HighSide Blog - Subscribe to the HighSide blog for privacy & security info, online security tips and actionable marketing + startup advice by the HighSide founders.

ClearChat Becomes HighSide, Inc

3,482 views · October 25, 2017 · Brendan Diaz

Bottomline Up Front

For those of you not interested in all of the exciting details, this is what you need to know: ClearChat, Inc is now HighSide, Inc.

To get the new HighSide app, all you have to do is boot up your existing install of ClearChat and after about 60 seconds you will be prompted to update.

(If you need to reinstall the app, or install for the first time, that’s not a problem and you can easily do so from here.)

But why? What’s a, “highside?” Are there new features? Was ClearChat acquired?

Ah, so you are interested in the details after all! I’m happy to explain and answer any of your questions, please read on.

HighSide Open Sources its Encryption Code

3,071 views · January 23, 2017 · Jonathan Warren

Here we open source the encryption modules used in the ClearChat client. We share it under the MIT license in the hope that it will be of use to the public.

AESEncryption.py does authenticated AES256 encryption and decryption.
highlevelcrypto.py does public key operations like encryption and signing.
example.py shows how to use them. It runs under Python 2.7 and there are two prerequisites: pyelliptic and OpenSSL.

Forget Apple vs FBI, Slack & Gmail already have Backdoors

17,887 views · March 9, 2016 · Brendan Diaz

Apple vs FBI should be the least of your concerns, because right now your emails, chats and files are not private, and they’re certainly not secure.

Not at home, and not at work.

If you’re like most internet-goers there’s a good chance you’re using some combination of Slack, Gmail, Dropbox or one of the many other popular message and file sharing apps on a daily basis; so why worry about Apple building backdoors into the iPhone if you’re perfectly content sharing your most sensitive messages and files through apps that already have the equivalent of built-in backdoors?

Value your privacy and security? If the answer’s yes, then you’re going to want to keep reading. And buckle up, because you’re in for a few surprises.

In this post we’re going to talk about how the communication, file sharing and file storage layers have become a huge security vulnerability for individuals and organizations of all sizes, why, and what you can do about it.

How HighSide Works

6,714 views · March 7, 2016 · Jonathan Warren

ClearChat is the name of our company and also the name of a stand-alone desktop (and eventually mobile) client. The client encrypts messages so that only people participating in a group can read them. Here we discuss how that works.

This is a technical overview of how ClearChat works for those who are interested in specifics. You do not need to read or understand any of this to use ClearChat correctly unless you are the admin for your company in which case you might choose to just read the section on authentication.

TL;DR Each message is encrypted then HMAC’d with a randomly generated unique 256 bit key using AES-CTR, hereafter the “AESEphemKey”. Then, for every participant who must receive the message, the AESEphemKey is encrypted with the participant’s 512 bit secp256k1 elliptic curve public key and that encrypted AESEphemKey is added to the top of the ciphertext as a header. The whole thing is signed using ECDSA and SHA256, and then the information is sent to the server and relayed to the receiving clients. Each receiving client checks the signature, finds their header, decrypts the AESEphemKey using their private key, and then decrypts the main ciphertext using this AESEphemKey. Sending files works similarly except that files are split, compressed, encrypted, and sent in pieces to speed things up. Key authentication is taken care of by an admin at your company; if users trust the admin then they do not need to all verify each other’s keys.