Pages:
Author

Topic: [ANN] MystSafe - The Only Privacy-Preserving Password Manager - page 2. (Read 738 times)

newbie
Activity: 23
Merit: 0
MystSafe users sign up and use the app without providing PII (Personally Identifiable Information). The option to pay the premium fee with privacy-focused cryptocurrencies like Monero and Zcash further enhances user anonymity, but even credit card payment is cryptographically decoupled from the MystSafe account so it does not reveal the user identity.

https://www.mystsafe.com/

newbie
Activity: 23
Merit: 0
Development Update: Introducing New Crypto Licensing. 
We are working on a new type of premium licensing based on technology used in Monero: ring signatures, key images, and stealth addresses.
https://www.mystsafe.com/post/development-update-introducing-new-premium-licensing
newbie
Activity: 23
Merit: 0
Anti-Privacy Policies of Password Managers.
This article compiles the most striking excerpts from the privacy policies of various password management solution providers, highlighting their anti-privacy stance.

https://www.mystsafe.com/post/anti-privacy-policies-of-password-managers
newbie
Activity: 23
Merit: 0
Unmask the secrets to buying anonymously online—without giving up your privacy.

https://www.mystsafe.com/post/staying-anonymous-how-to-safely-buy-sensitive-items-online
newbie
Activity: 23
Merit: 0
🔒 Enhance your online privacy in just a few clicks! Learn how to enable DNS-over-HTTPS in your browser for improved security and privacy. Dive into our complete guide for a safer browsing experience.

https://www.mystsafe.com/post/how-to-enable-dns-over-https-in-your-browser-to-enhance-your-privacy
newbie
Activity: 23
Merit: 0
MystSafe is privacy-preserving password manager with discreet chat and secret vault protected by cryptocurrency-grade tech.

White paper: https://www.mystsafe.com/post/mystsafe-white-paper
Website: https://www.mystsafe.com
App: https://app.mystsafe.com

MystSafe stands out from conventional password managers, secret vaults, and private chats through its two main features:
bulletproof, cryptocurrency-grade security, and ultimate privacy protection.

MystSafe protects your information without keeping track of who you are.
Leveraging advanced cryptography and a permissionless database—technologies underpinning cryptocurrencies—
MystSafe guarantees your secrets and activities remain private, secure, and anonymous.
With MystSafe, no one, including MystSafe itself, is aware your data exists.
This means no one can deny you access, question you, or hack your information.

Unlike most traditional crypto projects, MystSafe did not start as a cryptocurrency initiative but as a fully functional product
accessible to anyone beyond the crypto sphere. Many projects in this domain focus on creating financial pyramid structures or
platforms that facilitate such schemes, thereby neglecting the foundational principles of Bitcoin, which was designed to serve as internet-based money.

Addressing these concerns, MystSafe was initially designed as a standalone app, independent of crypto platforms.
Incorporating cryptocurrency enhances the user experience by removing economic and geographic barriers and attracting more customers
with a feature-rich, real-world product supported by excellent service, while also significantly improving user privacy.

Standard Features
These are standard features found in traditional solutions, but also very important:
  • Unlimited Devices: The users can sync their data between multiple devices, with any hardware platform or operating system, while preserving the security of their data and the privacy of their actions.
  • Secure Sharing: MystSafe users can share their passwords and other secrets with other MystSafe users through built-in chat or with non-MystSafe users via auto-expiring instant share links.
  • End-to-end Encryption: All data (no exceptions) is encrypted/decrypted by default end-to-end within user devices.
  • Fingerprint and Face ID: Instead of using passwords to protect the app on a user device, MystSafe uses a passkey authentication that supports biometric, passwordless access.
  • Free Plan: The free plan acts as a trial that is free of charge and does not involve concerns about refunds. Uniquely, unlike most services, the MystSafe free plan can be used forever, extending well past the usual trial duration.

