Why are most of us still communicating between each other using e-mail that anyone can look into, or confide our private communications to corporations that, instead of respecting constitutional principles, make profit on it or stand tall to PRISM obligations from spook agencies.

Encrypted communications are still too complicated, never fully re-assuring and not exciting either. Even if you use them right, you still have little chance of hiding who you are talking to, who your social network is.

With secushare we're trying to provide something fun, useful and maybe even exciting, which as a side effect addresses many issues in privacy.

Most applications have become dependent on Internet servers, but it doesn't have to be in a way that the servers know everything about us. If we enable our laptops and phones to interact securely between each other, we can let servers be of help speeding things up, but without exposing our privacy to them.

secushare is a framework for social interaction over the Internet in a way as safe as currently feasible, or at least empowering you to choose a trade-off between safety and convenience yourself. We imagine a social platform equivalent to Facebook, but distributed and encrypted straight from your phone or desktop.

But our framework actually allows any software to make safe communications with people in your social circles, so we'll start with something simple like end-to-end encrypted chat, mail and maybe file exchange. But once that part works, we can create half a new Internet experience on top of such a protocol stack.

The reasons why something like secushare hasn't been done before are manyfold. It requires a profound understanding not only of the design of anonymous systems, but also on how to bring the scalability of cloud technology into non-commercial distributed networks. You still can do business over secushare, but neither secushare nor its users are the product. Sounds simple, but the web has failed big time in that respect.

The network we are currently bootstrapping shall enjoy the speed of servers that help without knowing much about us, the trust of social relationships between users without becoming transparent, the privacy of elaborate obfuscation strategies without becoming unpractical.

This way, we can become independent of centralized infrastructure and rest assured that no one but the designated recipients can read our communications.

We employ GNUnet for peer-to-peer routing and encryption (because it has a more suitable architecture than Tor or I2P) and apply PSYC on top to create the distributed private social graph (because it performs a lot better than XMPP or OStatus).

Radical Privacy is barely enough

We call this secushare, a framework for sufficiently safe social interaction. It arose after realizing that there is no satisfying technology to address the issues we outlined in the FSW 2011 paper entitled "Scalability & Paranoia in a Decentralized Social Network." At the time we assumed to be paranoid, but Snowden has taught us we weren't paranoid enough. Here's what we mean by safe:

  1. updates, comments, postings, messages, files and chat are only visible to the intended recipients (not the administrators of any servers or routers);
  2. the type and content of a message cannot be guessed at by looking at its size;
  3. communication between parties cannot be measured as they may have none to several routing hops in-between. an observer never knows if a communication came where it came from and ends where it is going to;
  4. automatic responses and forwarded messages can intentionally be delayed so that an observer cannot tell two communications are related;
  5. communications cannot be decrypted weeks later, just because the attacker gained access to one of the involved private keys (forward secrecy);
  6. even if an attacker gains access to a cleartext log, there is no proof the material was actually ever transmitted by anyone (for a case in court mere data would not suffice, you need actual testimonies);
  7. the list of contacts is never managed on potentially unsafe servers, it is only visible to those it should be visible to;
  8. the infrastructure is robust and resilient against attacks.

And if you are happy with less than that, we want you to just pull that slider from 'safety' towards 'convenience' on your own responsibility. You no longer need to switch software to pass from one to the other mode of operation.

As we researched in the paper and in further detail in the comparison only some advanced anonymization and P2P file sharing applications have explored these levels of privacy. So we decided to take one such technology and adapt it.

New materials

  • We are frequently asked, why we picked GNUnet over Tor or I2P. You should find the answers interesting.
  • The protocol stack of secushare has become pretty complex. Read more about it on the protocol page.
  • Updated comparison with Best Practice recommendations while you wait for secushare.
  • A Web Respectful of the Constitution is Possible by carlo von lynX. Presented at the W3C Privacy Workshop, describing the features of a private web over secushare-like technologies.
  • The Internet is Broken: Idealistic Ideas for Building a <s>NEW</s>GNU Network by Christian Grothoff, Bartlomiej Polot and Carlo v. Loesch – This paper describes issues for security and privacy at all layers of the Internet stack and proposes radical changes to the architecture to build a network that offers strong security and privacy by default. Presented at the W3C/IETF "Strengthening the Internet" Workshop STRINT.
  • Many reasons not to start using PGP.
  • New pubsub API released, accompanied by tg's masters thesis.

