I literally just finished this, among the massive amount of other shit I've completed trying to make the saturday release date, so it's a bit rough but it's 100% functional.
I also haven't tested it on anything but chrome on windows, so I HOPE different browsers ddo not have issues lol.
The benefit of this messaging is that NOBODY can read your messages but you, and the person you are sending them to. Whether it be me, some hacker who gets db access, or your fbi agent, your messages can not be read without your passphrase.
That being said, it's VERY important to remember that this isn't fully secure. To name a few examples, passphrases are stored in localstorage so that you don't have to constantly re-enter them, ALL JAVASCRIPT THAT RUNS ON THIS SITE CAN ACCESS THAT STORAGE. Which means if a hacker finds a xss vuln, that's it. You're more insulated against many of these threats than you would be im some other places, MAINLY because I wouldn't ever take bribes/sell out/give into intimidation if it involved compromising my ideological beliefs. But you just have to take my word on it :^)
Roll your own, client-side and audited, pgp if your messages put you at risk of armed thugs showing up and destroying your life and terrorizing your family.
How to use:
Step 1: go to the 'pgp' tab on your user profile, and 'generate a key pair'
Step 2: you are assigned a mnemonic, but you have the option of using any passphrase you want. You are fully responsible for any weak passphrase choices (I'll be honest, mine is currently 'a' so I mean...(
Step 3: You can now 'securely' message anybody else who also has pgp enabled, send them a message like you normally would, and hit the 'encrypt' button. You will see when it is encrypted. You will need your passphrase, and they will need theirs, but that's it. Once you enter you password a single time, decryption should be seamless for as long as you use the same device.
I literally just finished working on this 20 minutes ago so the UI is super rough, but it works. It will become significantly more streamlined over the next few days, and it's possible I could integrate this functionality into other site features. Not sure though, and tbh RN I should be focused on just finishing the basic shit anyway.
HUGE thanks to https://ieddit.com/u/wnewlad/ . I've had a lot of shit to do, and he was MASSIVELY helpful in lightening my work load by submitting pull requests. If you see him posting with an admin tag under his name, this is the reason why. He contributed an actual pretty significant amount of code/time, and from what I can tell from how he interacts with the community, it's not like he's going to go full 'hall-monitor' mode or anything like that lmao.
I literally haven't had to ban a single person yet and I'd love to keep it that way.
Thank you for coming to my ted talk, now I can sleep. Goodnight anonymous strangers on the internet.
Beta release saturday. Mark your calanders boys, lets make it something entertaining.
I also haven't tested it on anything but chrome on windows, so I HOPE different browsers ddo not have issues lol.
The benefit of this messaging is that NOBODY can read your messages but you, and the person you are sending them to. Whether it be me, some hacker who gets db access, or your fbi agent, your messages can not be read without your passphrase.
That being said, it's VERY important to remember that this isn't fully secure. To name a few examples, passphrases are stored in localstorage so that you don't have to constantly re-enter them, ALL JAVASCRIPT THAT RUNS ON THIS SITE CAN ACCESS THAT STORAGE. Which means if a hacker finds a xss vuln, that's it. You're more insulated against many of these threats than you would be im some other places, MAINLY because I wouldn't ever take bribes/sell out/give into intimidation if it involved compromising my ideological beliefs. But you just have to take my word on it :^)
Roll your own, client-side and audited, pgp if your messages put you at risk of armed thugs showing up and destroying your life and terrorizing your family.
How to use:
Step 1: go to the 'pgp' tab on your user profile, and 'generate a key pair'
Step 2: you are assigned a mnemonic, but you have the option of using any passphrase you want. You are fully responsible for any weak passphrase choices (I'll be honest, mine is currently 'a' so I mean...(
Step 3: You can now 'securely' message anybody else who also has pgp enabled, send them a message like you normally would, and hit the 'encrypt' button. You will see when it is encrypted. You will need your passphrase, and they will need theirs, but that's it. Once you enter you password a single time, decryption should be seamless for as long as you use the same device.
I literally just finished working on this 20 minutes ago so the UI is super rough, but it works. It will become significantly more streamlined over the next few days, and it's possible I could integrate this functionality into other site features. Not sure though, and tbh RN I should be focused on just finishing the basic shit anyway.
HUGE thanks to https://ieddit.com/u/wnewlad/ . I've had a lot of shit to do, and he was MASSIVELY helpful in lightening my work load by submitting pull requests. If you see him posting with an admin tag under his name, this is the reason why. He contributed an actual pretty significant amount of code/time, and from what I can tell from how he interacts with the community, it's not like he's going to go full 'hall-monitor' mode or anything like that lmao.
I literally haven't had to ban a single person yet and I'd love to keep it that way.
Thank you for coming to my ted talk, now I can sleep. Goodnight anonymous strangers on the internet.
Beta release saturday. Mark your calanders boys, lets make it something entertaining.