Hey everyone, I’m excited to share a project we’ve been working on called Hush Line. We started this at Science & Design this year, aiming to provide a platform for secure, anonymous communication. It uses public PGP keys, Tor, HTTPS, and SMTP to encrypt messages and keep the sender’s identity a secret.
We’ve designed Hush Line to be versatile and user-friendly. It’s great for journalists who need anonymous tips, employers who want confidential feedback, and educators looking for a safe communication line for students. Plus, it’s super important in places where free speech isn’t always a given. It provides a secure channel for sharing sensitive information without the fear of compromising your identity.
What sets Hush Line apart is its simplicity. We’ve chosen to make it a message-only service, which helps avoid the security risks that come with file transfers. There’s no need for senders to download software, generate keys, or create an account. For the receiver, installation is a cinch with a setup wizard that takes care of everything from Nginx configuration to auto-renewing Let’s Encrypt certificates. I’d love to have more of you in the open-source community join us in making Hush Line even better, and helping to make digital communication safer and more secure for everyone.
I spent 15 minutes but could not find where the comments are listed. I posted a comment to see if I could find it, but I could not figure out how to see the comments.
Thanks for the feedback. You won’t be able to find the messages because they’ve been send to the owner of the tip line. I made an update to the UI last night to help address this. Now, the identity of the person sits on top of the text area, reinforcing the proximity relationship.
Perhaps more clarity can be added. The app allows someone to self-host a private tip line. The messages submitted are encrypted to the site’s owner and emailed to them.
The onion-only deployments are insulated from that, but yes, the public web forms can receive some spam. From the one that’s been running for over a month I’ve gotten 3-4 spam messages. I’ve thought of including a CAPTCHA or something similar, but haven’t decided the best route.
I updated the intro of the public site to mention that it’s a self-hosted product, and implemented a new feature to load a random heading from a predefined list.
