Concerns About Sekur.com's Privacy Claims

I wanted to bring attention to some concerning practices and claims made by Sekur.com, a company marketing itself as a privacy-focused communication solution. After investigating their website and public statements, I’ve found several red flags that I believe our community should be aware of:

Dubious Claims

1. Sekur claims that “99.8% of all hacks are open source” without providing any supporting evidence. This statement contradicts widely accepted cybersecurity knowledge.
2. They use buzzwords like “military grade end-to-end encryption” without substantiating these claims or providing technical details.

Lack of Transparency

1. Sekur’s products are entirely proprietary and not open source, which they actually tout as a feature.
2. There’s no evidence of third-party security audits for their products.

Website Issues

1. Their website employs various trackers, including potential keyboard and mouse tracking. You can verify this using the Blacklight Report on Sekur.
2. They use ads on their website, which seems at odds with their privacy-focused marketing.

Other Concerns

1. They do not accept cryptocurrency payments, which might be important for some privacy-conscious users.

Evidence

I’ve compiled some screenshots and archives to support these points:

image594×137 12.1 KB

I replied to this one: x.com

image419×500 75.5 KB

image690×357 86.2 KB

image690×267 45.1 KB

Similar post was also covered in the Techlore forum by someone else. I wanted to add it here as well for better visibility.

Kinda hilarious how they try to spin being proprietary as a selling point

Sekur is just wild, they’re out here blocking people who are criticising them.

https://x.com/jhdn/status/1819364799479767304

There are so mang of these. Just ignore it.

Looks like a honeypot. They use jargon to confuse people.
“100% company owned hardware” means they can probably read everything.
This is the next encrochat.

I was going to comment the same thing. This is exactly how a honeypot would market themselves to catch the “low hanging fruit” of people who don’t know any better.

I’d say that any brand/product that resorts to blocking people on social media is probably untrustworthy.

I am someone who works from the inside of Sekur. Your thoughts/assumptions about honeypots may seem valid as we all have been duped before across the net. Even if I can give you my assurances Sekur is not a honeypot, I am certain most of you won’t believe therefore, I won’t bother to attempt to convince.

I don’t control the social media side so I cannot state why people are being blocked, but I do not need to convince you that there are many keyboard warriors out there that are unhinged and spew a bunch of nonsense.

There are many advantages to closed source as there are similar disadvantages to open source. We have designed our app unlike what is out there so there is clearly mistrust with just words, I get that. We are working hard to provide all the details and within 2025 will have more information and details on our website.

No, we cannot view your data, the encryption is dedicated to your own account, even additional users within the same account do not use the same encryption. We will be releasing more information about our Virtual Vaults as to why and how this happens to protect your data.

Recognize that many of your assumptions and “evidence” are not supported by verified facts. yes, I will agree that the details are not clear and provided, and as someone who is working with them Im telling you to wait for the coming months as we are working to provide these details on our website. By stating them here means nothing, showing them on our website is another thing.

By the way, we are a publicly traded company - it does not take much to view the details of the assets or the company. We use ads to promote people to our website, but you are welcome to see how our website is designed.

I understand there is mistrust out there so painting everything with the same brush may make sense to some of you. I can say, from someone working on the inside I am seeing the momentum being built here and many larger organizations, and government agencies are already on board. If you ever done government contracts before you’ll understand how much of a pain it is to get them.

Lastly, I understand your reservations, but I can say this will be alleviated once we do our website update in Q1 of 2025.

How are you involved with the company?

Your post offered very little info other than ‘trust us’.

Just seems like another scam company to throw on the pile.

“PRIVACY HAS ARRIVED”

image1920×1440 181 KB

What do you want to know then? Aside from trying to unmask my identity. You are keen to know who I am over some details regarding the privacy claims

Just seems (to you). I guess you haven’t taken the time to investigate the company as I stated before. Again, all in public domain. So explain why you “feel” like it is a scam. I am happy to have a constructive conversation

You forget we are an actual business and need to track where our leads come from online. These are strictly for this purpose, completely unrelated to how our platform operates. Again, do you have a real question or you think these “gotchas” screenshots are actually relevant?

Yes, this is absolutely a gotcha, and it directly undermines your claims of prioritizing privacy. If your company genuinely valued user privacy, you wouldn’t rely on invasive tools like Mouseflow to harvest granular behavioral data—clicks, scrolls, and mouse movements—while simultaneously positioning yourselves as a privacy-conscious business. Plenty of successful companies in the privacy sector use self-hosted or anonymized analytics solutions (like Matomo, Plausible, or Open Web Analytics) that respect user autonomy without resorting to exploitative tracking. Your argument that “we’re a business that needs leads” isn’t a justification—it’s an excuse to prioritize profit over principles. If privacy is non-negotiable for your platform, start acting like it. Stop hiding behind third-party tools and take accountability for the tech stack you choose.

