FAQ

How MystSafe is different from other solutions?

MystSafe is different from other secret vaults, password managers, and private chats. Although there are several distinguished features, they can be packed into two main key differentiators.

Bulletproof, cryptocurrency-grade security

Don't you think that protecting multiple passwords with a single password is ridiculous? But that's exactly what all password managers, secret vaults, and private chats do: they ask you to create and memorize a single "master" password to protect all your secrets. In the best case scenario, such a password is used to generate an encryption key that encrypts data at the client so it is stored encrypted in the centralized database. Since the master password created by user has to be memorized, it is cryptographically weak and prone to well-known attacks. To compensate for this weakness, vendors use various tricks such as locking account after several failed login attempts and multi-factor authentication.

So far so good? Until it comes to the moment when the server database is hacked and encrypted data is stolen, which is, let's face it, very common scenario. Now, the hackers get access that is not limited by number of attempts and not restricted by MFA. Secrecy of the master password becomes insufficient to withstand brute-force and dictionary attacks, and it is only matter of time when it is going to be cracked!

The alternative approach to data security exists for more than fifteen years and it's called cryptocurrency. In the heart of crypto technology is the blockchain database that is visible to everyone so it must be able to withstand any kind of persistent crypto attack. MystSafe uses the same concept as cryptocurrencies to protect its user data. Secrets and messages are stored in a permissionless blockchain-like database, which can be accessed (but not decrypted!) by anyone. Instead of weak master password, the 12-word security phrase defined by Bitcoin standard encrypts data end to end.

Ultimate privacy protection

Most password managers, secret vaults, and private chats are not private by definition. A lot of companies are deliberate or involuntary witnesses of everything you do online. First of all, think of the service provider itself, their email provider, payment processor, and bank. But also your email provider, phone service provider, bank, and credit card company, and the list goes on. All these entities collect and store your activity records and may give away this information to hackers or governments, so they would know where you hide your secrets, when you access them, and how you use them.

Once again thanks to cryptocurrency-like design, MystSafe does not have any tracking information about your activities and so it does not allow others to collect it. Nobody even knows (including MystSafe) that you use the tool because you don't enter any personal identifying information such as phone number, email address, location, or real name to create an account and use the app. The premium fee can be paid with crypto, including privacy-protecting Monero and Zcash.

It is impossible to determine the owner, sender, or recipient of any given secret record or chat message, even if someone taps into MystSafe communications or has full access to the MystSafe database. The app is running in a browser, so it does not require installation or leave traces on user's devices. You can run MystSafe app in TOR browser for even higher level of privacy.

Is MystSafe free?

The free plan serves as a trial that does not require payment or money-back concerns. However, unlike most solutions, MystSafe's free plan can be used indefinitely beyond the trial period. This is enabled through a blockchain-like architecture where data records and their modifications are represented by individual blocks with timestamps. Once the trial period expires, the network deletes the expired blocks, effectively freeing up the resources.

Users can still add new secrets and start new chats, which remain valid for another trial period. Additionally, editing an existing record effectively resets its expiration date, allowing users to perpetually refresh their data.

Is it safe to run the MystSafe app in a browser?

It is absolutely safe to run the MystSafe app in a browser. It is actually even safer than traditional installation because it does not leave any traces on your device. If you clear your browser history, no one can determine whether you have ever used MystSafe.

The browser app provides better resilience and privacy because MystSafe is not dependent on app stores, so Apple, Google, or any other corporations–app store operators cannot ever block MystSafe or track your app downloads.

Unlike most traditional web apps, the MystSafe app is designed to run 100% in a browser on your device, so sensitive data never leaves your computer or mobile phone.

Is there a way to prove that my MystSafe address is private and that my secrets and messages are secure?

There is a simple experiment that anyone without much knowledge about computers can do to make sure that the encryption keys never leave the client app: 1) go to the app site to open the MystSafe application; 2) disconnect your device from the Internet (for example, if it's a mobile phone - put it in airplane mode); 3) try to delete and create a new account (but don't forget to backup your existing account if you want to use it again). You can see that the app is able to create a new account even while disconnected from the network, which shows that the account keys (and all individual chat keys) are generated in your device and never leave it. (Of course, if you try to create a secret or send a message it won't work because new secrets and messages need to be sent to the network).

Why am I seeing a warning about secret record expiration?

MystSafe's concept of "user account" is different from the one implemented by conventional secret management solutions since MystSafe is focused on privacy. Looking at the database, nobody knows (even MystSafe) which record belongs to which account as everything is encrypted - an approach similar to cryptocurrency blockchain database. Thus, any limitations cannot be applied to an account in whole but rather being applied to individual records. By limiting the lifespan of secrets, contacts, and other data, MystSafe ensures that the database does not grow endlessly, and there is always enough space to support new users and free accounts. To circumvent these limitations, you can get the Premium license which removes lifespan and size limitations on any user records. But if you cannot afford it yet, there is still a way to use free account continuously by periodically modifying existing records- that's another difference from other secret management tools which have hard stop for free accounts and enforce the users to purchase a license, or otherwise the data will be lost or their account will be limited by number of secrets. When you modify a data such as secret, MystSafe does not actually modifies the existing record but creates and stores a new block which gets the expiration counter reset. The old block will be then deleted by the garbage collector. This way the users can |renew" their free licenses unlimited number of times. At the same time, the records that are not "renewed" (which means they are not needed anymore) will be gradually expiring and freeing up the database space.

Is my MystSafe account linked to my identity when I pay with credit card?

When you pay for MystSafe services using a credit card, we implement robust measures to ensure your identity remains confidential and is not directly linked to your MystSafe account in a publicly accessible way. Although credit card payments inherently carry your identity information, MystSafe employs advanced cryptographic technologies, including ring signatures and stealth addresses, to decouple your payment details from your MystSafe account. For more details check Technology Stack section Ring signatures.