Privacy is a basic human right. Here's how FreeFollow is engineered to protect your privacy while sharing with your friends and family.
Privacy Target and Threat Model
FreeFollow is designed to provide people with a way to share posts online in private, that is, without being observed by anyone who hasn't been explicitly invited to join the conversation—including the staff of FreeFollow and our infrastructure providers. Just as many countries have legal protections against anyone listening in on your phone calls without a warrant, we believe there should be similar protections against listening in on digital communications. But since good intentions (and earnest assurances) have a history of proving inadequate, we go one step further and build FreeFollow to ensure that no one—not even us—is able to see your content, using an approach known as "end-to-end encryption" (E2EE).
However, we must be clear that FreeFollow is not designed or intended to protect you against sophisticated attackers, including government agents. So if your life or freedom depends on your government not knowing with whom you're talking, you should not use FreeFollow. Partly, this is to keep FreeFollow usable—tighter security almost always comes with greater difficulty of use, and our mission is to provide usable privacy for normal conversations, not to protect governmental or anti-governmental secrets. So our privacy target is a sweet spot where FreeFollow is both easy enough for grandparents to use, yet built strongly enough to protect your privacy even if our systems or those of our infrastructure vendors are compromised.
To put it another way: FreeFollow is for dads, not dissidents.
What exactly can FreeFollow see?
Similar to the phone system, FreeFollow can currently see "metadata", such as the existence of users, channels, and posts, but not any of the actual content of your communications.
For example, we can see that you're the owner of a channel, but not what it's called, or what its cover image is, or the content of any posts. We can see that you've invited ten people to it, and we know who they are (or at least, their email addresses and what they call themselves) and the number of posts, and who made them, and when. But unlike the phone system, we don't have the ability to see the content of these posts, either the text or any attached media such as photos or videos, because all content is encrypted on your computer before it's sent to our servers for storage, and is only decrypted after it's been downloaded by the other members of your group, on their computers. And of course, the decryption keys are never sent to FreeFollow without being first encrypted themselves. So someone "eavesdropping" on our internal server network could never recover an image that you've posted to a private group on FreeFollow.
Please note that, as currently implemented, your privacy in FreeFollow is only as strong as the weakest password among the people you've invited to join your group. This is because passwords are used (in a very convoluted way) to derive the encryption keys that protect your content. So if your mom is using "Password123" as her password, and your neighbor guesses it, he's going to be able to see all the content in all the private groups she has access to.
Finally, all user profiles are currently public, including your name, image, and any bio or other information you choose to provide, though this may be able to be restricted in the future.
How does FreeFollow work?
When you sign up for FreeFollow you provide a password, and then a random "master key" and a public/private key pair are generated for you, using your computer (or phone). Together, your password and these keys are your core secrets, and they're never shared with FreeFollow. Your account is registered using a recently-developed algorithm called OPAQUE that never sends your password to our servers. That's right, we never see your password, not even once! This is the same algorithm used to provide E2EE in WhatsApp and Facebook Messenger, among other products.
When your password is registered, and every time you login, the OPAQUE algorithm provides a key which is used to derive an "unlock key" that is then used to encrypt your master key before sending it to our servers or storing it on your computer—ensuring that it remains secret. And your master key is used to encrypt your private key before it's stored on our servers to ensure it remains secret. Why the chain of keys? It's so that your unlock key can change (when you change your password) without needing to change your master key.
Whenever a private group is created, a unique encryption key is generated for it, called a "group key", which is used to encrypt and decrypt all of the content in that group. To ensure that this key is only ever available to invited users, and remains a secret from us, it's only sent to us after it has been encrypted with a user's public key. Only that user's private key is able to decrypt it.
To recap: all content is protected by group keys, which are only ever shared after encryption with public keys, and can only be recovered with private keys that are only stored encrypted by master keys which are only available after logging in using OPAQUE with your correct password.