Here are some alternatives:
https://alternativeto.net/software/google-analytics/

You can go through the proper channels to link your account to the companies by syncing with the admins here to validate your account. You can currently keep your identity anonymous outside of that interaction.

The attacks on ProtonMail are unwarranted and fear mongering.

Proprietary cryptography is just bad. I would never touch proprietary cryptography, even with a 10 foot pole.

Marketing proprietary as a bonus? Security by obscurity is a weak defense.

If 99% of software uses open source, and most CVEs are on open source, then I guess duh? 100% of murderers drink water too, we should be wary of water as well.

—

Taking the time to defend the company here is likely to land you square in the Streisand effect. Not sure how well you know the community, but there is a high standard set for services. Defending against things that are not issues for other reputable VPNs does not put the company in any better light.

If you really want the company to be taken seriously, open source the cryptography. If you can’t do that, everything else is moot. Hiding weak crypto does not make it secure, and I’m assuming with high confidence it’s insecure until audited thoroughly.

totally fair points, and I get where you’re coming from.

Just to clear things up: the tools you’re referring to (like Mouseflow/Google) are only used on the public-facing website — not inside the actual Sekur platform where user data and communications live. Nothing from those tools touches the core service. The platform itself doesn’t use third-party cloud providers, doesn’t mine data, and is fully built to protect privacy.

That said, I hear you. Using those kinds of analytics on the site doesn’t feel great, even if they’re just for general site behavior. We’re already looking at more privacy-respecting alternatives like the ones you mentioned. The goal is to stay true to what we stand for, and this feedback helps keep us on track.

Appreciate you calling it out.

Appreciate you laying this out I get where you’re coming from, and honestly, these are valid concerns to raise in a privacy focused space.

The skepticism around proprietary cryptography is totally understandable. A lot of people in this community (myself included) have been trained to be wary of “black box” systems, and for good reason. Open source models have built trust through transparency, and that’s a standard many hold dear.

That said, Sekur’s approach comes from a different direction: full ownership of the tech stack, no third-party cloud, and a tightly controlled environment.. not as a way to obscure things, but to reduce attack surfaces and outside dependencies. It’s definitely not about “security through obscurity,” but more about minimizing trust in external actors altogether.

I know this doesn’t sit well with everyone, and I’m not here to convince people otherwise through hype or marketing. The point is to offer an alternative model where privacy is built in by default, even if it doesn’t follow the open-source route that others trust more.

And yeah, defending a position in a skeptical forum can look like damage control, I get that too. But we’re here for the conversation, not to shut it down or spin it. If it leads to better clarity (or even criticism that helps us improve), then it’s worth having.

Appreciate your honesty.

Regarding your comment on ProtonMail , I hear you, and it’s fair to challenge points that seem exaggerated, but I don’t believe the criticism of ProtonMail is just fear-mongering. There’s a history that’s important to look at.

ProtonMail has cooperated with law enforcement in multiple cases, including handing over IP addresses when ordered by Swiss authorities. That’s not speculation, it’s documented. And while they’ve always said they’ll comply with Swiss law (which is fair), that legal framework isn’t always as ironclad or privacy-friendly as some users assume. The issue isn’t that they follow the law, it’s that many users believed they were protected from that kind of exposure in the first place.

This matters because Proton has often been marketed as a zero-access, zero-knowledge platform. So when people find out there’s a gap between the perception and reality, trust erodes, and that’s not fear-mongering, that’s a legitimate reaction to misleading assumptions.

Privacy-minded folks tend to scrutinize these details because we’ve all seen how things break down when companies talk one way and act another, even if unintentionally. So calling out these inconsistencies isn’t about attacking for the sake of it — it’s about holding companies accountable to the standards they promote.

The broader point isn’t to say ProtonMail is evil, it’s just that when companies put themselves forward as privacy-first, they should expect and welcome this level of scrutiny.

If you want to justify your reasoning please do it without the usage of AI. If you are thinking on your own then please state you used AI for translation as that is what is allowed.

If this is your way of saying you’ve implemented a custom public key cryptography protocol and all crypto primitives from the ground up in house, I am truly mortified. Unless you’ve got a team of PhD cryptographers on your team and/or multiple audits, I would dissuade anyone from using this product.

Owning hardware vs renting a VPS is a nothing-burger compared to the above point. Saying you didn’t use React, or didn’t use a library for creating desktop app, sure that’s fine and commendable. Let alone I would never allow a proprietary client channel all my web traffic to a random third party. It’s dead in the water if it’s baked in with ad-hoc crypto.