Official repo of the Private Party!
We use SEA which depends upon native WebCrypto in the browser.
WebCrypto has been audited and is the leading industry-standard cryptography library, implemented by all major browsers.
ECDSA and ECDH keypairs are generated upon installation. You can import your own keys if you would like, but we have no user interface for it yet (coming soon).
- Works anywhere on the web.
- All code is Open Source.
- Party Mode has no servers.
- Party Mode makes 0 network calls.
- Secret Agent mode needs Diffie-Hellman key exchange.
- "Server" code is Open Source.
- No central server, no proprietary server, you can run your own.
- "Server" is a decentralized mesh network of peers.
- Your keys cannot be accessed by any server or peer.
- PARTY is fully P2P with WebRTC.
- When WebRTC fails, PARTY uses peers.
- Peers cannot see encrypted data.
We popup an IFRAME of the browser extension ontop of the website, and only render the decrypted plaintext at rest in the clear inside of the IFRAME. This prevents websites from scraping your decrypted data since they do not have the same origin (CORS) as the extension.
This is intended to be used on private channels (email, Twitter DMs, Facebook private messages, etc.).
P2P/decentralized Diffie-Hellman key exchange is used. This description is taken from our friends at dimension who will be releasing maskbook, a competing and compatible alternative to PARTY:
- Alice generates an ECDSA/ECDH P-256 keypair.
- Alice publishes her public key in a post.
- Bob, a friend of Alice, does the same.
- Alice's post is encrypted with an AES-256 key.
- Alice chooses who can read it, say Bob.
- Alice Diffie-Hellman mixes Bob’s ECDH public key to derive a shared AES-256 key.
- Alice encrypts the post's key with Bob's AES-256 shared key.
- Alice shares the key with Bob via a P2P/decentralized network.
- Bob mixes Alice's ECDH public key to derive the shared AES-256 key.
- Bob decrypts the post's AES-256 key with the shared AES-256 key.
- Bob decrypts the post with the AES-256 key.
Please watch our animated 1 minute Cartoon Cryptography explainer series to understand this better.
This is intended to be used on public or quasi-public sites (Reddit, Slack, Facebook groups, etc.).
Anybody with the browser extension can run Proof-of-Work to decrypt a Party Mode post (this does not work for Secret Agent posts).
This makes it hard for mass surveillance and surveillance capitalism to spy on users. Facebook gets 10K+ posts/sec, it would take them about ~1hour to decrypt 1 second worth of data. They might as well mine Bitcoin instead.
But friends and other partiers can decrypt each post with a PBKDF2 SHA-256 Proof-of-Work derived AES-256 key in about ~half a second.
Need help with a mobile version!
Openly licensed under Zlib / MIT / Apache 2.0.
Created with ♥ by ERA, Mark Nadal, the GUN team, and many amazing contributors.
You agree to the Terms of Use if you install the extension. This is so we don't get sued.