FAQ

how does it work?

All content stored within our infrastructure is secured both in transit and at rest using the latest in end-to-end encryption technologies. To illustrate let's follow a simple account setup process:

  • You choose your username and password
  • A unique random salt is generated for your account
  • Your login credentials and your unique salt are hashed using PBKDF2 of 10,000 iterations
  • A unique asymmetric encryption key pair is generated and encrypted symmetrically using a derivative of your password
  • Your encrypted keys are sent up to our secure servers using SSL/TLS encryption
  • Before your data ever leaves your phone, it is fully encrypted and can ONLY be decrypted with YOUR password
  • Additionally, our servers write data to an encrypted disk which further protects against data theft.

Now that you have your account setup you can upload your first file:

  • All Tribes have unique symmetric encryption keys that give the authorized users the ability to decrypt files stored in that tribe.
  • When a person joins a Tribe they are given a unique encrypted copy of the Tribe’s encryption keys, these are never stored nor transmitted in clear/plaintext and we (nor anyone else) can ever see it.
  • When you upload a file to a Tribe, the file is encrypted using the Tribe’s encryption key, and the file is written to disk as an encrypted BLOB element.

Important takeaway thoughts:

  • NOBODY can ever see your data in decrypted form unless you allow them. Your login credentials are stored in hash format only in our database, and your encryption keys are always stored encrypted with your password.
  • Even if someone was able to hack into our servers and steal all of our records it would be nearly impossible for them to know your username, password, encryption keys, or any other non-public account data.
  • All files are encrypted using a unique encryption key, and those are securely shared only with persons you authorize. If you choose not to share files, then no one else except for you can ever see your files.

Not even SecureTribe can see my files? Really?

Yes and well no, but allow me to explain. There is one case in which SecureTribe staff can access files within your Tribe, and that is if you or someone else authorized to access your Tribe "flags" a file as illegal or inappropriate. In that case, the SecureTribe app "invites" a highly specialized (and access restricted account) into the Tribe. Doing so allows senior technical staff at SecureTribe to evaluate the Tribe for possibly illegal files. In the case that potentially illegal content is found, the information is forwarded to law enforcement. If nothing is found, the SecureTribe account is unsubscribed from your Tribe and no longer has access to the files.

You might be wondering. "Wait a second. How can the SecureTribe app invite itself to my Tribe if supposedly they don’t have the keys”. That is an excellent point and the reason it is brought up here. It is true we DO NOT have your keys, and we have absolutely no way of "figuring them out." But if you have authorized someone to see your Tribe, they do have a copy of the keys for that Tribe. For that reason, when they Flag a file, they are securely transmitting a copy of their key of that specific Tribe to us.

Aside from this situation, there is absolutely NO WAY anyone (including SecureTribe staff, nor NSA hacker-dudes, nor Russian Mob hacker-dudes) can access your files. PERIOD! Basically, do not share illegal content with others because you never know who might turn you in.

Is our data encrypted?

As explained above your data is always encrypted during transport and storage on our servers. SecureTribe uses TLS to protect information while in transit across the Internet. Additionally, we have implemented TLS1.2, HTTP Strict Transport Security, and Perfect Forward Secrecy (PFS) to further support data protection. You can review an independent review of our website SSL/TLS protocols from SSLLabs.