Your life to share, not to harvest
Every bit of information is a door to your world. It's your life. We believe your life deserves protection and you should decide who to let in — who to trust. Below, we explain the steps we take to protect your life from others who wish to harvest it, and the vulnerabilities that may exist, so you can make an informed decision.
We considered numerous security designs, each with their own advatages and tradeoffs, when building Metamorphic.
We chose an approach that we felt best met our goals for privacy, data ownership, protection of personal information, and our environment.
Why we did it this way
We feel this approach best serves our goal of being (1) easy to use, (2) private, and (3) secure. Arguably the biggest sticking point for ease of use, is the two-factor authentication. But, that alone increases the security of your individual account by mountains of magnitude, so we felt it was worth it.
In terms of privacy, the biggest factor is people not having control over who they're sharing their information with. That loss of control begins and ends with the company behind the service. We eliminate that problem by applying password-derived asymmetric encryption for each person's account. That means that only you can ever access your account (don't lose or forget your password!) and its data.
This creates something we're particularly proud of: in-app encryption. It happens transparently, behind-the-scenes, and enables you to keep your information (photos, letters, etc.) private to your eyes only (and whoever you choose to share with). We then wrap that encryption in a second layer of at-rest encryption to further protect your data during storage. Lastly, any information sent outside the system, like an email, utilizes in-transit encryption to protect it on its journey.
Lastly, we implement access control policies for our company as well as service, which means that (1) there is no single set of log in credentials that provide access to the entire system; and (2) other people using the service cannot see anything that you haven't explicitly shared with them.
Reporting security issues
Security of our networks and services is vital to our business and mission. Even though we're tiny, we make it a big priority. If you are a Metamorphic subscriber and have a security issue to report regarding your personal Metamorphic account, please visit our Support site. This includes password problems, login issues, suspected fraud, and account abuse concerns.
If you have discovered a vulnerability in Metamorphic and/or any Moss Piglet product or have a security incident to report, please send your report to us at firstname.lastname@example.org or email@example.com. We will respond as soon as we can to fix verifiable security issues. Our public key will be attached to the email and you can use it to verify and encrypt messages to us.
When notified of legitimate issues, we will acknowledge your report, begin investigating the issue and will work to correct any vulnerabilities quickly. We will also create and publish a "Hall of Fame" section on our security page to acknowledge your work and contributions to improving the security of our networks and services.
Moss Piglet is a small, family-founded company with Mark being currently the sole creator and developer of our products, including Metamorphic. With this in mind, we encourage you to be patient and understanding as we work to address your report.
How we keep you safe
Our security features help protect you without getting in your way. We focus on security so that you can focus on sharing and connecting with the people in your life.
We implement strong encryption to protect your account and data. Encryption keeps you safe.
Optional and easy 2FA enables strong account security without getting in your way.
When you delete something, it's gone instantly (forever after 7 days). Easy and under your control.
Password Breach Alerts
Passwords are checked against haveibeenpwned on registration and log in to alert you to data breaches.
Private 1-way Requests
Receive the info you need to accept/decline a new relationship without revealing anything.
Private Encryption Keys
Your key is derived from your password (which is unknowable), so only you can decrypt your data.
System wide access control ensures strangers (corporate or otherwise) do not have access to your data.
Connect for You
Only the people you choose can connect, share, and see information about you.
Security in a sea of surveillance
There is no question that encryption keeps us safe. We have used a combination of asymmetric and symmetric encryption to keep your data (your life), safe — even from us. However, there are still considerations to keep in mind.
Since Metamorphic is currently only a web server application, we don't have "total" control over the client's privacy and security because the client is the browser. As long as you are accessing something through a browser, your privacy and security are in the hands of that browser. This is why we recommend Mozilla's FireFox (or Tor) for desktop and DuckDuckGo's app for mobile.
With that in mind, we have implemented in-app encryption to ensure only you can decrypt your data (not even us), strong encryption for all data at rest, strong authorization protocols, and isolated access control systems with separate account credentials.
You can further protect your privacy and security while using Metamorphic with these simple steps:
- Use Mozilla's FireFox browser (or Tor)
- Set FireFox's privacy and security policy to "Strict"
- If using Tor, set to "Safer" or site features may not work
- Bonus: Use Proton VPN (free or higher)
Remember, with any other browser, someone is looking over your shoulder.
Encryption in-app, in-transit, and at-rest
We use the NaCl/libsodium libraries for our in-app, asymmetric encrytion and AES-256-GCM with random initialization vectors for encrypting data at-rest. At-rest encryption keys are rotated on a periodic basis and require separate login and two-factor authentication credentials to access.
This encrypted information is always sent over HTTPS and any emails sent by our application are delivered with TLS by default.
All account sessions are encrypted, salted, and signed to prevent tampering.
Deterministic and non-deterministic hashing
Data that needs to be queried during a person's use of Metamorphic is hashed with HMAC and SHA-512.
All passwords in Metamorphic are unknowably hashed and salted with the Argon2id key derivation function.
We can never access, nor know, your passwords.