So, you want to avoid mass surveillance and don't trust big tech companies either? But you're tied to your existing network of contacts like everyone else? Well now you can send encrypted messages to your contacts over the Twitter direct messaging channel.<p>It's a serverless SPA called Seecret, a Twitter client hosted at https://www.seecret.io<p>Seecret is open source and freely distributable. You can host it anywhere even from your own localhost server. The app is just plain html and javascript, with no server-side processing at all, no tracking, no logging.<p>Steps:
1-Grant Seecret.io permission to connect to Twitter. (Just like Facebook connect). Twitter uses Oauth 1.0a (srsly?) which doesn't support serverless auth so we integrated Oauth.io to handle it. Read about it at https://oauth.io but they are a trusted Oauth 1 proxy service.<p>2-Seecret then gens an RSA key with a long passphrase saved locally. You can change the passphrase and even delete it (and the key) from local storage. If you delete these you'll need to reimport them each time you use the app. To read more about concerns and approaches re: local browser storage of keys etc read our FAQ at https://www.seecret.net/faq.html<p>3-Send encrypted msgs over Twitter to your existing contacts!<p>The code for Seecret is fully auditable and the app uses Subresource Integrity Checks for all dependencies. Unfamiliar with SRI? Read more about it at https://www.w3.org/TR/SRI/. In short, it lets you verify for <i>certain</i> you are using the uncompromised code with no CDN intercepts.<p>Want to host your own instance? It's easy! Read more at https://www.seecret.net/mirror.html<p>Read more about our approach, explanation of the technology choices, and why we made it open source and freely distributable at https://www.seecret.net/faq.html
Cool, but if I have to get the person on the other end to install something and accept an invite, why not just ask them to use a secure messaging client like WhatsApp?
This is really cool. I worked on something similar during a hack day while I was still at Twitter.<p><a href="https://github.com/jkubicek/Switters" rel="nofollow">https://github.com/jkubicek/Switters</a><p>My project used QR codes attached to a tweet as images to encode the message. It's still got a long way to go before it's at all user friendly, but I had fun building it.
I made something similar called: anycrypt<p>The idea was to allow any user to encrypt over any platform (only over the browser ATM)<p>It uses keybase<p><a href="http://lettergram.github.io/AnyCrypt/" rel="nofollow">http://lettergram.github.io/AnyCrypt/</a>