Awesome Stuff: Keeping Your Online Activities Private Suddenly More Interesting

from the well,-look-at-that dept

Given all the recent leaks about surveillance lately, we figured this week's awesome stuff would look at some crowdfunding projects that are a bit more focused on keeping your online activities secret. Startups that actively protect their users privacy from snooping eyes of the government are getting a lot of renewed attention. Search engine DuckDuckGo has seen a massive bump in traffic. Kim Dotcom's Mega is now working on encrypted email and messaging to go along with its encrypted storage offerings. On the crowdfunding front, we're seeing a bunch of other privacy-related projects popping up -- some with a bit more reasonable plans than others.
  • Deservedly getting a ton of attention this week was the announcement about Heml.is, a new secure messaging app for mobile devices, put together by the same crew of folks who created Flattr, including Peter "brokep" Sunde (also of The Pirate Bay fame), Linus Olsson and Leif Hogberg. These are three very, very smart guys.
    They raised over $150,000 very quickly and then shut down the funding. The project looks pretty cool, though I wish they'd focus on more platforms than just mobile. Also, I'm a tad disappointed that they trotted out that old, silly line "if you're not paying, you're the product," because it's really misleading, and they should know that. Still, if there are people you can trust to truly focus on thinking about user privacy first, these are the guys. I'm excited to see what they eventually build.
  • HiddenToolbox looks like they're trying to create a userfriendlish version of TrueCrypt or something similar, such that you can store your documents/files/data secretly, with some additional cool features built in, such as remote self-destruct, a panic shutdown, file shredder and more. Some of it sounds cool feature-wise, but it would be interesting to see if any security experts have really had a chance to stress test their system to find out how secure it really is. There seems to be precious little info on that front.
    They're not asking for very much money total -- just $8,000 -- which is so low that it almost sounds suspicious in its own right. Still, they've almost reached that amount. Given free products on the market that do much of what they're promising already, I'm not quite sure it's worth what they're charging, but it is interesting to see more attempts to build secure storage options.
  • There are a bunch of anonymous surfing tools out there, but iAnonym is looking to make completely anonymous internet surfing easier. The project looks pretty comprehensive, and (unlike the HiddenToolbox above) they lay out a lot of the details of what they're trying to do and why it should actually allow for anonymous activities online.
    Unfortunately, it doesn't look like they've received very much attention for the project, which is seeking £25,000, but only has around £1,000 with about two weeks to go.
  • Can't trust pure software? How about hardware. Adonify is offering a plug and play network device for people to surf the web privately. Unfortunately the video explanation is horrible. I mean this might be the worst crowdfunding video I've ever seen. The video quality, the sound quality, the explanation of the product, the dude standing around smoking while the other guy explains what's going on... it's all pretty weak. When will people finally learn that a quality video is a pretty key part of a crowdfunding campaign. For what it's worth, their IndieGoGo page isn't particularly informative either.
    Given the weaknesses of the video and the description, combined with asking for 100,000€, it's not too surprising that they've raised almost nothing so far, though there's still well over a month to go.
  • If the Adonify had some problems attracting attention, that appears to go double for Cryptomania, a Swiss company that is trying to crowdfund money for a secure storage and communications platform. They don't have any video for their product, and they barely explain their product at all. And the crowdfunding awards are for equity in their company, which almost certainly violates public offerings laws in the US and other countries (while other countries do allow equity crowdfunding, and the US is getting there, the rules tend to be rather specific and rather strict -- and it doesn't appear these guys followed any of that). They're also trying to raise a much larger amount: 250,000€. So far... they've made 0€ with less than 3 weeks to go. It seems doubtful they'll get much more.
Unfortunately, the last two projects especially demonstrate one of the key problems with most tools to protect privacy that are on the market today. They're designed by engineers and cryptogeeks who very often are not very good at explaining what they do, making it user friendly, or convincing non-geeks why what they're doing is valuable. The quick success of Heml.is' funding, combined with the growth of DuckDuckGo are good signs, though. When you can make privacy user-friendly and understandable, people are definitely interested. I'm hoping that the new attention on privacy due to the recent leaks about surveillance will drive more companies to look at ways to do user-friendly, powerful privacy tools. It's good to see some are already on that path, though they may need some work to improve.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Simon, Jul 13th, 2013 @ 10:08am

    Another encrypted email service, the ixquick/startpage guys are soon to start beta testing https://startmail.com

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jul 13th, 2013 @ 10:15am

    Invasion of privacy

    It's not just about the NSA's monitoring, either. Microsoft routinely scans its users' private SkyDrive folders for images depicting nudity and content believed to be illegal or infringing.

