# Seekia User Guide This document is a guide describing how to use Seekia. *This document is under construction.* ## Risks Users of Seekia should be aware of the following risks: ### Legal Liability Users of Seekia must accept all legal liability and risk in their use of the software. ### Rulebreaking Content All users of Seekia may download content that is against the rules. Hosts can opt-in to host unapproved content, which may include profiles and messages that are unruleful. Message contents are encrypted, so they cannot be reviewed until they are reported by users. Moderators will connect to these hosts to download and review content. New profiles must be broadcast to these hosts. Your client will connect to nodes on the network, who may send you unruleful and illegal content. Once unruleful content is banned by a sufficient number of moderators, it will be deleted, and all hosts will stop hosting the content. Some content may be accidentally approved, and the system will never be perfect. Some content may also follow the Seekia rules but still be illegal in your country. If you are not in Host/Moderator mode, the client will avoid downloading unruleful content. Seekia will attempt to only download moderator-approved content for Mate-only users. ### Personal Risks All users should be aware of the general risks of using the internet, social networking, and interacting with people in real life or online. People should be cautious when interacting with people they have met online, especially without knowing their true identity. Sharing information in your profile and in messages could be used by bad actors to cause harm to you. You must be proud to be a Seekia user, and comfortable with everything in your profile being shared with your employer, family, friends, and worst enemies. Sharing less in your profile will make you more mysterious and possibly more likely to be matched with other users. People may substitute what they don't know about you with their fantasies of a perfect mate. ### Operating System A user machine's operating system, if compromised, could be used to learn all of their Seekia behavior. Closed source operating systems such as Windows or Mac could surveil your Seekia activity or block your ability to use Seekia. Using an open source operating system is recommended. ### Vulnerable Software The Seekia software may be vulnerable to hacks and exploits. The admin(s) can limit the use of the software by enabling the "Update Required" flag, which disables the use of Seekia until an update is performed. This method cannot be guaranteed to protect users against vulnerabilities. Users who are concerned should run Seekia inside of a sandboxed environment such as a virtual machine. Using a Whonix workstation is a good option: [whonix.org](https://whonix.org). ### Seekia Website Seekia's official website is typically accessed through the clearnet. The IP addresses accessing the website could be logged by the server host or other surveilling entities. Concerned users should access and download the Seekia client with an IP shielding technology such as a VPN or Tor. The most private method is to access the Tor hidden service Seekia website, which requires using the Tor browser. Users can also access the `seekia.eth` website via IPFS, which can be done in a private way using Tor or VPNs. ### Cryptography Threat A user's messages and network traffic are encrypted with Nacl and Kyber. If both of these encryption methods are broken, all Seekia messages will be decryptable and publicly viewable. Users should be aware that their messages and Seekia behavior may be revealed in the future. Every Seekia message you ever sent would be decryptable and shared publicly in this scenario. ### Tor Risks The privacy provided by Tor can be degraded in several ways: #### Quantum Threat In the future, quantum computers could break the encryption used by Tor. Many Tor network packets may be currently collected and stored by at least one surveillance entity. Estimates for when breaking this decryption will be achievable on quantum hardware range between several years to never. If this encryption is broken, the privacy-preserving properties of the Tor network will be degraded. Seekia messages and network communications are encrypted with Kyber, which is believed to be resistant to quantum attacks, reducing the risk of future decryption. #### Network Level Adversary Tor network traffic can be analyzed and deanonymized by adversaries who control many Tor nodes. #### Outcomes Decrypting a user's Tor traffic would allow an adversary to know which origin IP address had used Seekia, which nodes they had connected to, when they made those connections, and possibly what content they broadcasted. #### Mitigating Risk Concerned users should operate under the assumption that Tor provides no privacy. Concerned users should use Seekia from IP addresses, locations, and devices not associated with their identity. Concerned users should also only access Seekia from one identity per location to avoid linking different identities together, while also not accessing any information connected to a user's real-world identity at the same time. ### Node Surveillance Risks Any Seekia hosts can monitor traffic. This may include which profiles are downloaded and which messages are sent by connecting clients. Hosts could analyze these requests and try to learn more about users. Hosts can collude to increase their ability to trace user behavior. Each requestor has a fingerprint. Examples of information that may be provided in a request include a user's criteria and moderation ranges. Malicious hosts can track a requestor's fingerprint across multiple requests, learning more about their behavior and the Tor exit nodes they are requesting from. This could enable adversaries to know which profiles and messages a user is downloading, and which messages a user is sending. Seekia attempts to guard against these attacks. Assuming that Tor connections provide perfect privacy, requestor IP addresses should not provide useful metadata to aid in surveillance. Seekia clients split requests between many hosts, reducing the ability to link different requests together, and reducing the ability for any single node to deanonymize a user's behavior. ### Risks Summary Users should be aware that at some of their Seekia behavior is likely trackable by any motivated attackers. If an adversary can control enough Seekia and Tor nodes, they can learn a lot about the behavior of network participants. Users are encouraged to not engage in illegal, unruleful, and embarrasing behavior. ## Public Chat Inbox Everybody can see how many messages you have received to your public inbox. They can also tell how large the messages are, and which messages contained images. For example, everyone could tell that you received 100 public inbox messages, and that 20 of those messages were images. The world will not know how many messages you have received in total, because messages sent by users you have responded to will usually be sent to your secret inboxes. Seekia is designed so that the public cannot determine any information about which messages you send, including whom you are messaging. Your client tells the account credit servers which messages you are sending, but those servers promise not to store or track this information. If the account credit servers were compromised, they could be used to monitor user behavior. The contents of all messages are encrypted. *TODO: Add more*