Why should I need another messaging app?
That’s a short question which begs for a long answer. To sum it up:
– Anonymity: Seeld doesn’t ask or store any personal information. So you create an account using a pseudonym, not your e-mail, not your mobile number.
– Full privacy by design: we go beyond end-to-end encryption, because we also encrypt your contacts. And this is done in a way that technically prevents us to even take a peek.
– Spam and fishing resistant by design: you can only exchange messages with persons you decide connect to. So you won’t get unsolicited messages… unless your contact is a spammer or a hacker, obviously!
– Portability: Seeld has been developed with portability in mind. As such we store your encrypted data on our servers, so that you can connect from anywhere without needing to sync your messages.
– Independence: we’re a small team of people. We are not a big tech company, and do not receive money from VCs.
What's "privacy by design"?
You could consider “privacy by design” as a pretty vague but catchy concept. And would probably be right. But as far as Seeld is concerned, it means that we use encryption and a bunch of anonymization techniques to keep everything as private as possible. We have applied this approach from the very beginning, during the application’s design.
That’s an essential feature of Seeld, for it goes in the opposite direction of making user data accessible to us and then attempt to protect it from outsiders. In other words, we technically have no means to decrypt your messages or see who you exchange information with.
How secure is Seeld's encryption?
We use X25519 elliptic curve cryptography for public encryption tasks. To clarify, ProtonMail implements the same kind of modern encryption as described here.
So, you say you store my messages and stuff on your servers... is that safe?
Yes it is, because the app encrypts your messages, contacts and profile data before it is sent to our servers. Consequently, the only way to read that data back is to decrypt it with your passphrase-protected private key. And since that passphrase is never sent to us over the web, you can be pretty certain no one but you will have access to your data.
How can I actually login? You said my passphrase is never sent over the web!
Indeed, we use the SRP (Secure Remote Password) protocol for authentication purposes. As a result of that protocol, we can authenticate our users without having to store their passphrases on our servers. Therefore we limit the risks of leaking anyone’s password.
What's a passphrase anyway?
A passphrase is the better alternative to a password, and we strongly encourage you to adopt it whenever you can. For example passphrases authorize you to use words or whole sentences, which are more secure and easier to remember.
For a concise and funny explanation, please head to XKCD’s excellent comic strip !
I've lost my passphrase, can you reset it?
That’s technically impossible, and it’s a good thing.
Now before you start throwing rock at us, let me explain. You passphrase not only signs you in: it also secures your private encryption key so that it cannot be used if stolen. Thus if you cannot unlock your key with the passphrase that secured it, you cannot use it to read your encrypted messages. Therefore a passphrase reset would only get you as far as logging in to an account full of encrypted data.
But we believe it’s a good thing, because a system able to reset a passphrase is a double-edged sword! For one thing, how do you know we won’t reset your passphrase, access your messages and sell all your secrets to someone else?
Can I just write to my friends right away?
No, it doesn’t work that way. After you register, you will need to know the pseudonym of whoever you want to message and request to connect with him.
We call that a “contact request”, and it’s an additional way of protecting you from spammers.
Can't you scan my e-mail recipients or phone contacts to connect with my friends?
We could do that. But if we proceed that way then we would end up knowing who your friends and relatives are. And we don’t want that.
Indeed if you really want to preserve your privacy then you must assume that everything you give to a service provider may be used the wrong way. Therefore we decided to part from that and let you decide who can write to you.
Also this is great way of blocking anyone you don’t know for sure, such as spammers!
Independence and no data mining... Who are you people?
We are silly and naive persons with enough technical knowledge to try and change the way things work on the web. As a matter of fact we probably are a bunch of nutcases, who knows 😉