Click on the category summaries below for more details.
MTPK I/O: A true, Privacy Centric Project
To build a privacy centric website, we will focus around the Zero-Trust concept, and make it to where data
can be encrypted by the user and server, but also unreadable by the server. Regardless of the user's preference
level, for security reasons, specific encryption details will not be disclosed.
Default data storage: All data will be encrypted at-rest, excluding the user's username, and user-id.
Data encrypted at-rest and only decrypted once the user is logged in.
Passwords will be further encrypted regardless of whether the user chooses to further encrypt their data
locally.
If the user so chooses, the data can be locally encrypted by the user, then additionally encrypted by the
server.
This gurantees that the data can not be accessed by any admins, including the site creator, myself.
This can be proven, where if you login to your user account, and your data is locally encrypted, data
retrieved
from the server will retain your encryption, and will be unreadable unless you import your local decryption
key.
If there is a legal issue of the data stored, all site admins (including myself), will be unable to view
locally
encrypted data, however, we will be able to erase said data. If the user loses their local decryption key,
they
will be unable to retrieve their data, unless they store a master key on the server (however that may ruin
the
point of locally encrypting data.)
Flexibility in Encryption
We plan on allowing users to chose their local encryption algorithms, as it will be consuming their own
processing power;
user's will have the freedom to chose between speed, or encryption complexity. Of course, we will recommend
a default
algorithm based on current day security standards. If possible, we will include a salt on top of the
encryption for
additional security.
Your Data, Your Choice
You choose how we handle your data, and we lay down the pros and cons of your choice. Below is some levels of
how you want to handle your data.
Users will have a choice of how they want their data to be stored on this site:
Level-0: Trusted. You trust this site, Data is stored, and encrypted purely by the server.
Data will be unencrypted when you logs in. If you forget your password, you can still recover your data.
You will be unable to customize encryption standards.
Level-1: Strict Trust You trust this site, but still want your data to be locally encrypted.
Data will be encrypted and decrypted locally. When the data reaches the database, it will change it's encryption.
This way, if you forget your password, you can still recover your data, and the data will return under your new
password's encryption, and you will be able to locally decrypt it using your new password.
Level-2: Zero-Trust. You will create a site password, and a local decryption password.
The decryption password can be
autogenerated or user created. You can choose whether to use your decryption key as a master key, and
whether to
store that key on the website. You can create sub-keys with your master key. If you forget your
password,
your data will be unrecoverable.
Level-3: Hybrid Zero-Trust. You will create a site password. Your site password can become a
master key, or a master key can be auto generated.
Your data will be encrypted locally, and at the server level. The experience will be seamless, and speed
of decryption
will be determined by your configured encryption standards, and your local computer's hardware
capabilities. If you did not store your
master key on the site, your data will be unrecoverable.
Passwords will be further encrypted regardless of whether the user chooses to further encrypt their data
locally. The user's password will be encrypted by the site's system.
Click here to see a simple table.
Level
Pros
Cons
Level-0: Trust
Fastest
Encrypted In-Transit (using TLS)
Encrypted at-rest in database
Data Recovery Possible
Takes up the least amount of data
Weakest level of security compared to other levels offered.
Not locally encrypted
Database encryption is soley entrusted to the server.
Level-1: Strict Trust
Encrypted locally
Encrypted in-Transit (using TLS)
Encrypted at-Rest in database
Data Recovery Possible
Takes up less data, like level-0
Virtually Seamless encryption/decryption
Slowest at processing data
Database encryption is soley entrusted to the server
Level-2: Zero-Trust
On of the highest level of freedom compared to other options
Most privacy of data
Encrypted locally
Data Encrypted in-Transit (using TLS)
Additional Encryption at-Rest in database
May Dependent on User Password Complexity
User will have to create a secondary password for decryption.
Data unrecoverable if password is lost.
Takes up more storage
Level-3: Hybrid Zero-Trust
Highest level of freedom
Second highest level of privacy
Data encrypted locally
Data Encrypted in-Transit (using TLS)
Additional Encryption at-Rest in Database
Option to create and store a masterkey on the server
Masterkey is created from user password, and used as a recovery/backup key
May be Dependent on User Password Complexity
Data unrecoverable if the masterkey is lost. (masterkey is stored on site is optional, but not recommended)
Takes up more storage
Project Development Plan
This is very early in development. As such, there are no specific time-schedule dates. This is a rough
schetch of the sites development plan.
Create user page's.
Create user database.
Implement basic storage with limits for testing purposes.
Implement multiple-level encryption for user's data.
Implement user localized encryption.
Add various encryption algorithms for user preference.
Open up for early beta testing.
Browser compatibility
For encryption algorithm compatibility identification,
and user session security, and functionality.