Today marks a minor milestone in the lifespan of Whisper, a small project I've been developing on and off for quite some time. It's an ultra-light platform built for one purpose: secure, disposable, anonymous messages over email.
If you have to ask, Whisper was built with you in mind.
One of the first questions you might ask is "Why would you build such a thing, who is it useful to?", and my answer to that is: If you have to ask, Whisper was built with you in mind. Because security should be transparent, security should be seamless, and most importantly it should be easy. Your average user shouldn't have to think twice or know the importance of something like HTTPS to enjoy its benefits.
As a user, understanding the importance of security is already difficult, but learning to actually use secure tools is even moreso. We have had tools like PGP/GPG for almost a quarter of a century and yet they have become no less archaic or hard to use than they were 20 years ago. Even if I can convince your grandparents it really is important that they hide their correspondence from entities like the NSA, they wouldn't have the slightest clue of how to benefit from their newfound knowledge.
Even as a developer the situation is pretty dire. Learning to build secure services is incredibly daunting, and implementing the underlying schemes properly is even moreso. Security is hard, and a mistake at any point means compromised data.
Why should security be difficult? Why should it be obtrusive?
I hope to tackle one tiny part of that problem with Whisper. It's an attempt at building an easy way to send disposable and encrypted emails or pastes. And most importantly, anyone can run an instance of it.
The Technical Details
Whisper is an app built with Python and Bottle, for ease of use and portability. It uses Mailgun as the medium for sending emails, as they offer an API with 10,000 free emails a month for users willing to sign up. SMS messages for cellphone 2 Factor Authentication are sent via TextBelt and the encryption is provided by NaCl using PyNaCl and TweetNaCL.js.
The service is provided over HTTPS and allows users to send messages (optionally) over email. If they prefer not to send the link over email, users are provided with a direct link to share instead. Senders can choose whether to enable 2 Factor Authentication (SMS), encryption, and whether they want the message to expire once opened.
The encryption process involves generating two sets of keys using NaCl. The first is generated the very first time Whisper runs, and is a permanent key used to encrypt messages. The second set is generated whenever a message is sent, with the private key being attached to an image, and the public key used as the recipient for the message.
You might say "Hold on a minute, attached to an image?", and to explain: PNG images allow an arbitrary amount of binary data to be appended to the end of the file, and I'm abusing that functionality in order to make Whisper easier to use. I'm converting the private key to a Base64 encoded string, then writing that to the end of a pre-stored image file. Recipients can then drag and drop this image file onto an encrypted message to decrypt it, with the file being read as a binary stream and the private key extracted seamlessly in-browser.
With the addition of message encryption using NaCl, Whisper is fully functional but lacking UI wise. The plan is to redesign the entire experience from the ground up, implement a few small missing touches, and then launch as 1.0.
In the future, I plan to support two-way masked email address when sending Whispers (sender sees [email protected], recipient sees [email protected] and they are able to reply to each other), disposable recieving addresses, and eventually a chrome extension for key management and inline use with Gmail.