Vuash — Send secret messages safely.

@elizabethhunker Now nobody will know what the question was 😄

@elizabethhunker This actually reminds me that another use for Vuash I forgot to mention is handing out free prizes. Whoever clicks first wins the prize, that might be a game key for example.

@arunpattnaik It's not a messenger. In messenger apps, there's a chat history, and messages must be manually deleted if you don't want them available for look up. I like to think of Vuash as more of real world telegram, or self-destructing letters from action movies.

@keirwilliams Sure. It's more suitable for sharing stuff that both parties want to be secret. Stuff that you both don't feel comfortable sharing by e-mail or instant messengers, and don't wanna bother or can't use paper or voice.

@qahersalah I use it very frequently, hence why we ended up making it. We made Vuash in a time when most services we used for web development didn't offer multiuser accounts, so we had to exchange login credentials quite often. Thankfully that has not been the case anymore, so I use it mostly for other less sensible things now.

@alex_delegard I feel your pain. I tried several ways of easing this process, but this plain text box was the best I could come up with in the end to serve both desktop and mobile. Copy buttons are usually made in Flash or, more recently, with JavaScript that isn't yet widely supported. One thing I could try that would work on most devices is having the URL be an actual link, so you can long press on mobile and copy or open in a new tab and copy from that. I'm open to suggestions.

@rmasoni @alex_delegard If browser support is the issue why not just provide both a text box and copy button?

@samayres1992 This adds clutter and broken functionality if we don't go out of our way to make it show only in supported browsers. I think we might go with the “long press” route in the end, as I've seen some big names using it.

@avizuber Oh, cool! I've seen that feature in other apps. Have yours been down for long? Maybe it was the one where I saw it as the name is very familiar. As we developed client-side encryption in version 2, which we think downed attack opportunities to a minimum, we decided against adding more features to keep it very very simple.

@rmasoni Sounds awesome. I think mine has been down for over a year at this point. There are some traces of it here: http://launchriot.com/category/m...

@gopietz You're right, if the sender's system is compromised in a way that it leaks the link to someone else that might be interested in it, Vuash ceases to be useful. Vuash doesn't identify who created the message or who's intended to open it either, so in that sense of the word there's indeed no authenticity and as a consequence no integrity as there's no way to compare the original intent to the end result. A way to mitigate that would be requiring a password in order to unlock the link, but that's too complicated. I think the nice thing is if both ends are relatively safe, not suffering from sniffing and/or directed attacks, Vuash turns out to be quite useful in my experience. Even if WhatsApp and others offer end-to-end encryption — that's orders of magnitude more robust than ours —, they're not designed for the same purpose, they're meant for conversations, for keeping a history of back-and-forth dialogue. I would never *feel* secure typing credentials in a messenger app, as there are social implications in this case. Yes, the environment around the app can make it useless, but that's how it works with most other apps as well. I use Vuash very frequently myself, and I think it works great when both parties are aware of its value and how to properly make use of it. Not sure if I was able to clear some things up, so please let me know what you think.

@cbanowsky Thank you for the suggestion. I've added a deploy to heroku button to our github repo, so now you are just one click away from deploying vua.sh app to heroku: https://github.com/current/vuash.