Mockingjay – Video recorder that encrypts and uploads as you record

Name: Mockingjay – Video recorder that encrypts and uploads as you record
Availability: InStock
Author: tskulbru

by tskulbru·Feb 26, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●●BangerSolve My ProblemBold BetNiche Gem

Real-time encrypted video streaming to Google Drive—Signal for video evidence in hostile environments.

Strengths

•Solves a genuine gap in security toolkit: evidence survives device confiscation/destruction mid-recording, not just after
•AES-256-GCM encryption with Secure Enclave key storage + Emergency PIN for threatening situations—hardened design for actual threat model
•Google Drive ownership model avoids third-party custody; real-world deployment for journalists (shown in App Store with Pro tier and genuine UX polish)

Weaknesses

•iOS-only limits reach in regions where Android dominates and where need may be greatest
•Requires active Google Drive account and network during recording; spotty connectivity in conflict zones could break upload chain

Post Description

Hi HN,

Some of you may have seen Mockingjay when I shared it in the "What are you working on?" thread [1] alongside my other projects (Kvile, Stao, MyVisualRoutine, and a couple more). The response and feedback there was great, so I wanted to do a proper Show HN.

Mockingjay is an iOS app for recording encrypted video that streams to your own Google Drive in real-time — so your footage survives even if your phone doesn't.

The problem: Journalists, activists, and witnesses recording in high-risk situations face a gap in their security toolkit. Signal protects messages, Proton protects email, but if someone confiscates or destroys your phone mid-recording, the video evidence is gone. Cloud photo sync is too slow and unencrypted.

How it works:

- Video is split into 3-10s fMP4 chunks during recording - Each chunk is encrypted with AES-256-GCM (unique nonce per chunk) - Chunks upload to your Google Drive over TLS while you're still recording - Encryption keys live in the Secure Enclave, derived via PBKDF2 (600K iterations) - A duress PIN wipes local keys under coercion — cloud backup stays intact, recoverable later on a new device - C2PA Content Credentials embedded for cryptographic proof of authenticity (verifiable at contentcredentials.org) - Panic-start via Action Button — recording begins with zero friction

Your footage goes to YOUR Google Drive, not our servers. We have no ability to access or recover your content.

The duress PIN was the hardest design decision. If someone forces you to unlock, entering the secondary PIN silently wipes the Secure Enclave keys. The attacker sees a "clean" state. Your encrypted cloud chunks are safe but inaccessible from that device. You recover later on a different device with your password.

Tech stack: SwiftUI, AVFoundation, CryptoKit, GRDB (SQLite upload queue with retry/backoff), Google Drive REST API, RevenueCat, SimpleC2PA.

Free tier: 60s recordings at 720p. Pro ($29.99 lifetime): unlimited recording, 1080p, GPS metadata, C2PA credentials.

If you're interested in my other projects from that thread — Kvile (Rust/Tauri HTTP client), Stao (sit/stand reminder), MyVisualRoutine (visual routines for kids), links are all in my earlier comment [1].

Would love feedback on the security architecture and threat model.

[1]: https://news.ycombinator.com/item?id=46945142

App Store: https://apps.apple.com/no/app/mockingjay-secure-recorder/id6...