Looking for some advice here. I'm working on a budgeting app, designed to be shared among families/small groups of people, and I'd obviously like to make it secure. My first thought was to do some sort of key-based client-side encryption so that the server has no knowledge/insights into the data. It's all open source so anyone could run their own server but I planned on offering a hosted option for those who are less technical/not interested in self-hosting. Running out of room here so thread 👇
This is of course not without drawbacks and I'd like to avoid centralizing the information. My idea is to encourage people to take control over their own data instead of just relying on providers to host everything for them. I also don't really want to be responsible for anyone's financial data, encrypted or not. So I'm considering building a peer-to-peer network, where the servers merely act as additional nodes in the event that no one is within range of sharing.
The apps could have whitelist or blacklist methods of using servers to relay information, but the primary sync method would be via bluetooth/WiFi Direct (I imagine you most likely are in close contact with people you share money with on a semi-regular basis). This has other issues like conflict resolution and no single source of truth, but absolves me of a lot of responsibility and could probably keep server costs down too.
Anyways, I guess what I'm looking for is some direction on whether or not this is a good idea, or if going the server route would be better. I'm trying to strike an impossible balance between security/privacy and convenience, but I'm hoping to do most of the heavy lifting behind the scenes so that the users can at least use the app without hating it and having to work around its quirks.
@blipp I hadn't heard of scuttlebutt before, but I'll check it out. From a quick glance I actually didn't think I'd be able to use it since it seems more geared towards social media but the private messages features might be helpful after all. Perhaps I could implement just a subset of the protocol. Thanks for the tip!
@billy what about sharing a file (SQLite db, random other format) via whatever file sharing solution the user likes? (iCloud, Dropbox,... hosted WebDAV you could offer) with client side encryption and shared secret? Would this be a possibility or not work with any of your requirements?
@fallenhitokiri I was considering something like this, but there a couple of problems I wasn't able to solve for. The synchronization between multiple users becomes challenging because you'd have to share that file with everyone you'd like to share your budget with and in my case at least my wife isn't using our home nextcloud instance. The app allows you to have multiple budgets that can be shared with different users. I'd need multiple files for that and it would likely get messy.
@fallenhitokiri In the event that the user wasn't sharing their finances with anyone else though, this would be an excellent solution. I'll have to look into that as a possibility for those situations or even a local backup/restore functionality. Thanks for the tip!
@billy wouldn’t this mean you only need to remember the path to the file once opened and let your app handle a specific file extension?
For less technical users iCloud or gdrive should work, I think the problem would be initiating the sharing, but that’s where a hosted backend integrated with the app could come in handy
A Mastodon instance for info/cyber security-minded people.