Is SeeOnce Privacy safe to use?

SeeOnce Privacy has a security risk score of 41.14/100 (MEDIUM risk). Our security analysis detected 136 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of SeeOnce Privacy?

Based on our automated security analysis, SeeOnce Privacy presents medium risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "SeeOnce Privacy" on Chrome Web Store Safe to Install?

[email protected] · chrome · v1.2.13

SeeOnce encrypts your email messages so they self-destruct after the recipient has read them. It does this without involving any servers or forcing you to make an account anywhere. You can keep using your preferred email. All other apps and extensions store your private content somewhere. SeeOnce does not do this; instead, it achieves forward secrecy by changing encryption keys with every message. This way, you don't have to trust anybody. When you get a locked message, just paste it into the extension and it will open automatically. Then you can reply directly from within the extension. Your friends don't need to have this extension. Messages open in a webpage just by clicking them. They can do this on an Android smartphone if necessary. Some people live in places where using encryption is itself compromising. This is why the extension can disguise its output so it looks like normal text. Just supply a sufficiently long cover text after the message is locked. Disguised messages also unlock as soon as you paste them in. If you find yourself exchanging a lot of emails, SeeOnce allows you to switch to real-time chat, which can involve text, files, audio, or even video. Just click the Chat button to make a secure invitation that only your correspondent can open, and then only once. Comprehensive help is just one click away. The extension uses 255-bit standard elliptic curves, which have been vetted against weaknesses by experts. On top of that, it uses 256-bit XSalsa20 encryption and 512-bit hash functions to complete the locking process. XSalsa20 is a high-performance, open source cipher, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found. This is the Chrome extension version of SeeOnce, essentially identical to the web version, except that it syncs its data seamlessly between machines. The following is to check the authenticity of the web version: Current version is: 1.2.12 Main source: https://PassLok.com/SeeOnce

Risk Assessment

Analyzed

41.14

out of 100

MEDIUM

136 security findings detected across all analyzers

Chrome extension requesting 1 permission

Severity Breakdown

Critical

High

118

Medium

Low

Info

Finding Categories

Malware Signatures

103

IoC Indicators

YARA Rules Matched

8 rules(18 hits)

postinstall obfuscation postinstall registry modification postinstall system command postinstall persistence mechanism postinstall crypto operations postinstall file manipulation postinstall file download NoUseWeakRandom

Requested Permissions

1 permission

storage

Low

About This Extension

Detailed Findings

18 total

YARA Rule Matches

8 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs

IP Addresses

Domains

Strings

103

All Indicators · 103

detected IP: 4.2.10.2

XIOC detected IP: 4.2.10.2

extracted_from_files

Domain

detected Domain: www.youtube.com

XIOC detected Domain: www.youtube.com

extracted_from_files

URL

detected URL: http://www.w3.org/TR/xml/#d0e804)

XIOC detected URL: http://www.w3.org/TR/xml/#d0e804)

extracted_from_files

URL

detected URL: https://github.com/sindresorhus/validate-element-name

XIOC detected URL: https://github.com/sindresorhus/validate-element-name

extracted_from_files

URL

detected URL: https://github.com/dchest/scrypt-async-js

XIOC detected URL: https://github.com/dchest/scrypt-async-js

extracted_from_files

URL

detected URL: https://clients2.google.com/service/update2/crx

XIOC detected URL: https://clients2.google.com/service/update2/crx

extracted_from_files

URL

detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)

XIOC detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)

extracted_from_files

URL

detected URL: http://www.w3.org/1998/Math/MathML';

XIOC detected URL: http://www.w3.org/1998/Math/MathML';

extracted_from_files

URL

detected URL: http://www.w3.org/2000/svg';

XIOC detected URL: http://www.w3.org/2000/svg';

extracted_from_files

URL

detected URL: http://www.w3.org/1999/xhtml';

XIOC detected URL: http://www.w3.org/1999/xhtml';

extracted_from_files

URL

detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict)

XIOC detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict)

extracted_from_files

URL

detected URL: http://www.w3.org/1999/xhtml

XIOC detected URL: http://www.w3.org/1999/xhtml

extracted_from_files

URL

detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)

XIOC detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)

extracted_from_files

URL

detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder,

XIOC detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder,

extracted_from_files

URL

detected URL: https://xato.net/passwords/more-top-worst-passwords,

XIOC detected URL: https://xato.net/passwords/more-top-worst-passwords,

extracted_from_files

URL

detected URL: https://github.com/first20hours/google-10000-english.

