No Chat Reports

No Chat Reports

43M Downloads

PGP encryption for messages

ElonGaties opened this issue ยท 3 comments

commented

Idea

Honestly I believe that with the addition of encryption PGP should be added as a sort of option, it would allow for certain users with public keys to decrypt messages sent by one person, of course the output would be quite large but it should be possible to shorten outputs with GZIP or other compression methods.

Reasoning

I believe that feature would allow for more clear communication and secure communication due to the combination of public and private keys

Other Information

No response

commented

What about a external chat system, where chat is not sent through the server, but is rather E2EE and sent through a HTTP (or HTTPS) service? (HTTP would be acceptable due to the PGP cryptography)
Therefore, the Minecraft server has no opportunity to even see the message.
You could also have an option to encrypt and sign with PGP, not for chat reporting (it would be impossible to make such a system compatible anyway) but simply for the end users to verify (idk, if you are planning a raid on someones base and you don't want someone to try and trick you into leaking your plan).

commented

I mean having a external chat server is also a very cool idea and would fix a lot of problems like spamming and such although its always cool to have a sort of POC to show that PGP over Minecraft chat servers is possible, but in all honesty, having a separate server to send messages to or a P2P type idea are the best bet for not being spied on by Mojang/Microsoft.

commented

To add, you could also have a server for this implemented in the mod, it could potentially run on the UDP port with the same number the Minecraft server's TCP port was using (some server hosts allow you to use the UDP port with the same number that Minecraft's TCP port is)
This would also be simpler to plug-n-play for users selfhosting servers from a home internet connection (quite a few routers default to forwarding both TCP and UDP when port forwarding is configured for a port)
However, HTTP/HTTPS would likely be better and easier to implement (probably best not to use port 80 though as that requires root to bind to by default on unix and unixlike oses). If the server is to be used for non-encrypted chat messages (i.e. without PGP) it should ideally be HTTPS (could potentially use Lets Encrypt or ZeroSSL to automatically obtain a free certificate)
I think both a standalone server and a server within the serverside mod component should be options, but even just one of the two would be better than nothing if it would take too much time to implement both.