pull down to refresh

Sovereign Encryption - a private layer to any messengertimeseed.io/se/
781 sats \ 3 comments \ @avbpod 31 May security

Sovereign Encryption — a single HTML file that adds a private layer to any messenger

Been building this for a while. It's a 450 KB HTML file. Open it, generate a keypair, swap public keys once with whoever you want to talk to. After that, you encrypt your message or file in the browser and paste the ciphertext into WhatsApp, Signal, Nostr, email — whichever you already use. The messenger sees random hex. Only the holder of the matching private key can read it.

A few things that matter:

  • Post-quantum. Uses ML-KEM-768 (FIPS 203). Not vulnerable to harvest-now-decrypt-later.
  • No accounts, no servers, no telemetry. Verify in DevTools — Network tab stays empty.
  • Single file. No install, no .exe, no Electron, no CDN. Runs from file:// with WiFi off.
  • MIT-licensed. Source is the file. Nothing hidden.

Page: https://timeseed.io Tool: drop the HTML file anywhere, double-click. Donate (keeps it free): https://timeseed.io/donate

write
compose
related posts
145 sats \ 1 reply \ @optimism 1 Jun

Some questions:

  1. Why are you using HKDF-SHA-256 with AES-256-CGM?
  2. What made you decide to go all-in on a lattice KEM without any backup?
  3. Some of the scripts (noble, but there's also something in a body script tag) are minified and obfuscated. I really can't review that and the linked github repo doesn't contain plain source either. What's the reason for not providing actual source so that we can just review and build it?
reply
1 sat \ 0 replies \ @optimism 1 Jun

*AES-256-GCM - is what I get for typing on a phone, sorry

reply
1 sat \ 0 replies \ @KolmogorovJr 31 May

Doesn’t work on iOS.

Why would anyone use a tool that hasn’t been publicly audited for security.

Metadata collection is still a concern even when sending encrypted messages.

reply