XIOC detected URL: https://github.com/first20hours/google-10000-english.

extracted_from_files

URL

detected URL: http://www.wtfpl.net/

XIOC detected URL: http://www.wtfpl.net/

extracted_from_files

URL

detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html

XIOC detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html

extracted_from_files

URL

detected URL: http://tweetnacl.cr.yp.to/

XIOC detected URL: http://tweetnacl.cr.yp.to/

extracted_from_files

URL

detected URL: https://github.com/floodyberry/poly1305-donna

XIOC detected URL: https://github.com/floodyberry/poly1305-donna

extracted_from_files

URL

detected URL: https://passlok.com/seeonce/seeonce_technical_document.pdf

XIOC detected URL: https://passlok.com/seeonce/seeonce_technical_document.pdf

extracted_from_files

URL

detected URL: https://passlok.com/seeonce#==

XIOC detected URL: https://passlok.com/seeonce#==

extracted_from_files

URL

detected URL: https://passlok.com/seeonce

XIOC detected URL: https://passlok.com/seeonce

extracted_from_files

URL

detected URL: https://chrome.google.com/webstore/detail/jbcllagadcpaafoeknfklbenimcopnfc

XIOC detected URL: https://chrome.google.com/webstore/detail/jbcllagadcpaafoeknfklbenimcopnfc

extracted_from_files

URL

detected URL: http://snippetrepo.com/snippets/bignum-base-conversion,

XIOC detected URL: http://snippetrepo.com/snippets/bignum-base-conversion,

extracted_from_files

URL

detected URL: https://passlok.com/chat/chat.html#'

XIOC detected URL: https://passlok.com/chat/chat.html#'

extracted_from_files

URL

detected URL: http://prgomez.com/current-version-of-seeonce/

XIOC detected URL: http://prgomez.com/current-version-of-seeonce/

extracted_from_files

URL

detected URL: https://chrome.google.com/webstore/detail/seeonce-privacy/jbcllagadcpaafoeknfklbenimcopnfc

XIOC detected URL: https://chrome.google.com/webstore/detail/seeonce-privacy/jbcllagadcpaafoeknfklbenimcopnfc

