Is a RAM-only PWA "Secure Camera" safe for journalists?

[blackknightdev]

I'm building a PWA for investigative journalists who need to capture evidence without leaving forensic traces on their devices (even if seized).

The architecture: 1. "Zero-Trace" Camera: Uses `getUserMedia` to stream video.

2. RAM-Only: Captures frame to an off-screen Canvas -> Blob. Never touches the filesystem or Camera Roll.

3. Client-Side Encrypt: Blob is encrypted immediately (TweetNaCl) with a public key.

4. Upload & Wipe: Encrypted blob is uploaded, then memory is nulled.

My hypothesis is this beats "Standard Camera -> Gallery -> Upload" because there are no deleted files to recover from the SSD.

Is "RAM-only" in a browser sandbox reliable enough for life-or-death privacy? What side-channels (swap files, browser cache) am I missing?

Tech stack: Next.js, Dexie, WebCrypto. Open source.

Hope I can get much feedback I want to make my photo vault app special and make an impact for the world here is the link to my app that I want to change to this www.saecretheaven.com

[gucci-on-fleek]

What circumstances would someone be able to connect to a network and upload large files to arbitrary websites, but where the consequences of being caught are so severe that they need to worry about an adversary recovering deleted files? Because if leaving no traces was really important to me, I probably want to use a 100% air-gapped device, but my impression is that your app requires internet to upload the completed video. Even if you're able to delay the upload until later, if you were willing to risk "life-or-death" to record it, I'm not sure that you'd want to just leave it in RAM where a browser crash or a dead battery could delete it forever.

Personally, using something like steganography or deniable encryption [0] seems like a better solution to this problem.

[0]: https://en.wikipedia.org/wiki/Deniable_encryption

[blackknightdev]

No it gets sent immediately to an other vault from another Person so it is more than unlikely to crash and the keys are local so its encrypted and decrypted local

[blackknightdev]

But thanks of the wiki

[Tepix]

It sounds like a good idea, but there are no guarantees.

To verify that nothing is written to persistent storage you'll have to look at target devices in question with the browsers of choice and then do forensics on them. Repeat after every major update.

When copying the image data to canvas, consider adding some kind of obfuscation and use a pixel shader (webgpu) to undo it, so the journalist can see the unobfuscated image before it it sent to the cloud.

Why use a PWA instead of a regular web page? Do you need certain PWA capabilities? Having the PWA on the device will make deniability harder to pull off.

[blackknightdev]

yes the link where you upload it to the Pwa should be a web page like a heater or so and than you do some gesture and it unlock it you can take the Photo and the link and every local memory gets deleted in the browser and you get redirected to google or so

[nine_k]

Is there a guarantee that the blob doesn't end up saved somewhere if the phone is locked, or apps are switched, etc? Would it be guaranteed to have been encrypted? or discarded?

[blargthorwars]

You have to account for Ram getting swapped to disk now and then if something else needs pages.

[blackknightdev]

Ahh ok thank you didnt know

[112233]

you invented video call, just a bad one, and with a sus domain

[blackknightdev]

nah i want to use it for my photo vault for a burner link where you can make a photo and upload it

[112233]

what I too dismissively (sorrry) meant was: doing a videocall to a contact that is actually a bot and saves the video/screenshots of video, will not leave much of a trace either, and will look completely non-suspicious.

[blackknightdev]

Please give me feedback