diff --git a/www/common/common-messaging.js b/www/common/common-messaging.js
index 3bc6fc8aa..8b9d03749 100644
--- a/www/common/common-messaging.js
+++ b/www/common/common-messaging.js
@@ -240,7 +240,28 @@ define([
         if (!isId) { return; }
 
         var decryptedMsg = channel.encryptor.decrypt(msg);
-        var parsed = JSON.parse(decryptedMsg);
+
+        if (decryptedMsg === null) {
+            // console.error('unable to decrypt message');
+            // console.error('potentially meant for yourself');
+
+            // message failed to parse, meaning somebody sent it to you but
+            // encrypted it with the wrong key, or you're sending a message to
+            // yourself in a different tab.
+            return;
+        }
+
+        if (!decryptedMsg) {
+            console.error('decrypted message was falsey but not null');
+            return;
+        }
+
+        try {
+            var parsed = JSON.parse(decryptedMsg);
+        } catch (e) {
+            console.error(decryptedMsg);
+            return;
+        }
         if (parsed[0] !== Types.mapId && parsed[0] !== Types.mapIdAck) { return; }
         if (parsed[2] !== sender || !parsed[1]) { return; }
         channel.mapId[sender] = parsed[1];
diff --git a/www/common/curve.js b/www/common/curve.js
index b33823fd5..0c39ba421 100644
--- a/www/common/curve.js
+++ b/www/common/curve.js
@@ -35,6 +35,7 @@ define([
         var nonce = decodeBase64(unpacked[0]);
         var box = decodeBase64(unpacked[1]);
         var message = Nacl.box.open.after(box, nonce, secret);
+        if (message === false) { return null; }
         return encodeUTF8(message);
     };