Buzzwords to Dig Into

  • Anonymity - How to keep things for the intended people.
  • Answers - Some FAQs asked and answered.
  • Architecture - How does it stand tall?
  • Business - An authenticated Internet helps business.
  • Censorship - We like ad-hoc mesh networks, too.
  • Comparison - How do other tools compare.
  • Features - How many social networking services can we replace?
  • Federation - Why the decentralized social web thing doesn't work.
  • Identity - How many can I be on secushare?
  • Like - How about a distributed Like button?
  • Privacy - If you have no secrets, you have no life.
  • Protocol - Ingredients: efficiency and extensibility.
  • Prototype - Current status of the prototype version.
  • PubSub - The publish and subscribe paradigm revamped.
  • Rendezvous - How to get started when you know nobody.
  • Rights - You don't need a Bill Of Rights from us. You own us.
  • Scalability - Multicasting, the key to make applications work for billions.
  • Security - Social authentication vs IT security.
  • Storage - How to keep devices in sync.
  • Threats - What if malware messes up your secushare identity?
  • Transparency - Should everything always be open for everyone to see?

Events and Press Coverage

Social network services have gained widespread use world-wide and by very different people. To compare the currently most important social network services, six self-selected use cases and an accompanying user survey were conducted. Comparison and survey confirm that the large commercial providers offer sufficient functionality, but lack in the areas of security, privacy and provider independence. In a world under surveillance, most social network services are not suitable for sensitive personal data. It is shown how the architecture of a system affects the business model of the provider and the possibilities for self-determination and freedom of users. Two social network services currently in development, Briar and Secushare, are presented in more detail, followed by an explaination of technical challenges in P2P-based systems.

Projects that have already expressed interest in this technology

Other interested partners:

Source Code

This is a free software project, since the kind of security we want to give to people can only be credible and trustworthy if it is freely available in its entirety and can be converted to machine executable programs by as many independent persons as possible.

Components of the system are built using the GNUnet framework. The design is described on the protocol page. Current development is going on in…

  • the SVN repository of GNUnet (look at the psyc, psycstore, multicast and social directories). You can obtain it by…
  git svn clone  
  • one possible UI prototype currently resides in secushare.git. Get it with…
  git clone git://  

As the architecture page explains in detail, we don't use GNUnet for file sharing, so you don't need neither a particularely large hard disk nor a lot of bandwidth.

How can you help?

  • You can express your support for us. (example)
  • You can help us get funding, help us with our communications, work out alliances or simply give us more visibility.
  • You can give us feedback if you think we are designing the perfect tool everyone has been waiting for, or if there's anything we overlooked.
  • If you're a web designer, you can help us get a cross-device user interface going as described in architecture.
  • If you're a graphics artist, you can spice us up.
  • If you're a lawyer.
  • If you're a C developer, talk to us to help us with the core service.
  • If you're a developer in whatever other technology you like, you can design or translate a wide choice of tools (see 'Native User Interfaces' in architecture for examples) to work on top of secushare.

And, in any case, if you like what you see here, you can consider diverging some funds in our direction.

P2P Compliance

secushare is supposed to fulfil the following requirements for true P2P:

Oh, by the way, did I mention that secushare also runs over ad-hoc mesh networks?


Here are some answers, or try our welcome chatroom:

Or send a Bitmessage to BM-NB7xa9gEpmJgYp9PVnEdACiZcGmmEJcY.

Stay in Touch

Drop your email address into this box to subscribe the mailing list:

We don't recommend it, but you can follow us on Twitter.

Or send a BM to NB7xa9gE:pmJgYp9P:VnEdACiZ:cGmmEJcY.