extracted_from_files

Domain

detected Domain: nacl.box

XIOC detected Domain: nacl.box

extracted_from_files

URL

detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.seeonce

XIOC detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.seeonce

extracted_from_files

URL

detected URL: https://passlok.com

XIOC detected URL: https://passlok.com

extracted_from_files

URL

detected URL: http://www.7-zip.org/

XIOC detected URL: http://www.7-zip.org/

extracted_from_files

URL

detected URL: http://www.kekaosx.com/

XIOC detected URL: http://www.kekaosx.com/

extracted_from_files

URL

detected URL: http://hash.online-convert.com/sha256-generator

XIOC detected URL: http://hash.online-convert.com/sha256-generator

extracted_from_files

URL

detected URL: http://see-once.weebly.com

XIOC detected URL: http://see-once.weebly.com

extracted_from_files

URL

detected URL: https://www.youtube.com/watch?v=gkkEQvLZaXA

XIOC detected URL: https://www.youtube.com/watch?v=gkkEQvLZaXA

extracted_from_files

URL

detected URL: https://www.youtube.com/watch?v=N2N2r9vqUn8

XIOC detected URL: https://www.youtube.com/watch?v=N2N2r9vqUn8

extracted_from_files

URL

detected URL: https://www.youtube.com/watch?v=zM8RSqLeids

XIOC detected URL: https://www.youtube.com/watch?v=zM8RSqLeids

extracted_from_files

URL

detected URL: https://www.youtube.com/watch?v=YHRRE9BGeXw

XIOC detected URL: https://www.youtube.com/watch?v=YHRRE9BGeXw

extracted_from_files

URL

detected URL: https://github.com/dchest/ed2curve-js--

XIOC detected URL: https://github.com/dchest/ed2curve-js--

extracted_from_files

URL

detected URL: https://github.com/dchest/scrypt-async-js--

XIOC detected URL: https://github.com/dchest/scrypt-async-js--

extracted_from_files

URL

detected URL: https://github.com/pieroxy/lz-string--

XIOC detected URL: https://github.com/pieroxy/lz-string--

extracted_from_files

URL

detected URL: https://github.com/cure53/DOMPurify--

XIOC detected URL: https://github.com/cure53/DOMPurify--

extracted_from_files

Domain

detected Domain: purify.js.map

XIOC detected Domain: purify.js.map

extracted_from_files

Domain

detected Domain: clients2.google.com

XIOC detected Domain: clients2.google.com

extracted_from_files

Other

detected Email: [email protected]

XIOC detected Email: [email protected]

