WHISPEER: Social network with end-to-end encryption

Whispeer should be a secure social network. That’s why the developers have an end-to-end encryption built – and made it so that in the final round of Security Startup Challenge.

An encrypted social network: The Berlin-based startup Whispeer wants to implement with his eponymous service. It was founded among others by the computer science student Nils Kenneweg. He is the main developer and wants to ensure that users can talk about private things online safely “. When I’m sick, I tell my friends but I would never put me to the market place and call it out loud in the area,” he says, the marketplace, which are for Kenneweg networks like Facebook or Twitter. Many people wrote there incredibly private matters. Whispeer was for people who go too far the.

But what set the Whispeer developers to promise to protect the talks? But according Kenneweg all data end-to-end encrypted. Even Whispeer as a server operator has no insight into the news and posts. The encryption takes place exclusively in a web app in the browser, saved by the user’s password and a set of cryptographic keys.

Asymmetric keys for communication

There are both symmetric – used and asymmetric keys – all communication participants use the same key. Each account has an asymmetric key for communication with unknown contacts and numerous symmetric key to secure the individual settings, chats and posts. While the password is never sent to the server, the keys are stored on the server, even if encrypted additionally.

This has the advantage that users do not need to manage their key itself, but the disadvantage that safety depends on a good and secret password. For simple passwords rejects Whispeer from: There’s the tradeoff, enter the Kenneweg and his team, because the service is to be not only safe, but also easy to use.

AES-256 is intended to ensure safety

When registering only one user name and password are entered. With the help of the password a symmetric key (AES-256) is generated by PBKDF2. This is needed to store the actual encrypted master key to the server. Using the master key, in turn, all other required keys are generated. Of all the users get nothing. You will only be asked for the registration, if you want to save or print a recovery code for your own key as QR Code and text-string locally. This makes it possible to restore the account, if one forgets his password.

Those who wish can specify name, surname and e-mail address. In the profile settings, there are also fields for date of birth, place of residence, schools attended, or the languages that you have mastered. For each of this information the user can decide who can see it. And also, this data is backed up by individual keys stored on the server.

Something different Whispeer of its competitors: The site is and should remain free permanently free of advertising and for the basic functions. Money wants to take in future with pay additional functions of the service, according Kenneweg. Currently, the four founders finance the company even from its own resources. Also a marketing as secure communication platform for companies, associations and larger organizations is conceivable.