Showcase Friday #2: Purplix, end to end encrypted surveys

Welcome back to Showcase Friday, my enlightened Penguins of the digital tundra! I present to you another hidden FOSS gem this week.

This week, we’re diving into Purplix, the survey platform that gives Big Tech a proverbial wedgie by encrypting everything end-to-end! Yes, you read that right: everything. So don your tinfoil hats and let’s waddle into the cyber-iceberg.

Ah, surveys. They usually suck the life out of privacy faster than a Hoover on steroids. But what if I told you Purplix is like a privacy guardian angel in the desolate landscape of data collection? The developer behind Purplix, known as WardPearce on various platforms such as github, matrix and lemmy, is a strong advocate for the principles of privacy by design. WardPearce firmly believes in the empowering potential of technology, viewing it as a tool for enhancing human capabilities rather than a means of exploitation by Big Tech and Big Brother.

Please note: Purplix is still in its early alpha stage, so it is not recommended to use it for anything critical just yet, so don’t go putting your national secrets in there, okay?

Now, let’s talk encryption. At the core of Purplix’s encryption framework lies libsodium, a robust and foolproof encryption library that has undergone rigorous auditing. Libsodium does the heavy lifting, providing all the cryptographic primitives necessary to secure both the questions and the answers in any survey created using Purplix, to make sure your data is as inaccessible to snoops as a hermit penguin in Antarctica. For the geek-deprived among us, that’s top-of-the-line encryption, alright? Questions, answers, titles, your pet’s favorite color – everything is encrypted end-to-end. They even throw in encryption keys for good measure; one for the questions stored safely in the creator’s keychain and a public/private keypair for the responses. Worried about man-in-the-middle attacks? Don’t be. The public key’s hash is included in the survey link to shoo away those pesky eavesdroppers.

Now, let’s talk about the encryption keys because, in encryption, keys are king. When a survey creator formulates a survey, a unique encryption key is generated specifically for that survey’s questions. This key is securely stored in the survey creator’s keychain, encrypted, of course. Why the extra layer of security? Because Purplix knows that the lock is only as good as the key that opens it. Your survey questions are your intellectual property, and this ensures they remain safely locked away from prying eyes.

As for survey responses, that’s another level of encryption altogether. Each new survey automatically generates a public and private key pair. Participants use the public key to encrypt their answers, making sure that only the survey creator can decrypt and view them using the private key. This is classic end-to-end encryption at its finest, a strategy employed to ensure that not even Purplix itself can read the survey data.

But what about the ever-looming specter of man-in-the-middle attacks? Fear not. Purplix has devised a way to fend off these digital interceptors. The public key’s hash is included in the survey link, acting as a cryptographic signature that confirms the survey’s legitimacy. Any attempts to tamper with the survey link would result in a hash mismatch, immediately alerting the system to the malfeasance. It’s like having a secret handshake; if it doesn’t match, you know something’s amiss.

Lastly, let’s not forget the data integrity aspect. Encryption doesn’t just keep data secret; it also verifies that the data hasn’t been tampered with. By using libsodium, Purplix ensures that the encryption and decryption processes are authenticated, maintaining the integrity of the data throughout its lifecycle. This means you can be confident that the survey data remains unaltered, offering an additional layer of trust in the system

If you were under the impression that Purplix compromised on usability for the sake of security, you couldn’t be more mistaken. Purplix firmly establishes that user-friendliness and robust security are as harmoniously coexistent as penguins are with their natural snowy habitats. Take that, you apologists of Big Tech conglomerates that believe in sacrificing one for the other! Purplix decisively proves them wrong!

Transitioning to the topic of spam prevention—a perennial nuisance that no one has the time or patience for—Purplix equips you with a comprehensive array of options. You can engage mechanisms like VPN blocking, the obligation of a Purplix account, and the invaluable feature of IP address blocking. Anti-spam measures can be further enhanced by using mCaptcha, a FOSS and privacy-respecting alternative to Google’s reCaptcha, which uses a SHA256 based proof-of-work algorithm to rate limit users and prevent spam while preserving privacy and anonymity. Let’s not forget that Purplix doesn’t just pay lip service to privacy; it genuinely cherishes it. Hence, even the IP address hashes are designed to be temporary. And the most reassuring part? Purplix is upfront about when these privacy-empowering settings are activated. There’s no underhanded trickery or subterfuge involved here!

In closing, let me say this: Purplix Survey is nothing short of a FOSS rockstar, an audacious challenger to the hegemony of surveillance capitalism. It effectively redistributes the locus of power back to its rightful owners—that’s right, I’m talking about you, my delightful battalion of cyber-penguins! So let’s keep those fins in perpetual motion as we eagerly anticipate the rollout of more features that are in perfect sync with this commendable, privacy-first ideology.

So waddle on over to their GitHub and give this project the open-source love it so richly deserves. Your privacy will thank you, and Big Tech will loathe you—a win-win in my book!

Contributing⌗

As of now, Purplix hasn’t set up a donation mechanism, but that doesn’t mean you can’t contribute to this groundbreaking project. Monetary support is just one way to contribute; there are multiple avenues where your skills and time can make a significant impact. If you find Purplix valuable, consider dedicating some effort towards reporting issues or even helping to fix bugs. You don’t have to be a developer to help—though if you are, all the better. Improving documentation is another area that could use some love. Let’s be honest: The current documentation leaves much to be desired, and clear, well-structured guides could be the difference between user frustration and user delight.

I’ll keep an eye out and update this article as soon as a donation page comes into existence. When that day comes, show your support by donating if you can. Money talks, but it’s not the only way to speak. For now, your expertise and time can be just as valuable, if not more so, in strengthening this fortress against the encroachments of surveillance capitalism. Let’s join hands to make Purplix even better, fulfilling its promise of restoring power back to the individual.

Links⌗

• Purplix
• Purplix GitHub

Showcase Friday⌗

This is the second article in the Showcase Friday series. If you enjoyed this article, check out the first article in the series, Showcase Friday #1: Nextcloud.

If you have any suggestions for future articles, feel free to reach out to me on Matrix. I’m always on the lookout for new FOSS projects to showcase, so don’t be shy!

Coming up next week: SimpleX, the FOSS chat platform that puts privacy at the forefront.

Now, if you’ll excuse me, I have a survey to create. Until next time, my fellow penguins!