SecurePost is an Android App that allows a group to share a Twitter account or Facebook page without sharing the account password. Every post published through SecurePost is cryptographically signed and can thus be verified through the app itself or with a Chrome plugin, that will clearly show if the post has been published by a legitimate member of the group. On the other hand, SecurePost also ensures plausible deniability for each member of the group, so that while readers can be sure that a post has been published by the group that owns that specific account, no member of the group can be held accountable for any content.
Integrating libraries by The Guardian Project, SecurePost encrypts by default all content while the app is at rest and offers emergency features based on the Guardian Project’s Panic Kit, like wiping of the app content and triggering other Panic Kit apps if someone enters a special “wipe password” at the app’s password prompt. Furthermore, if the account is compromised, its creator can reset it, thus excluding any malicious group member and warning readers about the incident by turning all posts to an unverified state.
SecurePost has been developed in view of real users’ needs: its creators have travelled to Zambia, Turkey and Mongolia, interviewing activists and journalists to assess what was needed to make their work more efficient and secure. By ensuring authenticity and plausible deniability, this tool offers groups and organizations the possibility of publishing on a shared account or page without having to share a password and at the same time prevents self-censorship among dissidents.