Not so long ago, I began to study the topic of end-to-end encryption in messengers such as WhatsApp and Signal. The main thing I can't figure out is how the user decrypts old chat messages if the chat secret key keeps changing and the user can't store the decrypted messages locally. After all, the data on the server is encrypted and you can’t get it as plain text just like that.
I would be very grateful if you explain this or give links where you can find out, I have not been able to find an answer anywhere for a long time.
Update: in the case of WhatsApp, I can imagine that the user saves the decrypted message to their cloud storage and restores the chat from there, although I'm not sure if this actually works (it does not look very secure). Am I right?
Related
I am running a business regarding selling/buying online things and I am mainly using Discord to contact my suppliers/clients. It grew quite tiresome to manually send private messages to each one of my suppliers, and to organize contacts with the current discord interface (outside of specific servers)
What I am interested in is: can I create a script that, when I run it, would send a private message to multiple people in my friends list (being given a list of discord names), WITHOUT using a discord server? The server/channel option is not viable for me, nor is using another app. I would start building that in any programming language, I am just interested if it's possible as I have found no information regarding it.
Unfortunately, Discord Accounts can only message other accounts that they're either in a server with or are friends with. Discord Bots can't add friends, and if they were in a server with all of your clients that would defeat the purpose. A hypothetical solution would be to invite all of them to a Discord Server with no text channels and then have the bot message them from there, which is 100% possible and would be really easy to do.
Hangout Chat is sending only new messages to the Bot, edits and deletes are not being sent and there is no info either in the documentation https://developers.google.com/hangouts/chat/reference/message-formats/events
Another issue is, bot's getting message only when its mentioned in a room, all other messages are not sent to bot.
How can i resolve/work around these issues?
Hangouts Chat bots is only sent new messages. Edited messages don't get sent to the bot. Though as Brett mentioned you can submit a feature request if you can think of use cases for the functionality (see below).
I suggest checking the Hangouts Chat API support page and search whether someone's filed a feature request (FR) on Google's issue tracker. If so, star it and add a link to it here via a comment. If not, file a new feature request and also link it here so others can vote on it.
As for the purpose of #mentioning a bot in rooms, this is likely done for privacy/security purposes. Having a bot or bots always listening to conversations in a room could raise such concerns. I'd expect bots to only get messages when it is directly #mentioned in a room unless Google feels otherwise. Who knows... may be if enough people star it, they may consider it.
I am using webrtc for video call and chat.
- Is there a way to create users in webrtc server with fixed ids.
- Can i use a fixed chat id for each user while establishing chat connection.
No.
Nothing prevents you from letting the user choose their own ID. However, with peerjs there is no authentication when choosing your ID.
Thus, say you choose your ID as "my-fixed-id", you can always try and use this ID and tell your friends that this is you. Since there is no authentication, nothing stops someone else from choosing this ID for themselves. So someone can "steal" your ID.
Good news:
If you choose an ID that is hard to guess and ONLY tell your trusted friends, you could theoretically do what you want to do. Then you can keep a list of your friends in localStorage and try and connect to their ID's when you load the page and then maybe every minute or so.
Be careful. You cannot verify that the person claims he is who he says.
I was looking for official web API to operating with Bitcoin system, but found nothing.
Thank you in advance!
If you're fine with securing and running your own Bitcoin server and interacting with that, there's a guide at https://en.bitcoin.it/wiki/API_reference_(JSON-RPC). But if you're not comfortable securing your own instance of bitcoind, then you could always use a third-party service like Blockchain.info's API.
Please be aware that hackers are particularly targeting servers and websites that they think probably hold bitcoin. If you're thinking of launching a Bitcoin service, take a lot of time to educate yourself about the services that have lost their users' funds and what they did wrong. Take a look at Blockchain.info if you want to see a Bitcoin web service implemented well. Their servers never hold private keys "in the clear", so bitcoin cannot be stolen from their users if their servers are ever compromised.
Update: If you are building a Bitcoin service that holds bitcoin for users, the current "best practice" (circa June 2014) is to generate a hierarchical deterministic wallet using a random string of words as a seed and encrypt it client side with the user's username and password. At that point it's safe to send to the server for storage. The user should be shown the seed used to generate their HD wallet and prompted to write it down and store it somewhere safe. Without this string, it will be impossible for them to retrieve their wallet in the event they forget their username or password. When the user logs in later, the client-side code should grab the encrypted wallet and decrypt it again client-side. All operations requiring a decrypted wallet, such as signing transactions, should be done client-side. The server should never be exposed to the wallet "in the clear."
I'm not sure where to begin, but got a case I need help from others where and if possible to solve.
Thing is, got a new alarm system at home, this system uses sms function so I can send a short code to my alarm asking for status if it`s ON or OFF, or i can turn it on/off from an sms.
Since both the sms number and code is strictly personal, I would not like to tell my carpenter the codes, but in the mean while he is working at my home, I can give him a login to my site, where he can see if the alarm is turned on or even turn it on/off by him self.
I would like to build me a website, that does the same.
Got a login to my site, when logged in, i would like the website to send an sms automatically, then retrieve the answer and display it on the website.
Is this even possible ? If so, anyone can past me in the right direction here ?
Thanks in advance =)
You can send an SMS from a website. Most mobile operators will gladly offer you an apropriate API.
For instance Deutsche Telekom has an API called "Developer Garden" that allows you to send SMS via a WebService and much more.
see here for an example: www.developergarden.com
Other providers may also offer such services.
you need an sms gateway ( we use these guys : http://inteltech.com.au/, but nearly any will do )
Your easiest option is to find one where you can insert SMS'es for sending via a URL, eg in our case the URL looks like this:
http://inteltech.com.au/secure-api/send.single.php?username=[user]&key=[longcode]&method=http&senderid=[id]&sms=[phonenumber]&message=[here's the message]
it's extremely simple to use. If your site handles the login otherwise, then you can use this for the rest.
Now, how to receive SMS'es is a bit tricker :)
But this provider, for example, offers you options to;
Send the reply as an email to a nominated email address.
Send the reply as an email to the original user who sent the message.
Send the reply as an SMS to a nominated mobile number.
POST the reply to your website or application . e.g. We can call a http/https request to your script
as you can see, both the email and the POST options are providing great ways to integrate.
I'd say if you don't handle incoming email already, then stick to the POST method.
voila :)