That’s a short question which begs for a long answer. To sum it up:
– Anonymity: Seeld doesn’t ask or store any personal information. So you create an account using a pseudonym, not your e-mail, not your mobile number.
– Full privacy by design: we go beyond end-to-end encryption, because we also encrypt your contacts and all your metadata. And this is done in a way that technically prevents us to even take a peek.
– Spam and fishing resistant by design: you can only exchange messages with persons you decide connect to. So you won’t get unsolicited messages… unless you accept to connect with a spammer obviously !
– Portability: Seeld has been developed with portability in mind. As such we store your encrypted data on our servers, so that you can connect from anywhere without needing to sync your messages.
– Independence: we’re a small team of people. We are not a big tech company, and do not receive any money from anyone. We’re not forced to sell your data to make money.
You could consider “privacy by design” as a pretty vague but catchy concept. And would probably be right. But as far as Seeld is concerned, it means that we use encryption and a bunch of anonymization techniques to keep everything as private as possible. We have applied this approach from the very beginning, during the application’s design.
That’s an essential feature of Seeld, for it goes in the opposite direction of making user data accessible to us and then attempt to protect it from outsiders. In other words, we technically have no means to decrypt your messages or see who you exchange information with.
We use X25519 elliptic curve cryptography for public encryption tasks. To clarify, ProtonMail implements the same kind of modern encryption as described here.
Yes it is, because the app encrypts your messages, contacts and profile data before it is sent to our servers. Consequently, the only way to read that data back is to decrypt it with your passphrase-protected private key. And since that passphrase is never sent to us over the web, you can be pretty certain no one but you will have access to your data.
Indeed, we use the SRP (Secure Remote Password) protocol for authentication purposes. As a result of that protocol, we can authenticate our users without having to store their passphrases on our servers. Therefore we limit the risks of leaking anyone’s password.
A passphrase is the better alternative to a password, and we strongly encourage you to adopt it whenever you can. For example passphrases authorize you to use words or whole sentences, which are more secure and easier to remember.
For a concise and funny explanation, please head to XKCD’s excellent comic strip !
No we can’t, and that’s a good thing.
Now before you start throwing rocks at us, let me explain. You passphrase not only signs you in: it also secures your private encryption key so that it cannot be used if stolen. Thus if you cannot unlock your key with the passphrase that secured it, you cannot use it to read your encrypted messages. Therefore a passphrase reset would only get you as far as logging in to an account full of encrypted data.
But we believe it’s a good thing, because a system able to reset a passphrase is a double-edged sword! For one thing, how do you know we won’t reset your passphrase, access your messages and sell all your secrets to someone else?
No, Seeld doesn’t work that way. After you register, you will need to know the pseudonym of whoever you want to message and request to connect with him.
We call that a “contact request”, and it’s an additional way of protecting you from spammers.
We could do that. But if we proceed that way then we would end up knowing who your friends and relatives are. And we don’t want that.
Indeed if you really want to preserve your privacy then you must assume that everything you give to a service provider may be used the wrong way. Therefore we decided to part from that and let you decide who can write to you.
Also this is great way of blocking anyone you don’t know for sure, such as spammers!
We are silly and naive persons with enough technical knowledge to try and change the way things are on the Internet.