellow (and somewhat informed) post quantum enthusiast, I would take that debunk with a carton of salt. A lot of it comes down to “we don’t trust the gubmint!”
One of the objections, for example, is “unless you’re inside NIST… blah blah blah.”
I live in Boulder Colorado. I’ve been inside NIST and I have friends who work there. They’re not NSA spooks, they’re science and math nerds (some with PHDs). YES the NSA sticks it’s fingers in stuff (I’ve heard friends complain about this), but MOST of that has to do with funding and priorities (as it impacts the researchers there). They’re just science and math nerds who happen to have government jobs.
One thing about the NSA is YES they want to break crypto and spy on people, but they ALSO want to create safe crypto (so they can use it without worrying China and Russia are going to find their little back doors and backdoor THEM).
On the flip side, Daniel Berstein is an interesting guy who’s done cool stuff to support free software and opensource as far back as the 90s. He’s probably right that NIST needs to be more transparent in setting their standards and in the math that they use and as things progress him and others advocating for transparency should absolutely keep pushing. But is that a reason for the internet to freak out an say “Don’t play with Kyber, the NSA P0w3ned it!!11!!!” Absolutely not! We should be playing with Kyber (I’m using it in two different projects right now), so that we can learn and understand how to implement it (and other, future post quantum algorithms). I’m assuming Kyber is NOT going to be the be all and end all of post quantum. We’re still at very early stages here.