View without extension installed
View with extension installed and crypto running in real time
Hermes in action side-by-side with actual data sent over the wire.
Increasing data collection by government agencies and social media networks has encouraged us to implement better privacy without forcing people to switch to a new platform and sacrificing their existing social circles.
What it does
Hermes is a super simple drop-in solution for encryption of direct messages on social network platforms. No knowledge of cryptography whatsoever is required. For those who are interested, Hermes uses TweetNacl for elliptic-curve Diffie-Hellman implemented through Curve25519, with XSalsa20 as a stream cipher, and Poly1305 as a one-time authenticator.
How we built it
Challenges we ran into
Accomplishments that we're proud of
Having successfully reverse engineered Twitter's front-end JS to the point where we can successfully and confidently intercept direct message events before they're sent over the wire was an accomplishment that we're very proud of. As we've said, this took a huge amount of time, totaling to over twelve hours spent on experimentation and reiteration to bring us to the point we are now.
What we learned
What's next for Hermes
We plan to expand Hermes to other social media platforms, which brings us the challenge of reverse-engineering each platform as we plan to support them.