For More Info

How it Works

  1. You generate a GPG Keypair in your browser
  2. You can replicate your keypair to another browser for multiple terminals
  3. You share your public key with others
  4. Others share their public keys with you
  5. You use WebTorrent as a dead drop for encrypted messages
  6. You let people know you’re seeding messages for them via a swarm of WebRTC channels

What it’s Made Of

  • Forge - TLS implemented in JavaScript for lots of PKI infrastructure
  • WebTorrent - BitTorrent between Browsers
  • Secure Scuttlebut - A gossip network for message replication
  • Friends Swarm - The implementation of secure scuttlebut actually used

Infrastructure Servers

Known Vulnerabilities

  • Browser storage is not encrypted
  • Peer network can be monitored to detect user graph

Current Status

  • at v0.0.0
  • in the middle of a rewrite of the reference implementation
  • that will require a rewrite of the library
  • it’s totally unorganized