LiveSecret - A LiveView app for sharing E2EE secret data (with Presence!)

Hi everyone! :wave:

I’ve released and open sourced LiveSecret, a Phoenix LiveView app built for sharing single-use secret data between 2 people E2EE. A great example use case is sharing a home WiFi password with your trusted guests.

The basic workflow is:

  1. :shushing_face: The owner of the secret information creates a secret link using LiveSecret.
  2. :calling: The creator shares the secret link and passphrase with the intended recipient using some out-of-band method.
  3. :unlock: The recipient visits the link and enters the passphrase to decrypt the secret.
  4. :fire: The encrypted content is immediately deleted from the sever.

LiveSecret source on GitHub

For demonstration purposes, it’s temporarily available at LiveSecret Demo on Fly. However, if you have your own secrets to share, you need to self-host the app - for your own good.

There are other projects out there that are mature and full-featured (sniptt/ots, guardedbox, yopass, onetimesecret), but I hadn’t seen one that takes advantage of LiveView and Presence, so I decided to put one together.

There is one feature of LiveSecret that I haven’t seen elsewhere: Presence allows the creator of the secret content to unlock a specific web client in real time. This allows the creator to (optionally) verify some information about the receiver before releasing the encrypted data.

I’m a long-time Erlang developer, and this is my first open source Elixir project. Thank you to the community for the great projects and tooling!

:love_letter:

Jesse

40 Likes

Wow, this is really cool! I’ve wanted to build/see something like this with LiveView for a while. This could even be useful for work. It’s a much nicer UX than the secrets transfer tools we use now, and handier than Signal.

One potentially useful feature would be video verification. It would be very useful for me to be able to send a link and then, as the manager, verify the recipient via video and then unlock the secret.

Great work, this is really slick!

5 Likes

Thanks for the feedback fellow Jesse! I like the idea of increasing the live-ness with some extra challenges, and the webcam idea is pretty great. I can definitely picture some other challenge types too. Thanks for taking a look and I hope you find the project useful!

5 Likes

Booom! It Security CAN be easy and fun to use!
Tried it and love it! Especially the live unlock feature. Just send someone a link and in a quick call unlock for that someone to copy the secret, be it a password or personal information. Easy as pie, nice to use and feels safe.
We’ll check it out further and might deploy it next to our services for our company to use for secret sharing.
Thank you so much!

P.S. The feedback after a burn could use improvement, like a redirect to home page with a short burn status information

1 Like

Thanks for the kind words. Can you elaborate on your burn interaction ideas? Current behavior is:

  • Add a flash to the page with some explanation of what happened
  • Change the presence badge to “Revealed” where relevant
  • Disable most UI buttons on the page since they’re no longer relevant.

I would like to keep the “Revealed” badge since it provides positive confirmation that the secret has been successfully decrypted. Otherwise I am open to ideas. I’m certainly no UX expert!

Perhaps something like this to add a little flare:

Sorry my bad! the first few times I used livesecret, the flash didn’t show up…
Now it does so now I feel well informed enough about what happened to my secret.

No worries. But since you missed it the first time through, there is either a bug or a UX issue to address. I’ll take a look to see if there is a better way to manage the flash.

1 Like