
Show HN: End-to-end encryption for Twitter direct messages - nmgsd
So, you want to avoid mass surveillance and don&#x27;t trust big tech companies either? But you&#x27;re tied to your existing network of contacts like everyone else?  Well now you can send encrypted messages to your contacts over the Twitter direct messaging channel.<p>It&#x27;s a serverless SPA called Seecret, a Twitter client hosted at https:&#x2F;&#x2F;www.seecret.io<p>Seecret is open source and freely distributable. You can host it anywhere even from your own localhost server. The app is just plain html and javascript, with no server-side processing at all, no tracking, no logging.<p>Steps: 
1-Grant Seecret.io permission to connect to Twitter. (Just like Facebook connect). Twitter uses Oauth 1.0a (srsly?) which doesn&#x27;t support serverless auth so we integrated Oauth.io to handle it. Read about it at https:&#x2F;&#x2F;oauth.io but they are a trusted Oauth 1 proxy service.<p>2-Seecret then gens an RSA key with a long passphrase saved locally. You can change the passphrase and even delete it (and the key) from local storage. If you delete these you&#x27;ll need to reimport them each time you use the app. To read more about concerns and approaches re: local browser storage of keys etc read our FAQ at https:&#x2F;&#x2F;www.seecret.net&#x2F;faq.html<p>3-Send encrypted msgs over Twitter to your existing contacts!<p>The code for Seecret is fully auditable and the app uses  Subresource Integrity Checks for all dependencies. Unfamiliar with SRI? Read more about it at https:&#x2F;&#x2F;www.w3.org&#x2F;TR&#x2F;SRI&#x2F;. In short, it lets you verify for <i>certain</i> you are using the uncompromised code with no CDN intercepts.<p>Want to host your own instance? It&#x27;s easy! Read more at https:&#x2F;&#x2F;www.seecret.net&#x2F;mirror.html<p>Read more about our approach, explanation of the technology choices, and why we made it open source and freely distributable at https:&#x2F;&#x2F;www.seecret.net&#x2F;faq.html
======
jbob2000
Cool, but if I have to get the person on the other end to install something
and accept an invite, why not just ask them to use a secure messaging client
like WhatsApp?

~~~
Tepix
WhatsApp and Signal require that you give someone else your phone number.
Threema requires that someone else buys an app.

------
jkubicek
This is really cool. I worked on something similar during a hack day while I
was still at Twitter.

[https://github.com/jkubicek/Switters](https://github.com/jkubicek/Switters)

My project used QR codes attached to a tweet as images to encode the message.
It's still got a long way to go before it's at all user friendly, but I had
fun building it.

------
lettergram
I made something similar called: anycrypt

The idea was to allow any user to encrypt over any platform (only over the
browser ATM)

It uses keybase

[http://lettergram.github.io/AnyCrypt/](http://lettergram.github.io/AnyCrypt/)

------
sjtgraham
> Twitter uses Oauth 1.0a (srsly?)

Why the srsly?