extracted_from_files

URL

detected URL: https://passlok.com/chat/chat.html

XIOC detected URL: https://passlok.com/chat/chat.html

extracted_from_files

URL

detected URL: https://github.com/dchest/tweetnacl-js--

XIOC detected URL: https://github.com/dchest/tweetnacl-js--

extracted_from_files

Domain

detected Domain: createnodeiterator.call

XIOC detected Domain: createnodeiterator.call

extracted_from_files

Domain

detected Domain: nodefilter.show

XIOC detected Domain: nodefilter.show

extracted_from_files

Domain

detected Domain: hook.call

XIOC detected Domain: hook.call

extracted_from_files

Domain

detected Domain: attr.name

XIOC detected Domain: attr.name

extracted_from_files

Domain

detected Domain: createdocumentfragment.call

XIOC detected Domain: createdocumentfragment.call

extracted_from_files

Domain

detected Domain: importnode.call

XIOC detected Domain: importnode.call

extracted_from_files

Domain

detected Domain: body.ownerdocument.doctype.name

XIOC detected Domain: body.ownerdocument.doctype.name

extracted_from_files

Domain

detected Domain: i.next

XIOC detected Domain: i.next

extracted_from_files

Domain

detected Domain: o.constructor.name

XIOC detected Domain: o.constructor.name

extracted_from_files

Domain

detected Domain: it.call

XIOC detected Domain: it.call

extracted_from_files

Domain

detected Domain: it.next

XIOC detected Domain: it.next

extracted_from_files

Domain

detected Domain: cfg.safe

XIOC detected Domain: cfg.safe

extracted_from_files

Domain

detected Domain: cfg.in

XIOC detected Domain: cfg.in

extracted_from_files

Domain

detected Domain: getelementsbytagname.call

XIOC detected Domain: getelementsbytagname.call

extracted_from_files

Domain

detected Domain: nacl.box.open

XIOC detected Domain: nacl.box.open

extracted_from_files

Domain

detected Domain: nacl.sign.open

XIOC detected Domain: nacl.sign.open

extracted_from_files

Domain

detected Domain: array.prototype.slice.call

XIOC detected Domain: array.prototype.slice.call

extracted_from_files

Domain

detected Domain: w3c.github.io

XIOC detected Domain: w3c.github.io

extracted_from_files

Domain

detected Domain: html.spec.whatwg.org

XIOC detected Domain: html.spec.whatwg.org

extracted_from_files

Domain

detected Domain: boolean.prototype.valueof.call

XIOC detected Domain: boolean.prototype.valueof.call

extracted_from_files

Domain

detected Domain: i.call

XIOC detected Domain: i.call

extracted_from_files

Domain

detected Domain: www.irongeek.com

XIOC detected Domain: www.irongeek.com

extracted_from_files

Domain

detected Domain: xato.net

XIOC detected Domain: xato.net

extracted_from_files

Domain

detected Domain: www.wtfpl.net

XIOC detected Domain: www.wtfpl.net

extracted_from_files

Domain

detected Domain: pieroxy.net

XIOC detected Domain: pieroxy.net

extracted_from_files

Domain

detected Domain: object.prototype.hasownproperty.call

XIOC detected Domain: object.prototype.hasownproperty.call

extracted_from_files

Domain

detected Domain: tweetnacl.cr.yp.to

XIOC detected Domain: tweetnacl.cr.yp.to

extracted_from_files

Domain

detected Domain: filetoload.name

XIOC detected Domain: filetoload.name

extracted_from_files

Domain

detected Domain: filelink.download

XIOC detected Domain: filelink.download

extracted_from_files

Domain

detected Domain: nacl.secretbox.open

XIOC detected Domain: nacl.secretbox.open

extracted_from_files

detected Domain: snippetrepo.com

XIOC detected Domain: snippetrepo.com

extracted_from_files

Domain

detected Domain: date.now

XIOC detected Domain: date.now

extracted_from_files

Domain

detected Domain: window.open

XIOC detected Domain: window.open

extracted_from_files

Domain

detected Domain: range.select

XIOC detected Domain: range.select

extracted_from_files

Domain

detected Domain: online-convert.com

XIOC detected Domain: online-convert.com

extracted_from_files

Domain

detected Domain: see-once.weebly.com

XIOC detected Domain: see-once.weebly.com

extracted_from_files

Domain

detected Domain: gomez.com

XIOC detected Domain: gomez.com

extracted_from_files

Domain

detected Domain: jitsi.org

XIOC detected Domain: jitsi.org

extracted_from_files

Domain

detected Domain: object.prototype.tostring.call

XIOC detected Domain: object.prototype.tostring.call

extracted_from_files

Domain

detected Domain: chrome.storage

XIOC detected Domain: chrome.storage

extracted_from_files

Domain

detected Domain: keyscr.style.top

XIOC detected Domain: keyscr.style.top

extracted_from_files

detected Domain: www.7-zip.org

XIOC detected Domain: www.7-zip.org

extracted_from_files

Domain

detected Domain: www.kekaosx.com

XIOC detected Domain: www.kekaosx.com

extracted_from_files

Domain

detected Domain: hash.online-convert.com

XIOC detected Domain: hash.online-convert.com

extracted_from_files

Domain

detected Domain: prgomez.com

XIOC detected Domain: prgomez.com

extracted_from_files

Domain

detected Domain: chrome.google.com

XIOC detected Domain: chrome.google.com

extracted_from_files

Domain

detected Domain: play.google.com

XIOC detected Domain: play.google.com

extracted_from_files

Domain

detected Domain: jit.si

XIOC detected Domain: jit.si

extracted_from_files

detected IP: ::

XIOC detected IP: ::

extracted_from_files

detected IP: ::bef

XIOC detected IP: ::bef

extracted_from_files

detected IP: e::bef

XIOC detected IP: e::bef

extracted_from_files

Domain

detected Domain: www.w3.org

XIOC detected Domain: www.w3.org

extracted_from_files

Domain

detected Domain: passlok.com

XIOC detected Domain: passlok.com

extracted_from_files

Domain

detected Domain: github.com

XIOC detected Domain: github.com

extracted_from_files

URL

detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible

XIOC detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible

extracted_from_files

Security Analysis Summary

Security Analysis Overview

SeeOnce Privacy is a Chrome Web Store extension published by [email protected]. Version 1.2.13 has been analyzed by the Risky Plugins security platform, receiving a risk score of 41.14/100 (MEDIUM risk) based on 136 security findings.

Risk Assessment

This extension presents moderate security risk. Several findings were detected that may warrant attention. Users should carefully review the permissions and findings before installation.

Findings Breakdown

High: 18 finding(s)
Medium: 118 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

Malware Detection: YARA rule matching against 2,400+ malware signatures
Secret Detection: Scanning for exposed API keys, tokens, and credentials
Static Analysis: Code-level security analysis for common vulnerability patterns
Network Analysis: Detection of suspicious network communications and endpoints
Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

SeeOnce Privacy is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 28 users.

Recommendation

Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.

Source Code Viewer

Source Code Not Available

Source code is not available for this version of the extension.