Increasing data collection by government agencies and social media networks has encouraged us to implement better privacy without forcing people to switch to a new platform and sacrificing their existing social circles.

What it does

Hermes is a super simple drop-in solution for encryption of direct messages on social network platforms. No knowledge of cryptography whatsoever is required. For those who are interested, Hermes uses TweetNacl for elliptic-curve Diffie-Hellman implemented through Curve25519, with XSalsa20 as a stream cipher, and Poly1305 as a one-time authenticator.

How we built it

Hermes is a Chrome extension utilizing JavaScript injection to intercept JS events on social network websites and encrypts user messages before they're sent over the wire. A central database containing public keys mapped to unique identifiers allows Hermes to quickly identify which users on your social platform are already using Hermes. This allows us to automatically and seamlessly encrypt messages for other Hermes users on whatever social platform you use.

Challenges we ran into

Reverse-engineering social network front-end JavaScript to intercept events took up the majority of our development time. In addition to having never touched the front-end of Twitter before, this was our first Chrome extension project which brought many challenges in itself.

Accomplishments that we're proud of

Having successfully reverse engineered Twitter's front-end JS to the point where we can successfully and confidently intercept direct message events before they're sent over the wire was an accomplishment that we're very proud of. As we've said, this took a huge amount of time, totaling to over twelve hours spent on experimentation and reiteration to bring us to the point we are now.

What we learned

Being our first Chrome extension project, we learned a lot about the Chrome extension life-cycle, as well as how to properly implement scripts and boiler-plate manifests for the Chrome extension platform. This was also our first project heavily emphasizing cryptography, which lead us to increasing knowledge of public key exchange cryptography. We now also have deep knowledge of how the Twitter user-interface JavaScript works and how events are handled inside of it.

What's next for Hermes

We plan to expand Hermes to other social media platforms, which brings us the challenge of reverse-engineering each platform as we plan to support them.

Built With

Share this project: