UnSeen.IS Review

Unseen.is is a messaging platform from Iceland that advertises itself as an affordable secure email provider with end-to-end encryption. Being based in Iceland (which is a location generally considered strong for data privacy) makes this service interesting. And, while Iceland does have some mandatory data retention directives these do apply to privacy services like VPNs.

On the other hand, a quick glance online reveals that Unseen is closed source. This is far from ideal - and the fact that is has received a lot of criticism from previous subscribers - also rings some alarm bells. 

During our tests, we discovered a chat service that works, but which we couldn’t verify in terms of privacy and security. And, a secure email service that is either no longer available to new subscribers - or completely defunct. Read on to find out more, but the TLDR is that we recommend that you stay away from this questionable service. 

How much does Unseen.is cost?

Unseen secure email is a service that users can opt to use for free if they want to send chat messages to other Unseen users. However, there are plenty of reasons to believe that the free chat service does not provide the levels of privacy that you get on the paid subscription plans (if and when they might become available). 

As a result, it is possible that many free users may have opted to use Unseen.is to send secure chat messages under false pretenses - under the assumption that it is giving them secure end-to-end encryption.

Anybody who opts to pay for the service is supposed to be able to do so using PayPal, VISA, MasterCard, or with Bitcoin. However, during our tests premium accounts were unavailable (and we were unable to find out when they might be coming back). For this reason, we were completely unable to ascertain how much a premium account actually costs. 

Features

A basic Unseen account provides users with the ability to perform text chat and one-to-one calling. It does not provide access to email or secure email. The chat service is available as a WebClient for desktop machines and as apps for Android and iOS. 

Anybody who wants to have access to the secure emailing and conference calling features will need to upgrade to a Premium account (which was not available at the time of review). Premium users are supposed to get the following full set of features:

  • Two secure email addresses hosted in Iceland
  • 2GB of email storage 
  • Full control over your keys (end-to-end encryption)
  • Conference calls with up to 10 audio and 4 video participants per call
  • Encrypted file sharing (up to 10 MB in size)
  • Priority customer with live chat (during Icelandic business hours)

Setup

Getting a free account for Unseen chat is extremely easy. Simply provide an alternative email address, username, password, and fill in the captcha to prove you are human. Once you have clicked on the form, it will say that you have successfully created an account (it is subtle and at first you may think it has not worked).

Now, log in using the credentials you just provided and you will be shown a notification asking you to verify the account using the email address you provided. Admittedly, having to provide an alternative email address isn’t ideal - but it is better than having to provide a phone number. The welcome email reminds you that:setup unseen.is

The service also reminds users that if they forget their password they will need to reset it, which will result in the contents of their inbox being reset:

“Be sure to write down your password somewhere and keep it safe. If you forget your password and reset it you will lose ALL of your previous chat messages and shared files because your password is needed to ultimately decrypt your messages.”

Unfortunately, as soon as we logged in we realize that you do not actually get access to any email features with a free account. And, clicking on upgrade to premium takes you to a page that states:

Ease of use

With your account set up, you are ready to start using the web client. At first look, the interface looks pretty nice and is definitely more appealing than some other services we have tested. However, it is currently impossible to assess anything but the chat feature for the service. 

We decided to join Unseen twice, in order to test the chat feature (to get an indication of whether the service is still active). To do so, we started an account called proprivacy and searched for raywalsh. Below you can see the results of that search.

search for users

Once we added ourselves as a contact we received the request on the other account. 

request contact

From that point on we were able to start sending messages, and we even received live notifications from the app to let us know that we had got a message. 

The encryption feature appears to let users encrypt messages while they are stored at rest. However, we were unable to send encrypted messages as this is not an available feature.

creating an email

It is hard to fully comprehend what this “encryption” is actually achieving other than to obscure the messages on your screen. 

One can only presume that it also encrypts them on the firm’s servers so that they are inaccessible to anybody at Unseen (or hackers who might gain access). However, this is far from clear from the functionality itself and is not explained on the firm’s website (which implies time and time again that you do not get end-to-end encryption unless you get a premium account).

We tested sending a Word text file using the service and found that we could send files successfully.  Thus, on the whole, we found this to be an ok messaging service that we wouldn’t particularly trust for sending secure messages (please read the privacy and security sections of this review to learn more).

Privacy

Being based in Iceland is considered strong for privacy because, as the firm points out:

“Our company and servers are based in Iceland, protected by some of the strictest data privacy laws on the planet. We are a registered company within Iceland.”

This is good news because Iceland is not part of the 5 Eyes or greater 9 Eyes surveillance agreement, and is thought to be a location that does not perform mass surveillance on its citizens. 

On the other hand, the reality appears to be that free users of this service do not receive end-to-end encryption or the ability to send encrypted messages to each other. This means that it is possible that someone at the firm could access your chat messages, and even permit a third party (such as the authorities) to access your data. 

It is possible that encrypting the conversations while at rest will protect them from intrusion, but it is impossible to verify this because of the closed source nature of the platform and the lack of documentation about how the service works. This is troubling, because the privacy policy states that:

“Unless required to do so by the laws of the state of Iceland or to comply with a legal process duly served on Unseen, Unseen will not disclose, exchange, trade or sell any of your data - especially not any information personally identifying you - to any third party. The user will be immediately informed about any such request made by third party.”

Another problem with Unseen concerns the fact that the CEO of its parent company, Unseen, ehf, appears to be a director at the firm iNome. That company claims to be a “ rapidly growing personal intelligence company.” 

Security

Unseen.is is a messaging service that claims to provide end-to-end encryption. However, a closer look at its policies reveals that this is not the case for free users. The FAQ states that:

What’s the difference between Unseen Basic and Premium accounts?

Basic accounts provides messaging and calling features.

Premium accounts offers maximum security for your online communication needs, secure email account with 2GB of storage and the strongest tier of encryption available, also up to 100MB of file sharing, unlimited individual and group calling, plus the ability to generate and store your own private key.

As you can see, this statement reveals that free accounts are not getting any end-to-end encryption, which means that anybody using the chat service should assume that Unseen.is has control over their key and has the ability to look at their messages at any point. This is extremely misleading for users who may not notice this detail buried away on the website. 

Storing user keys for free accounts on company servers means that they could be hacked, it also means that if Unseen is served a warrant by the authorities, the government would be able to access all of your messages. What’s more, because this service is closed source it is impossible to know what the provider might be doing with user data. 

On a more positive note, Unseen always secures any data it transmits from a user’s browser to its servers using strong TLS/SSL encryption (HTTPS). We checked the status of this transport security using the independent service Qualys SSL Labs and the service received an A+ score, this is an excellent rating that means that your data is encrypted while in transit and should be secure enough not to be intercepted.

However, it is also worth noting that because Unseen runs on a web-based client in your browser, it will be susceptible to Javascript exploits that can result in a man-in-the-middle attack. The only way to avoid this is to use your email account via IMAP or PoP on a third-party email client such as Firefox Thunderbird. As this is not possible for the chat client it can not be considered secure.

At first glance, the website appears to provide a guide for setting up Unseen with a third-party email client. However, clicking on the guide reveals that the content is missing and 22 out of 23 people said they did not find the guide helpful. Thus we presume that (if you manage to access it) the email client does not provide IMAP or PoP compatibility. 

To speak of the end-to-end encryption provided by the email client for paid subscribers, the service claims that it uses “4096-bit encryption”. Unseen states that users generate their keys with “extremely strong lattice-based encryption”. The firm also claims it adds “an advanced symmetrical encryption which is very easy to use with keys 16x longer than those found in AES256.” 

These details appear to reveal that Unseen is using roll-your-own encryption that we know nothing about. This, along with the closed source nature of the client, makes it impossible to trust this service for privacy and security reasons. For this reason, we cannot recommend this chat or email service as a secure service.

Customer support

In order to ask questions about the service, you will need to join the support portal using your email address. This is unusual considering that you have already joined the service using the same email address. Once you have joined the support service, however, you are able to begin using the ticket system to seek assistance. 

After making a number of inquiries we received an automated response each and every time. However, we never actually managed to make contact with a member of staff, which makes us wonder whether this service is actually staffed any more - it would appear that it is not.

This is extremely disappointing and means that it is impossible to ask questions or find out more about the status of the service or its premium email accounts. 

Conclusion

During our time testing Unseen.is, we were unable to gain access to the paid email service. We contacted the support team numerous times and received a number of ticket receipt notifications. However, the firm completely failed to reply. For this reason, we must presume that the premium email service is no longer available.

The chat service works well, and it is free. However, it states in its FAQ that it lacks end-to-end encryption, which means that it cannot be trusted to send secure messages. For this reason, we recommend that you give Unseen the wide berth and stick to a reputable and trusted secure messenger such as Open Whisper’s Signal instead. 

Written by: Ray Walsh

Digital privacy expert with 4+ years experience testing and reviewing VPNs. He's been quoted in The Express, Barrons, the Scottish Herald, ThreatPost, CNET & many more. Ray is currently rated number 1 VPN authority by Agilience.com.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.