Key Differentiators
These are not found in traditional solutions and therefore are unique and exclusive to MystSafe users:
  • Unlimited Accounts: MystSafe users can open as many accounts as they want, for free, which allows them to differentiate their interactions with users from different groups and separate public and private affairs.
  • Anonymous Profiles: Account registration does not require providing any personal data such as name, phone number, email, or address. Payments for premium plans are decoupled from the user accounts so there is no link between user identity and account activities.
  • Untraceable Activities: MystSafe employs technology found in privacy-preserving cryptocurrencies that hides the owner of the secret records as well as the sender and the recipient of the chat messages.
  • Undeniable Service: MystSafe's design ensures that no corporation or government can block accounts or restrict user services, providing continuous access to essential data such as cryptocurrency wallet secret phrases. This feature guarantees that users can always access and manage their funds, reinforcing their autonomy and financial freedom.
  • Inclusive Access: MystSafe offers unrestricted and equal access to all, ensuring no discrimination based on location, nationality, or financial history. This commitment allows anyone to use the app, with premium features payable via cryptocurrency for those without traditional banking means.
  • Secret Phrase: Instead of relying on a master password that can be weak, MystSafe account is protected by a 12-word mnemonic phrase that provides cryptocurrency-grade security that can withstand brute-force attacks.
  • Built-in Chat: MystSafe enables users to share secrets directly from the secret screen and send instant direct messages securely and discreetly through its integrated chat interface.
  • Offline Mode: MystSafe stores secret and chat data locally on the user’s device and syncs with the network only when updates are made, enabling read-only access without internet communication and thereby reducing the online footprint.
  • TOR Support: The MystSafe app can work through the TOR network which enables an extra layer of security and privacy protection while eliminating the need for a paid VPN service.
  • Pay-as-you-go Model: The pay-as-you-go license, available through the license portal, uses License tokens based on privacy-focused crypto technology, representing data volume in kilobytes
  • Crypto Rewards: The pay-as-you-go licenses can be exchanged for tradable reward tokens, allowing users to convert any unused licenses into a tangible asset.

Technology Stack
Permissionless, DAG, non-SQL database
MystSafe messages are packed into individual blocks which are generated by MystSafe apps, processed by the MystSafe relay nodes, and stored in MystSafe database. It features open read-write access through relay nodes, with content deletion managed via unique garbage collection by these nodes. Data is organized into interconnected blocks and blockchains, concealing any association between users and their data. The database is synchronized between the relay nodes and ensures transmission of messages between users, simultaneous operation of multiple user devices, and recovery of secret records and chat history.

Stealth addresses
MystSafe blocks have stealth addresses that only the recipient of the message can decode. The network does not know where a message is going and who has sent it. The stealth addresses are not linked to any sender’s or recipient’s public addresses. The public addresses never appear in the network database in clear text.

Blockchains
The daily chat message blocks are publicly linked to each other using blockchain technology, but they are not publicly linked to the sender or recipient. The network database consists of multiple blockchains, even more than one per chat as chat blockchains are initiated daily to allow the expiration of older messages. Multiple blockchains enable high scalability.

The chat history has a retention limit period which is defined depending on the license. Both the client apps and the relay nodes delete the message blockchains that belong to the expired portion of the chat daily. The chat history can be restored, if it is still within the retention period, by scanning the database. Unlike many chat apps, MystSafe client apps don't have to be always online to receive the messages and can connect to the network only when communication is needed.

End to end encryption
MystSafe messages are encrypted end to end, which means that only the chat participants can read them. Every chat is encrypted using a unique, randomly generated key pair that is not directly linked to the sender’s or recipient’s address. The encryption keys are generated and used in the client app and never exposed outside of the user's device in clear text.

Digital signatures
Chat messages are signed twice by the sender. The public signature allows the network node to validate the integrity of the messages and blockchains to prevent spoofing and DDOS attacks. The hidden signature, which is encrypted, allows the recipient to authenticate the sender and prevent spoofing.

Ring signatures
A major privacy concern with any paid service is the disclosure of a user's identity through payment details. When a payment is made using privacy-preserving cryptocurrencies such as Monero (XMR) or Firo (formerly known as Zcoin, XZC), the identity of the payer can remain hidden. However, what if the user wishes to pay with a privacy-exposing coin or token, such as Bitcoin, or any other of the 99% of cryptocurrencies? Or even worse, what about payment with a credit card, which solidly links the payment to the user's identity?

MystSafe does not publicly expose payment information. But what if MystSafe's payment records are hacked? And how can the data records, linked through the license key, be decoupled from the payment information that points to user identity?

MystSafe incorporates a special layer of protection. It utilizes cryptographic technologies, such as ring signatures and stealth addresses, to separate the license blocks, issued by MystSafe, from the user accounts. After payment is processed, MystSafe issues a special encrypted block with the account license key, which can only be decrypted by the account owner. This owner finds this block by scanning the license database and looking for a stealth address that matches their account address.

Furthermore, when creating a license proof and attaching it to a new data block, the system employs a ring signature that conceals the actual license block behind multiple 'decoy' license blocks. The ring signature contains one real public license key, which belongs to the user account, and several 'decoy' public keys from other users' license blocks. Since all these license blocks are valid, MystSafe verifies that all the license keys in the ring belong to valid licenses, but it cannot determine which one is the actual user's. Thus, by examining the license and data blocks, it is impossible to discern who created the secrets or messages.

Proof of work
Each block has a small PoW (proof of work) generated by the client before it is allowed to broadcast a new message to the network. PoW data has a time-sensitive dependency element to prevent replay and pre-generated DDOS attacks.

Environmental keyless encryption (beta)
Application Secrets (Beta) are secured using environmental encryption, without hardcoded credentials or cryptographic keys.

More info: https://docs.mystsafe.com











Pages:
Jump to: