Bring seamless PQC encryption into every messenger you already use
4 points
4 hours ago
| 0 comments
| HN
Hi everyone!

I am a big privacy activist and I strongly believe privacy is a fundamental human right.

Lately, things have been quite frustrating to say the least. We have Meta removing end-to-end encryption over the past months, the continuing debate around EU Chat Control, and major technology companies collecting enormous amounts of data while building their own AI systems.

The most popular messengers are convenient because everyone already uses them. But most of them are not truly privacy-first.

It's also the reason why consumer social apps are such a competitive field.

Telegram, for example, markets itself heavily around privacy, but normal Telegram chats are not end-to-end encrypted. Users are still trusting Telegram to create, store and manage their private keys on their own servers.

But there are much better privacy-focused tools that I myself have also been a user of throughout my life. Signal stores keys locally and makes end-to-end encryption the default. SimpleX takes a more decentralized approach. Meshtastic allows hardware networks. Many of these projects are open source and solve real privacy problems.

But they all face the same major issue: the network problem.

A messenger is only useful when the people you need to talk to are using it. It is difficult to convince your friends, family, coworkers, or customers to leave the applications they already use and move somewhere else.

That is why I started thinking about a different approach to restore privacy in our daily lives. Instead of creating another messenger and asking everyone to switch, what if we could bring private encryption into the messengers and social platforms people already use?

That is what I am building with my side project experiment, Ekko.

Ekko lives inside your browser extensions or mobile keyboard. You write a message normally, Ekko PQC encrypts it locally before it reaches the messenger, and the recipient decrypts it locally on their device. The messenger only transports the encrypted content.

PGP showed decades ago that individuals could control their own encryption keys. But it also showed how difficult encryption becomes when users have to manually manage keys, copy messages, encrypt them, paste ciphertext, and then repeat the process to decrypt a response.

Strong cryptography is not enough if normal people cannot use it.

The goal with Ekko is to make that process seamless with modern, already popular messengers. You should not need to understand encryption algorithms or switch to self hosted solutions, move applications.

Ekko is still early. We have a good working prototype that I am testing with friends in early access while we build out a backend infrastructure and ace the seamless messengers integrations. It does not work perfectly just yet, but we are actively getting there!

The applications, browser extensions, and cryptographic code are intended to be open source.

The messenger may still see metadata, including who is communicating, when messages are sent, and how frequently people communicate. A platform could block encrypted messages or break an integration, but it could actively be battled back, especially when we have almost a billion Europeans about to be actively surveilled.

But it could give users control over the actual contents of their messages without forcing their entire social circle to move to another platform.

I would appreciate direct criticism, especially around the security model, key exchange, multi-device support, metadata, platform restrictions, and whether this approach actually solves enough of the network problem to be useful.

Just publitised this idea two days ago and started building in public so any thoughts are appreciated :)

https://useekko.app

I would love to talk! Any inquiries, suggestions or collaborations, kirill@useekko.app

Lets fight for the right to privacy to never be suppressed!

- Kirill from Ekko

No one has commented on this post.