FAQ

Yes! Your direct messages are sent using public/private key encryption. If you are interested in the encryption aspects of Seecret direct messages please read this entire FAQ for important information. Back to top

No! Anyone using the Seecret app can see the hidden messages in your timeline. They are hidden but not encrypted. We repeat: Anyone with the Seecret app can read your public Seecret tweets. Only direct messages are encrypted. Back to top

Seecret is a plain html web app served from Amazon S3 static files. There is NO server-side processing of the file contents before serving it to you. Once you've loaded the page in your browser your only connection is to the Twitter API. Back to top

Nothing. No we really mean it! We have no servers, no audit logs, no backups, no ads, no analytics, nothing. We actually have no idea if you are even using it, so if you like it please give us a shout out, or even buy a badge to show your appreciation! Back to top

Seecret will break up the message across multiple tweets when it is more than 140 characters. When showing your timeline Seecret will reconstruct the multiple tweets back into one Seecret message. Back to top

Seecret will work in most modern browsers. Because Seecret depends on WebCrypto, older browsers will not work. We have tested it on the latest versions of Chrome for windows, Chrome for MAC OS, Safari, IE and Firefox, as well as mobile Android chrome and iOS Safari. Ideally you should use a browser that supports subresource integrity validation . You can read more about that below.Back to top

We are fans of the brutalist website aesthetic. You can see lots of examples at brutalistwebsites.com Back to top

In order for you to communicate with followers on Seecret, you both must be following each other. When using Seecret, click on the envelope icon of any tweet in your timeline from a follower and you will be presented with the form to invite them to use Seecret with you. If your follower is not very active and you see no tweets from them in your timeline, you can load their timeline directly by entering their Twitter screen name at the top of the Seecret timeline view and click the envelope icon from any of their tweets.

You won't be able to message a follower until they have accepted your invite. Under the covers this is a public key exchange. If you change devices or use different mirrors, you will have to re-initiate the invites from the new device. Back to top

Seecret uses public/private key encryption to ensure your direct messages can only be read by the recipient. Specifically we are using the openpgp.js library which is open source and fully auditable.

Read more about public/private key encryption
from the experts at pgpi.org.
Another good overview of PGP at Wikipedia.
And the GnuPGP handbook.

Back to top

First, the message is encrypted. The encrypted text is then converted to invisible characters in the same way we hide your Tweets. Then we choose a random english word from a library of about 5000 words (found in the covertexts.js file if you are curious) and embed the hidden message in that random single word. That's why your direct message list when viewed on Twitter is just a series of random words. Back to top

We recommend no.
Warning: It is less secure to save your passphrase however we offer this feature for your convenience. It's up to you. You should definitely have a password-protected lock screen on your phone or computer if you do this. If you don't save it, you will be prompted for it each time you use Seecret direct messages. Also, we recommend a minimum of 20 characters for your passphrase. Back to top

Sorry but we have no access to your passphrase. It is local to your brain and possibly your device. Once lost, your encrypted messages will not be recoverable until you remember the private key passphrase. If you do forget your passphrase, you can always generate a new key and messages going forward will work as normal. Back to top

The outbound messages are encrypted using the follower's public key. There is no way for you to decrypt those messages. You can only view encrypted messages you have RECEIVED. There are ways to let you view outgoing messages securely and future versions of Seecret will do that. Back to top

If you are just using Seecret to hide tweets in plain sight, everything will work seamlessly for you across multiple devices. If you want to send encrypted direct messages from multiple devices, you can export your private key from the original device and import it into the other devices. The settings view offers that feature. You can also just generate new keys each time you use a separate device. All previous messages will be unable to be decrypted, and all future messages will only be able to be decrypted when you are using that particular device. Back to top

Think of mirror sites as a separate device. All the same things apply. Back to top

The nature of end-to-end encryption means that your biggest risk is in allowing access to your personal machine (either physically or due to installed spyware like a keystroke logger). Seecret stores your private keys in the browser local storage. This is accessible to anyone who has access to your device or machine. We recommend that you memorize a long passphrase and delete the passphrase in settings. We also recommend you regenerate a new key periodically, which can be done in the Settings view. This essentially deletes your received message history. Back to top

Technically, Twitter could choose to act as the man-in-the-middle and send you a false public key for the user in question. They could be pressured to do so by the government, subverted by a hacker, or do it themselves for their own reasons. If you are concerned about this, read on. Back to top

The Settings view offers an option to view all public keys that have been sent to you. You can verify a key is correct by comparing it with your contact over other channels or even by reading it together over the phone. You can view your own public key in the Settings. Back to top

Seecret uses public/private key encryption to exchange direct messages over Twitter. Sometimes the user may not have your most current key. This can happen when you:

-- Regenerate your private key

-- Use Seecret from another machine/device than the one where you generated your last key

-- Use a Seecret mirror site other than the one where you generated your last key

