Some of you may have seen Mockingjay when I shared it in the "What are you working on?" thread [1] alongside my other projects (Kvile, Stao, MyVisualRoutine, and a couple more). The response and feedback there was great, so I wanted to do a proper Show HN.
Mockingjay is an iOS app for recording encrypted video that streams to your own Google Drive in real-time — so your footage survives even if your phone doesn't.
The problem: Journalists, activists, and witnesses recording in high-risk situations face a gap in their security toolkit. Signal protects messages, Proton protects email, but if someone confiscates or destroys your phone mid-recording, the video evidence is gone. Cloud photo sync is too slow and unencrypted.
How it works:
- Video is split into 3-10s fMP4 chunks during recording - Each chunk is encrypted with AES-256-GCM (unique nonce per chunk) - Chunks upload to your Google Drive over TLS while you're still recording - Encryption keys live in the Secure Enclave, derived via PBKDF2 (600K iterations) - A duress PIN wipes local keys under coercion — cloud backup stays intact, recoverable later on a new device - C2PA Content Credentials embedded for cryptographic proof of authenticity (verifiable at contentcredentials.org) - Panic-start via Action Button — recording begins with zero friction
Your footage goes to YOUR Google Drive, not our servers. We have no ability to access or recover your content.
The duress PIN was the hardest design decision. If someone forces you to unlock, entering the secondary PIN silently wipes the Secure Enclave keys. The attacker sees a "clean" state. Your encrypted cloud chunks are safe but inaccessible from that device. You recover later on a different device with your password.
Tech stack: SwiftUI, AVFoundation, CryptoKit, GRDB (SQLite upload queue with retry/backoff), Google Drive REST API, RevenueCat, SimpleC2PA.
Free tier: 60s recordings at 720p. Pro ($29.99 lifetime): unlimited recording, 1080p, GPS metadata, C2PA credentials.
If you're interested in my other projects from that thread — Kvile (Rust/Tauri HTTP client), Stao (sit/stand reminder), MyVisualRoutine (visual routines for kids), links are all in my earlier comment [1].
Would love feedback on the security architecture and threat model.
[1]: https://news.ycombinator.com/item?id=46945142
App Store: https://apps.apple.com/no/app/mockingjay-secure-recorder/id6...