ChatSeal for iOS Support

ChatSeal App Logo

Frequently Asked Questions

  • What is a seal?
  • How should I choose my seal image?
  • How secure is the encryption used by ChatSeal?
  • How can this possibly be private on my public Twitter feed?
  • Where are the settings to add a Twitter account?
  • How do I share a seal?
  • Why am I or my friend not receiving messages?
  • How is my personal data handled?
  • What does it mean when ChatSeal wants to share my active feeds?
  • What does the inactivity self destruct option mean for a seal?
  • Why can I only share my seal with someone nearby?
  • Can my seal be stolen?
  • Why is ChatSeal only available in the U.S. App Store?
  • My question isn't covered by these answers.
 

ChatSeal is built around the metaphor of a wax seal to represent a way to identify yourself to others and keep your messages private.  Internally, your seal is made up of two types of encryption keys.  

  • A 256-bit AES key for encrypting the messages to your friends.
  • A 2048-bit RSA keypair for securely identifying you to others and ensuring that friends can only read messages you write with the seal.

When you share your seal with a friend they receive your AES key and the public key of the RSA keypair.  Everything you send to them is encrypted with your AES key and signed with your RSA private key.  In order for your friends to open a message, they must both verify your secure signature and decrypt your message.   When they reply to any of your messages, a one-time AES key is generated for the response and encrypted with your RSA public key.   Because you are the only one with the RSA private key, it ensures that only you, and none of the other people who have your seal, can open up a response from a particular friend.

 

When you create a seal, you must select a photo to represent your identity.  This image will be stamped on messages that get posted on your Twitter feed, so it is important to choose a photo that is appropriate for public viewing and also adheres to Twitter’s terms of use for their service.

 

ChatSeal encrypts your messages with a 256-bit AES encryption key.   There are different ways of answering this question, but based on the capabilities of current computer systems, it is generally agreed that it could take in excess of many billions of years with every available computer on earth to crack a key of this length.  That isn’t to say that some time in the future it will be more feasible to crack the key, but for now this is one of the best forms of encryption available on your device for protecting data.

 

When you want to communicate privately, you’ll need to either share one of your seals or accept a seal from a friend.  Follow these steps to share a seal:

  1. Make sure that both devices (yours and your friend’s) have Bluetooth enabled at the very least, but if you can both be on the same Wi-Fi network, that will make the process more efficient.
  2. Go into the Seal Vault tab in ChatSeal and either share your active seal or select one of your other seals and then choose the ‘share’ option at the top of the screen.
  3. If your friend has just installed ChatSeal, but haven’t yet written a message, they’ll be given an option to accept your seal from the first screen.  Otherwise, they can go into their own Seal Vault and accept the seal.
  4. Your friend will scan the QR code on your device to transfer the seal.

 

ChatSeal operates by mining you and your friends’ Twitter feeds for messages.   The personal messages you write are encrypted and then stored inside an image using steganography, which is just a technique for hiding secrets in the colors of a photo.   When ChatSeal can decrypt a photo it finds, it knows you have a matching seal and will import that message into your secure message vault.   

Most of the time, ChatSeal will automatically discover which people are important to watch and find their messages automatically.  It does this when it finds a message from them on your home timeline, when they share their active feed list with you or when you explicitly add them to your list of friends.

The most reliable way to ensure you and and your friends can exchange messages is for you to follow each other’s Twitter feeds and ensure that you aren’t muting/blocking them or vice versa.   Although you generally don’t need to follow friends to get their messages (unless their Twitter account is marked private), it tends to work much better because their messages will then show up in your home timeline.  ChatSeal always first checks your home timeline and then secondly any timelines of people who have been proven as sources of personal messages in the past.

 

First of all, ChatSeal never sends anything whatsoever to RealProven.  Your data is personal and we don’t have any interest in it.  Please consult the ChatSeal Privacy Policy for more a more complete discussion.

As for the data that is managed on your behalf, everything with the exception of a few details that keep track of the user interface in the app are either fully encrypted or secure-hashed on disk.   All of the encryption keys for your seals are accessed through the standard iOS secure keychain. 

Each time you install your app, you will have a special application-wide encryption key that is used for all the data that is common to the app, like your seal vault or feed database.   This key is only used on your device for that specific installation of ChatSeal.  If you install ChatSeal somewhere else, it receives a separate, secure key for all of the common data.

Every message thread that you create or is created from a friend is encrypted with the seal’s encryption keys that is associated with it.  This allows you to be absolutely sure that only the keys for your seal can open those messages on every device with which you’ve shared your identity.   If the seal is revoked or expires, its keys are destroyed and those messages are cryptographically locked until you re-share your seal. 

 

The first time you share a seal or within the Feeds tab in ChatSeal, you have the option to share your feeds with people you interact with.   When you share your feeds, the names of each active Twitter feed (@realproven, for example) and a short list of the last few tweet ids with personal messages will be included.   Sharing your feeds only occurs when you share a seal or when you send a personal message, and is always performed over a fully-encrypted channel.

Sharing your feeds allows your friends’ ChatSeal app to know where you prefer to post your messages so that it can mine those locations for content.   If you do not choose to share your feeds, nothing will be transferred about your preferred post locations, but your friends may not always receive your personal messages. 

Every seal you own has a special duration assigned to it which only you can see or modify.  This duration is called its Inactivity Self Destruct timer.  If a friend does not receive at least one message from you before that timer expires, the seal will expire and all of its messages will be locked until you re-share your seal with them.   You can update this expiration time whenever you wish and the next time you send a message every friend who opens it will have their seal’s expiration time updated. 

The purpose of seal expiration is to allow you to maintain control of your content even when you lose contact with someone.  Eventually all messages eventually expire for everyone except the owner of the seal.

The Inactivity Self Destruct timer can be modified for each seal that you own from the Seal Vault tab.

 

At the moment, ChatSeal only allows you to transfer a seal by having a friend scan it.  The purpose for this is to minimize the chances that someone could give your seal to others without you knowing about it.   It isn’t hard to imagine that if you sent an e-mail with your seal to a friend, they could easily then forward that e-mail on to ten other people without your knowledge.

 

Generally speaking, it is unlikely your seal will be stolen if you and your friends are using ChatSeal as it is intended to be used.   Whenever you transfer a seal to a friend, it is always performed over a custom local network channel with a secure AES encryption key that can only be retrieved from your seal’s QR code.   Once a friend has your seal, they cannot share it with anyone else and can only delete it from their own device.

However, if you share your seal with a friend who has jailbroken their iPhone/iPod it is possible that they could copy it and give it to someone else.   The best bet is to only share with people with authorized versions of iOS on their devices.

 

United States export law is very clear about what kinds of encryption are permitted to be exported without approval from the Bureau of Industry and Security.  Unfortunately, ChatSeal’s encryption is too secure to be offered in other countries’ App Stores.  Depending on interest, we may investigate getting the proper permission in the future.

 

Please contact us and we’ll do our best to answer your question promptly.