from Hacker News

So, you want to avoid mass surveillance and don't trust big tech companies either? But you're tied to your existing network of contacts like everyone else? Well now you can send encrypted messages to your contacts over the Twitter direct messaging channel.

It's a serverless SPA called Seecret, a Twitter client hosted at https://www.seecret.io

Seecret is open source and freely distributable. You can host it anywhere even from your own localhost server. The app is just plain html and javascript, with no server-side processing at all, no tracking, no logging.

Steps: 1-Grant Seecret.io permission to connect to Twitter. (Just like Facebook connect). Twitter uses Oauth 1.0a (srsly?) which doesn't support serverless auth so we integrated Oauth.io to handle it. Read about it at https://oauth.io but they are a trusted Oauth 1 proxy service.

2-Seecret then gens an RSA key with a long passphrase saved locally. You can change the passphrase and even delete it (and the key) from local storage. If you delete these you'll need to reimport them each time you use the app. To read more about concerns and approaches re: local browser storage of keys etc read our FAQ at https://www.seecret.net/faq.html

3-Send encrypted msgs over Twitter to your existing contacts!

The code for Seecret is fully auditable and the app uses Subresource Integrity Checks for all dependencies. Unfamiliar with SRI? Read more about it at https://www.w3.org/TR/SRI/. In short, it lets you verify for certain you are using the uncompromised code with no CDN intercepts.

Want to host your own instance? It's easy! Read more at https://www.seecret.net/mirror.html

Read more about our approach, explanation of the technology choices, and why we made it open source and freely distributable at https://www.seecret.net/faq.html