    There ought to be a law barring service providers from monitoring the content of private folders in any capacity, but in the meantime I guess encryption will have to do.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Dakir, Jul 13th, 2013 @ 10:35am

    Confidence.

    Given recent events I have no confidence that any of this will work and get passed nsa supercomputers or that half of these or all aren't CIA/NSA front companies. This is the new world we live in. You can't trust anybody. Especially the ones who say you can trust me.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Mourice, Jul 13th, 2013 @ 10:49am

    Mourice

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Anonymous Coward, Jul 13th, 2013 @ 10:53am

    Compiling Compilers

    I read the other day (maybe here) about someone inserting a back door through the compiler, and someone else suggesting that the entire Linux kernel should be audited. I am not a programmer, but do have some understanding of how things work. One could audit the source code of anything but could not be sure of it if they did not know the compiler was compromised.

    Here is where I get stuck. What compiles the source code for the compiler? Is it just written in Assembly Language (machine code for those who don't know), or is there a compiler compiler? What processes would be necessary to KNOW that the compiler one uses is clean?

    Once one knows that the compiler is clean, and that the source code for whatever package you are compiling is clean, then you might have clean software.

    Then we need to take a look at the hardware, and all of the drivers used by whatever system.

    Odd thought. Do software companies agree to this shit because they know that they will be employed for a long time cleaning it up? What makes them think they might be trusted to do such a cleanup. Looking at you Microshaft!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jul 13th, 2013 @ 11:03am

    Re: Compiling Compilers

    "What compiles the source code for the compiler?"

    It's called a "cross compiler", which can run on one platform but produce machine code for another platform. Of course you could just use a different compiler (or an earlier version of the compiler you are compiling) to compile your newest version of your compiler on the same platform.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Anonymous Coward, Jul 13th, 2013 @ 11:38am

    Re: Re: Compiling Compilers

    I guess I may not have been clear enough. One of the articles stated that (roughly) the creator of a compiler put code in the compiler that automatically installed a back door, even if that code was removed from the source code, the compiler would re-insert it.

    How does one now trust any compiler?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Simon, Jul 13th, 2013 @ 11:40am

    Re: Compiling Compilers

    Linux really does need an audit, although it would be a mind-bending task due to the overzealous kernel releases.

    There's also the issue that Linux kernel devs are notorious for passing off vulnerablilities as bugs and not maintaining/adhering to a proper disclosure list.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    tqk (profile), Jul 13th, 2013 @ 12:50pm

    Re: Invasion of privacy

    There ought to be a law barring service providers from monitoring the content of private folders in any capacity, but in the meantime I guess encryption will have to do.

    No, there are laws requiring, eg. landlords, to ensure their property isn't used for illegal purposes. Encryption is the correct solution for this. Alternatively, don't leave your stuff in The Cloud.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    That One Guy (profile), Jul 13th, 2013 @ 1:24pm

    Re: Confidence.

    Which is exactly the mindset that groups like the NSA thrive on, that of 'It's no use encrypting your stuff, they can just crack it anyway', as it makes their job so much easier.

    Whether they can or not, it's still worth trying, if for no other reason than to make them work for the information.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jul 13th, 2013 @ 1:45pm

    Re: Re: Invasion of privacy

    I don't know about other countries, but there aren't any laws in the United States requiring cloud service providers to screen for nudity online like Microsoft does with SkyDrive (nudity of any kind will automatically raise a red flag, even for paintings and pictures of naked adults). They do have to report child pornography if and when they find it, but they don't have to screen for it, nor do they have to screen for things like copyright infringement and artistic nudity.

    It's really quite simple: Cloud storage providers should not be allowed to go looking through people's files, be it manually or automatically. If there's cause to go looking, then let it be handled by law enforcement. Otherwise, keep out.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    John Fenderson (profile), Jul 13th, 2013 @ 2:57pm

    Re: Re: Invasion of privacy

    there are laws requiring, eg. landlords, to ensure their property isn't used for illegal purposes


    There are no laws requiring landlords to come onto their property to search for illegal activity. In fact, there are laws that limit the landlord's ability to do this.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    John Fenderson (profile), Jul 13th, 2013 @ 3:02pm

    Re: Re: Re: Compiling Compilers

    How does one now trust any compiler?


