Skip to content
This repository has been archived by the owner on Feb 17, 2020. It is now read-only.

Latest commit

 

History

History
71 lines (42 loc) · 2.63 KB

readme.md

File metadata and controls

71 lines (42 loc) · 2.63 KB

Messenger Privacy Guard

Enable end-to-end encryption on Messenger.com using GPG.

Installation guide

This userscript currently isn't self contained - in order to communicate with your local GPG keychain, a GPG API server is needed, as well as some local set-up.

Requirements

To use this project, you need to have a recent version of GPG, NodeJS and NPM installed.

Your browser needs to be able to load userscripts. We've tested with Greasemonkey and Tampermonkey on Firefox and Chrome.

Cloning the project

cd mpg;
npm install;

Starting the HTTPS proxy

Due to Facebook's Content Security Policy, scripts running on Messenger.com can only send AJAX requests to certain whitelisted domains and all communication must be done over HTTPS. In order to get around this, we currently use a simple HTTPS proxy.

To set everything up, you need to do the following:

  1. Edit your hosts file so that pgp.messenger.com points to 127.0.0.1

This is neccessary to get around the CSP restriction, as domains *.messenger.com are allowed.

To do this, open /etc/hosts (on OSX and Linux) and add the following line:

127.0.0.1 pgp.messenger.com

  1. Start the HTTPS proxy server
cd mpg;
node https_proxy.js
  1. Accept or import the proxy SSL certificate

If you now open https://pgp.messenger.com in your browser, you should get a security error saying that the certificate is not trusted. On Firefox, you should be able to permanently add an exception for this domain. For this to work in Chrome, you need to import the page's SSL certificate.

  1. Start the GPG API server

In order for the userscript to communicate with your local GPG keychain, we've built a simple API server which provides encryption and decryption functionalities. You can start it with:

cd mpg;
node app.js;
  1. Add the userscript to your browser

The easiest way to do this is to use Greasemonkey for Firefox or Tampermonkey for Chrome.

After installing the appropriate extension, import the file messenger.js as a new userscript.

  1. Open Messenger.com and communicate!

After having everything set up correctly, you should now be able to open Messenger.com and exchange encrypted messages. Remember - in order to secure your communications, both parties need to have each other's keys, locally signed and trusted.

Starting the API server

License