How secure is HaYa Chat

As the founder of the HaYa Platform (HaYaChat.com and HaYaOrg.com), the first question I get asked is “How secure is HaYa?“.

This is a very difficult question to answer as the security of digital communication has so many moving parts and “people” you are trying to “secure” yourself from.

With any digital communication there are three main hubs of information handling:

1. The “Sender Hub”; this is what software and device the sender of the information is using.
2. The “Processing Hub”; this is where the sender’s information is processed, databased and distributed to the receivers.
3. The “Receiver Hub”; this is where the information is finally delivered by the processing hub.

All three “Hubs” are accessible by someone, but more often than not the “hack” is done at the Sender and Receiver Hub as these are the easiest to monitor.

The first point to make is that ALL DIGITAL COMMUNICATION is never 100% secure. The reason for this is obvious since even if the communication is encrypted by the latest superduper encryption systems, at some point it is decrypted so that we humans can read it. It is at this point that it becomes 100% unsecured.

You can read my thoughts on End to End encryption in this post

So what does security mean for HaYa? HaYa has been designed to be an easy tool use tool for people to communicate between themselves and with organisations anonymously. The main purpose of these communications is to get support and protect the user from being “outed” until the point they are comfortable coming forward (and that would be outside HaYa).

How does HaYa protect the users:

1. No registration or profile with HaYa Chat. Because HaYa Chat doesn’t require registration with an email or phone number and doesn’t require a profile, the user doesn’t give HaYa, and therefore any prying eyes, any identifiable information that would connect them to the particular chat. Of course Google and Apple know you are using HaYa and what you are tying/sending in HaYa because you are using their devices. What that means is that the other person/group/organisation have no information to identify you (obviously if you share a burner code with someone they know who you are but they can’t prove it by showing their end of the conversation).
2. No profile. This means that every chat you join you have to give yourself a nickname, this can be different on every conversation. This ensures that no one can “troll” you. In one conversation you could be Joe Blogs, in another you could be Mr Smith and no one will know you are the same person.
3. Bank-grade encryption connecting your device to the HaYa servers. What that means is that your communication between your device and the HaYa servers is encrypted the same way you are protected when connecting to a bank. We do not do End to End encryption as we don’t want HaYa to be used to send illegal images or videos, and that is what is monitored, but since you don’t give us any personal or identifiable information we have no idea who you are and therefore can’t attribute the conversations to you. Also, as mentioned in the post referenced above, End to End encryption doesn’t actually protect you as monitoring is always done, privately and by institutions, on your devices where it is decrypted.
4. We are upfront about it. The purpose of HaYa is to give you enough protection from groups that might want to stop you from communicating with other individuals/organisations so that you have the possibility to make that first contact without exposing yourself. But if a government or private entity with the right resources wants to know what you are saying; they will be able to.

Who should use HaYa:

1. Anyone who wants to contact an organisation on HaYa Org anonymously to make that first contact i.e. whistleblowing or asking questions where you don’t want to reveal yourself.
2. Any individual/group who wants to communicate with others and be sure that if anyone in the group gets hacked/exposed the others can’t be identified.
3. Anyone looking to join a support group where the others can’t identify you.

Who shouldn’t use HaYa:

Criminals wanting to share illegal multimedia (we will take it down), or anyone who thinks HaYa will protect them from ever being discovered. If governments, Google and Apple (and for that matter Facebook and TicTok) want to know what you are doing, they will be able to.

Conclusion

So how secure is HaYa? Secure enough for what it is designed for. Protecting the user, via anonymity, giving them the freedom to connect with individuals/groups/organisations so that they can communicate without the fear of being easily uncovered.

BUT if you want to truly remain secure there is 1 rule, do not use anything that is made of 1’s and 0’s.