    The same way you trust any other piece of software: you audit the source code. The ability to insert backdoor code is a bit limited -- it has to be tailored to compiling a particular application. You couldn't really do this in such a way that it would insert a backdoor in everything. In the example you're talking about, it was when compiling the login application. So you'd be fine by compiling the compiler using an entirely different compiler. Or bootstrapping the compilation process.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Guardian, Jul 14th, 2013 @ 3:17am

    2.6 billion penises times 100 times a day

    ya if we had a script that just unencrypted sent a penis image back no forth while hte real encrypted message gets sent along and we only see the encrypted message via a client i think the nsa would and could be then called a gay ol organization....

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Name Withheld, Jul 14th, 2013 @ 10:15am

    Secure texting

    I use gli.ph and love it. I can text, send email w a cloaked address, send or receive bitcoin, all in a simple and free no ad platform (subscriptions) are also available.

    It's so secure that you can choose what metadata to share and even use a set of symbols called a gliph to communicate.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    James Robey, Jul 14th, 2013 @ 2:10pm

    Missing a project not like the others; Nametag

    Link: Nametag Social

    Hello, i'm the researcher and developer behind Nametag, a secure programmable social media service that isn't on this list, and I began an Indie GoGo campaign this month.

    What's different? Well, it's the word "programmable" that should stand out - we allow people not only to utilize a facebook-esque infinite scrolling feed interface (for starters), but we let people write entire secure social media applications in the browser - without sending a dram of readable anything to the people running the server, even though you're using pure HTML!

    We allow anyone without programming knowledge to use secure social media.

    We allow people who know javascript to expand what the tool can do without revealing anything, even to us

    That's something I feel we need badly. To bring the lowest common denominator of secure programming to web developers, not just crypto-geeks, and do it right.

    check out the campaign igg.me/at/nametag
    and the site explaining it (with real, runnable demos!) at domalgebra.com

    we deserve better. Thanks,

    James Robey,
    DOM Algebra

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    JJ Joseph, Jul 14th, 2013 @ 3:34pm

    Encrypted xmissions

    Lots of us can't be bothered with the nitty-gritty of encryption, so we just use Blackberry apps (email, messaging,browser, etc). It's way easier than having to actually think about this stuff.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jul 15th, 2013 @ 1:16am

    Re: Re: Re: Re: Compiling Compilers

    Plus, writing a login application that does not work like the other login app

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Votre (profile), Jul 15th, 2013 @ 6:37am

    It's a people problem not a tech problem

    The move towards unprecedented levels of communication monitoring isn't a technical problem - it's a people problem.

    Trying to engage in a never ending cycle of attempting to get around unacceptable and dubiously legal levels of surveillance by technology alone is destined for failure in the long run. We don't need better cryptography. We need better people in government. People who understand what's at stake and will give a clear and resounding "NO!" to our Executive Branch next time it asks them for a blank check to override the Constitution.

    Suggestion: vote out the of office ALL the people responsible for this debacle while you still have a vote and some marginal say in the matter. Because in another 20 years, we likely won't have a vote if this trend is allowed to continue.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jul 15th, 2013 @ 10:08am

    Re: Missing a project not like the others; Nametag

    > secure ... applications in the browser - without sending a dram of readable anything to the people running the server

    Many systems that could be described that way provide only illusory security: the people running the server could (be compelled to) send a modified version of the app to the client, which does the usual crypto in the client and also leaks the user's key to the server.

    Some "browser-based" systems use a trusted browser extension to avoid this exposure, but "pure HTML and Javascript" suggests you don't take this approach.

    Is there a plan to deal with that?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jul 15th, 2013 @ 1:13pm

    Wow, this is some really awesome suff. Thanx for posting!!

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    Baneki (profile), Jul 17th, 2013 @ 3:26am

    The Glorious Power of FUD...

    The thing is, if I was running the NSA and I wanted to make sure folks didn't use effective, widely-available, proven encryption tools to protect themselves from my multi-billion-dollar dragnet surveillance machine, what would I do..?

    Oh, wait. I'd just spread a meme that it was useless to try to use encryption. That all encryption is super-secretly "backdoored" anyway. And that it was useless to try to protect yourself, because the NSA has super-magical powers that transcend the reality of our universe and its mathematics. And that anyone who says otherwise is a secret NSA stooge - so don't trust anyone who offers counter-FUD. It's a hermetically sealed, self-reinforcing circle of bleh.

    So if folks bought into my FUD, and spread it, I'd cut out a big chunk of the most effective resistance out there. Because FUD works... well, it works if people aren't willing to take the time and effort to actually dig out facts. Hunting down and testing facts is, admittedly, alot more work than just engaging in fatalistic FUD, but on the upside it's not pathetically defeatist.

    Just sayin'...

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This