SpiderOak also developed an open-source platform called Crypton, a code library that’s free for other developers to lean on when creating their own apps.* The library handles privacy protections, allowing less crypto-savvy programmers to focus on other details.

David Dahl, Crypton’s director, says privacy is a user-experience problem. “There has historically been very little interaction between [user-experience] designers who love to create very pretty and functional things and computer scientists who specialize in cryptography,” Dahl wrote in an email.

That disconnect, he said, has prevented encrypted communication from “looking and acting like everyday software.” Sending a PGP-encrypted email, for example, is a many-step process that involves a lengthy initial setup, finding and verifying the public key of the intended recipient, using software to encrypt a message with that public key, and later decrypting the response.

As a proof-of-concept for simple privacy software, SpiderOak built a basic social-networking app called Kloak on the Crypton platform. Like Twitter, Kloak allows users to broadcast short status messages—but unlike Twitter’s emphasis on public engagement, it only allows sharing between users who have agreed to follow one another, encrypting the messages and photos as they travel between users’ devices.

Still in beta and rough around the edges, Kloak is more an experiment than a viable product.

“It’s an easy way for us to encourage other people to build other zero-knowledge applications,” said Alan Fairless, SpiderOak’s co-founder and CEO. “Here’s a nice example of one: It was built without using any fancy tools, no advanced JavaScript frameworks—just very vanilla, approachable by new developers.”

One of the privacy capabilities that Kloak demonstrates is a simple key-verification process, an essential part of most encrypted communications.

When sending and receiving encrypted messages, each participant in a conversation must make certain that the person on the other end is indeed who they say they are. Many modern encryption services use a system of public and private keys, allowing users to verify their partners’ identities by comparing computer-generated passcodes or images.

One of the ways user-experience-focused apps are making secure messaging more friendly is by making this verification process easier. Telegram, for example, creates a pattern of blue squares based on the public keys of the participants in an encrypted chat, which both ends can view and compare: They should be identical. And an encrypted call made through Signal displays two words on the participants’ devices, which they can compare to verify that their conversation is secure.

Kloak uses a system more akin to Telegram’s, generating a QR code that allows users to add others to their network by scanning it. But SpiderOak says it’s developing a “stylish” replacement for Kloak’s tired-looking QR code that will involve an animated pattern.