FAQ
Security, encryption and privacy is broad subjects and I could go on and on about why and how, so I will try to limit this FAQ to the most essential questions and try to point to other resources, for those who wish to understand the subject and the implications better.
Who is Secret Message for?
Anybody who needs to send a secret or password over an insecure channel.
What is an insecure channel?
An insecure channel is basically any form of communication, that does not:
- Encrypt your message before sending it anywhere
- Encrypt your message in a way that only you and the receiver can decrypt it
Some examples of insecure channels:
- E-mail (can be made secure, but don't count on it)
- Facebook Messenger (they even read your messages for serving ads)
- Slack (more secure, but still have access to your messages)
- Skype (more secure, but still have access to your messages)
The easiest way to think about this, is to remember that your unencrypted message should NEVER be copied or stored anywhere.
So unless security and privacy is an explicit feature of a service, it's probably NOT secure.
Some services will tell you, that your communication is encrypted, but that does not necessarily make it private, or secure for that matter.
E.g. Facebook Messenger is NOT private. They keep a copy of your messages on their servers, which might even make it insecure.
Why should I care as a private person?
You might think that you have nothing to hide, but today your identity is largely digital and hackers will try to get as many identities as possible, using software to do automatic attacks.
So even if you think you are not of interest, your identity is.
A lot of people use the same e-mail and password for many services, making it easy to exploit the data from a single hack, to also gain access to e-mail, Facebook, Twitter, etc.
Your entire identity can be exploited to take out loans, create credit cards and amass debts.
- Hackers Infiltrated Mortgage Company Computers to Steal Customer Information
- 'Someone Had Taken Over My Life': An Identity Theft Victim's Story
In the worst case, it's even possible to commit crimes with your identity, which could get you arrested and even jailed.
- Identity theft victim thrown in jail
- Double Trouble: Being an Identity Theft Victim Can Land You in Jail
Why should I care as a company?
Besides all the new regulations like GDPR, there are countless reasons, but here's an incomplete and short list of what a hacker can do with the right passwords:
- Gain access to all of your users data
- Exploit your servers and services
- Read all of your e-mails
- Send e-mails from your address
- Take over domain names
- Exploit or lock you out of your 3rd party services
- Just think: anything you can do, can be done by a hacker
Why should I use Secret Message?
Seceret Message is better than sending your plain text secret or password over insecure channels.
Just remember: having the link and the pass phrase will forever enable decryption of the secret.
In many cases, it would be better to use a good password manager to share secrets.
Here is a couple of well-known password manager: (disclaimer: I am NOT affiliated with any of them).