What is it for?
snique provides a covert, encrypted, low-bandwidth, unidirectional communications channel. As with SSL, it is impossible for a third-party monitoring your internet connection to read the messages you receive (or send). Additionally, it is impossible for a third-party to identify which parties are exchanging messages.
How does it work?
Let’s use the conventional cryptographer’s conceit that Alice and Bob wish to communicate at a distance. Before they separate, they both agree on and record a large number (we call this the shared secret) and a cipher (an encryption algorithm and a mode of operation). Later, in private, Alice composes the message she wants to send to Bob. She then enciphers this using the shared secret and cipher which she and Bob agreed earlier. She then takes this coded message, converts it to hexadecimal and splits it into equal-sized chunks. She then creates a web page with many images, and configures the HTTP Etag headers for the images so that the hexadecimal message chunks are sent in order with the first images on the page. The remaining images are configured with hexadecimal Etags from a random or pseudorandom data source.
Bob then visits the web page. He reassembles the Etags from the images on the page to create the complete hexadecimal string of the encrypted message (followed by random data – Bob cannot tell the difference). He then converts the hexadecimal string to binary, and decodes it with the key and cipher that he recorded earlier. He can now read the message.
This is both more- and less-complex than what actually happens. Less-complex in that Alice and Bob don’t do the work themselves, they use tools to do it (such as the ones in the github repository linked below). More-complex in that the message is prefixed with a magic number and its length before it is encoded, so that we can tell it is actually a concealed message and not a completely random set of Etags.
Where can I get the tools?
How do I use the clients?
Set your key in the extension settings. Messages appear as desktop notifications.
The iOS client allows the key to be changed at run-time: tap the top bar to reveal the address-bar then enter
set-key:<your key in hexadecimal> e.g.
set-key:00112233445566778899aabbccddeeff for the default key. If you enter a 32-hex-character key you are using 128-bit AES; if you enter a 64-hex-character key you are using 256-bit AES. You may enter non-hexadecimal characters such as ‘-’ to make accurate entry of the key more likely. The key is displayed on-screen as you type it and the client will display an alert view if you enter the wrong number of characters: it is therefore important that you don’t enter the key in a public place.
If you visit a page with a snique message your key can decode the client sends an alert to your notification center. Make sure you set the notification settings for snique so that it does not display the message on-screen or make a sound. You can then browse the web in public and read your messages from the notification center at a later time in a private place.
Other than that, the iOS client behaves as a normal web browser (with many rough edges right now but it’s getting better).
The key is hard-coded into the android client, and therefore fixed until the it is altered and recompiled; the android client will be updated to allow the same key-altering mechanism as the iOS client in the future.
The android client is nowhere near as good at pretending to be a web browser as the iOS client is. It does not have an address bar or other basic controls such as back/forward/reload.
And here is the demo
You will need to use the key 00112233445566778899aabbccddeeff to decode the message hidden in this sequence of images.
Q: I work for an oppressive regime, how can I find which people are exchanging messages in this way?
You can’t, that’s the point.