One of our group members read an article about a journalist named Ed Ou who was stopped at the American border and had his personal phones and belongings searched against his will under the pretext of " Keeping America safe". His statement about the experience: "That wall of naivete that I had about the freedom of the press in he U.S. kind of shattered at that moment" helped us realise the need for a discreet, secure data storage solution.
What is does
PGP2PNG provides a simple cross-platform way to encrypt and hide sensitive files. It leverages keybase to do public key encryption and create verifiable, signatures for encrypted files. This protects the journalist from impersonation as well as from raising the suspicion of border agents .
How we built it
We built the business logic Python and used Keybase to encrypt files which we then injected into regular media files, effectively hiding them in plain sight.
Challenges we ran into
We originally planned to use Google Photos as an unlimited image store for our transport files. We later discovered that Google Photos does not support uploading photos using python. Additionally, devpost deleted our devpost progress 3 times. Furthermore, we were going to use the Alpha channel in images to store our encrypted data. We found it would be better to directly inject our encrypted data into files with lenient parsing. Using the direct data injection method, we were also able to diversify the common file types (such as pdf, gif, png, etc.) we could use as vehicles for sensitive data.
Accomplishments that we're proud of
We are very proud of developing an open source, cross platform tool that facilitates free speech and empowers journalists to cover potentially dangerous stories with no fear of their information being stolen.
What we learned
Privacy has become a global issue and as a result, privacy focused apps such as Signal and Whatsapp have become very popular. In continuation with these trends, we realized there is a desperate need for discreet, offline, secure data storage.
A formal security audit of our software to establish ourselves as a trusted software vendor. That, along with supporting mobile platforms would expand our global audience and lead to a free and open internet.