SafeSpace: An eco-sytem of tools and platforms to browse the internet securely, powered by Pangea

What is SafeSpace Exactly?

SafeSpace represents a pioneering suite of security tools designed to enhance privacy and security for internet users. Leveraging cutting-edge technology from Pangea security services, SafeSpace offers a robust framework that allows users to browse the internet securely, manage secure notes, and ensure their digital interactions remain private and protected. This innovative approach integrates a browser extension and a web application, each tailored to address specific aspects of cybersecurity and data privacy.

Hosted at: https://safespace-web.vercel.app/

GitHub: https://github.com/hellskater/safespace

Demo: https://youtu.be/4fyHUExFKRg

Inspiration

The inspiration behind SafeSpace stems from the increasing concerns over digital privacy and security in today's hyper-connected world. With rising threats of data breaches, phishing attacks, and unauthorized data access, there is a growing need for solutions that prioritize user security without compromising usability. SafeSpace is designed to meet this need by providing a seamless, intuitive, and secure environment for everyday internet activities, making security accessible and straightforward for all users.

Privacy is not an option, and it shouldn't be the price we pay just to get on the internet. - Gary Kovacs

Privacy is not something that I am merely entitled to, it's an absolute pre-requisite.
- Marlon Brando

Alright, now that we understand the value and seriousness of the matter, let's look at what are the features SafeSpace offers.

SafeSpace Browser Extension

• Site Security - Evaluates the security of websites using Pangea's domain intel service to display a security score and the security headers implemented by the site, helping users avoid malicious sites.

• Link Verification - Offers real-time analysis of links to assess their safety before clicking, enhancing protection against phishing.

  

• Password Breach Detection - Users can check in real-time whether the password that they are using has been leaked in data breaches to make sure they choose secure passwords.

  

• Local Cache - Stores feature results locally, allowing offline access and faster loading times on revisits.

SafeSpace Webapp

• Secure 2-factor authentication - The SafeSpace Webapp offers a robust two-factor authentication system that provides an additional layer of security beyond just passwords. Users can choose from various methods such as SMS verification, authenticator apps which are all powered by Pangea Authn service.

  

  

• Encrypted Notes - End-to-end encryption ensures that notes are only readable by the user, using a unique encryption key for each user.

  

• WYSIWYG Editor - Features a WYSIWYG editor like Notion, supporting various formatting options for a superior note-taking experience.

  

• AI Assistant - Enhances productivity by assisting with tasks like text improvement and summarization without compromising privacy.

  

• Key Rotation - Allows users to change their encryption keys, re-encrypting existing notes to maintain security in case of potential key compromise.

  

How the Webapp Works?

Here is how the whole flow of secure note-making looks like with SafeSpace:

• Each user is assigned a unique AES 256-bit encryption key during signup, which is generated from the user's machine and sent over to SafeSpace servers for storing.

• The key is stored in Pangea's Vault service securely. Pangea offers features like secret versioning, key state transitions and rotating the key.

• Every time the user comes to the platform, the key is sent over.

• The users create their notes in a rich text editor, the notes get encrypted using the user's encryption key and the decrypted notes are sent over to SafeSpace server.

• Users' notes never leave their devices unencrypted, which completely eradicates the risk of data breach and user privacy with complete assurance.

• The rich text editor also features advanced AI capabilities. Every time we send the user's prompt for LLM processing, all the personal identifiable information are redacted using Pangea's redact service, to make sure user's PII never gets leaked to external services.

• Users can rotate their encryption keys at any time, prompting the re-encryption of all stored notes.

• This system ensures that even in the event of a data breach, unauthorized individuals cannot access the contents of the notes.

How the browser extension works?

The SafeSpace browser extension enhances internet browsing by providing several security-focused features:

• Every time user visits a new page, the domain is sent over to Pangea's domain intel service, to check whether the website is a known malicious site that can breach user's privacy, and a security score is obtained.

• The browser extension also records some well known security headers of the site, like X-Content-Type-Options, Referrer-Policy etc. and generates another security score based on the presence and restrictions of those particular headers.

• At-last the SafeSpace site-security scoring algorithm normalizes both the scores and informs the user about the overall secureness of that site in 3 categories.

  • Robust

  • Medium

  • Low

• On top of this context menu buttons like Verify Link and Verify Password make use of Pangea's url intel service and user intel service to let the user know whether a potential link is safe to click or a typed password has been breached in previous known data breaches or not respectively.

• Results are stored locally in a cache, enabling quick access and offline viewing and clearing capabilities.

Challenges faced

• Encryption flow - Establishing a robust encryption and decryption process that operates seamlessly across devices.

• Vault integration - Figuring out a perfect balance between user privacy assurance and secure encryption key storage using appropriate Vault APIs.

• User Assurance - Ensuring users that their notes are encrypted on their devices before transmission to the server.

• WYSIWYG Editor Setup - Integrating the Tiptap editor with AI capabilities for a rich user experience.

• Key Rotation Flow - Developing a smooth process for key rotation that re-encrypts existing notes efficiently without any hassle.

Pangea services used and their benefits

• Domain Intel and URL Intel: Assess the safety and reputation of websites and links, protecting users from malicious internet resources.

• User Intel: Checks password safety against known breaches, enhancing personal security.

• Vault: Secures encryption keys, which are crucial for the encryption and decryption of notes.

• Redact: Ensures that any personal data is anonymized before being processed by the AI, maintaining user privacy.

• Authn: A secured authentication process with industry-standard practices like 2-Factor authentication.

Tech Stack

SafeSpace is built using a modern tech stack that includes:

• Next.js

• Typescript

• NeonDB

• Plasmo browser extension framework

• Turborepo

• Tailwind

• Shadcn UI

• Novel

• Tiptap

• React Query

• OpenAI

• Pangea

The Roadmap for Next

• Multi-browser Support: Extending the browser extension to work across different web browsers.

• Offline Capabilities: Enhancing the webapp to function offline using IndexedDB.

• Automatic Key Rotation: Implementing auto-rotation of encryption keys for enhanced security.

• Integration: Closer integration between the webapp and browser extension for seamless user experience and user analytics.

• SDK Expansion: Developing SDKs in multiple languages to extend SafeSpace’s functionalities.

• Feature Extensions: Introducing folders in notes, password-protected note sharing, and additional tools like a password manager.

SafeSpace is at the forefront of providing secure, private digital environments, empowering users to manage their online presence and data securely. With a focus on user-centric design and cutting-edge technology, SafeSpace is set to redefine the standards of digital security.

Check it out here.