But don't worry! You can always send your current key to that user and they can begin messaging you with the correct key. The Twitter direct message API only retrieves that last 200 messages, so sometimes you need to re-initiate a key request to the user if their original invite to you was sent too far in the past. Just click "Allow" in the conversation and you're good to go. This will send your most current public key to that user. Once they load Seecret again they'll have it and can begin messaging you with that key. Back to top

Seecret used the sender's private key to generated an unforgeable code that can only be verified by that user's public key, which you should have. If you have their correct public key then Seecret will verify the signed message as genuinely from that user. Back to top

Not necessarily. They may have generated a new private key and not sent you the public key for it yet, or they maybe temporarily using a different device or mirror site, or they may have simply deleted their key as a precaution. But if an encrypted direct message to you is unsigned, it's something to note. Back to top

The Twitter api only lets you access the 200 most recent direct messages. Back to top

Actually WebKit won't gen keys less than 2048 bits which is why the app runs slower in Safari. But frankly the 1024 bit keys are sufficient for the Seecret use cases. If you feel you are a high value target to some organization with the resources required to crack the messages, you can always generate a bigger key and import it in the settings. Messages using 4096 bit keys will be uncrackable until the Singularity occurs (which we expect to be sometime next month...) Back to top

Twitter only implements OAuth 1 so we need to use a proxy server to establish a trusted connection to Twitter straight from the client. Oauthio is a trusted name for this service. Seecret sources the Oauthio code over SSL from https://cdnjs.cloudflare.com/ajax/libs/oauth-io/0.5.2/oauth.min.js Back to top

Seecret is a web app with responsive views that work on your phone's web browser, but we don't provide a native install of Seecret because distribution of multiple independent hosted mirror sites doesn't work in an app store context. There are essentially two app stores and they have full control over approval and distribution of every app. But no third party (yet) can stop the distribution of a mirror site by witholding approval. It's also much less secure to run native code on your phone. There is no way to validate the subresource integrity the way you can in a browser. Ironically, browser-based apps, when done right, are the most secure now days.Back to top

Seecret is an open-source project and free to distribute. Anyone can view and verify that the code is safe, and can compare the code at Seecret.io with the source to make sure nothing has been compromised. All third party dependencies are served via public CDNs like cdnjs.com or rawgit.com . In addition we provide subresource integrity hashes on all our script and link tags calculated with a public SRI Hash generator. Subresource Integrity is an important security feature and we encourage you to read up on it and test your browser for support. Back to top

These keys are not meant to be your definitive PGP key or to last forever. They are in fact intended to rotate periodically. Circle of trust operations work best with a known circle of real acquaintances, which tends to be the case with one's connection on social networks. We have a roadmap for features such as verifying keys across social networks and public messages. In the meantime, short of Twitter itself acting as a man-in-the-middle during key exchange, you're pretty safe. In fact, even Apple's iMessage asks you to assume the key they send you is valid and gives you no option to verify it yourself. iMessage users who rely on the secure nature of the service must trust that Apple will continue to resist government pressure to tamper with the keys. This is another reason to use a non-proprietary open-source messaging tool for secure messaging across social networks. Unfortunately iMessage uses a proprietary channel with no third party API available. Back to top

Nope. Back to top

That's true. However, someone could try to force us to put back doors into the client code. Various anti-privacy legislation such as the Feinstein-Burr draft bill (pdf) and the Investigatory Powers Bill in the UK could become law in the near future. Some laws like this are already being passed by legislatures around the world. This is why we made Seecret open source and provided an easy way to create mirror sites. It is impossible to put a backdoor into the Seecret code without being noticed, and it is impossible for any messages to be intercepted and read by third parties if sent from an uncompromised version of Seecret.Back to top

This one: https://twitter.com/warrantcanary
Back to top

The only real threat to the security of Seecret (other than someone accessing your device or installing spyware on your machine) is if someone can tamper with the main source code and introduce one of two things:

1. Flawed key generation so that the keys are known or easy to crack or other keys are introduced.
2. Save or send your messages or keys to other locations.

But... with mirror sites it is easy to validate you are using the right code. It's a lot harder to tamper with multiple mirror sites all at once AND also undo various internet content archivers AND tamper with the file hashes from all the Seecret social media posts and profiles. With this distributed set of verifiably correct instances, it protects Seecret users from encountering compromised versions.

Back to top

Court orders and 'back door' decryption can't address a freely distributed open source third party client like Seecret. Proprietary messengers are a single point of failure for secure messages because the service provides both the client and the server transport of the messages. As an open-source, third party client to the services (currently only Twitter but others are coming), Seecret gives extra protection from various efforts to compromise your messaging. Back to top

Get started Back to top

We recommend you buy as many as your budget can allow. Back to top

We can't take donations because we're not a 501c3 and we're based in California. We'll get in trouble with the state of California if we take donations so we are selling the badges as a way for you to support the app. Back to top

Yes. Fork us on github and send a pull request. We have a roadmap for Seecret and we'd love your help. Back to top

We are a software consulting company in Oakland, California. Check us out Back to top