Awesome Stuff: Keeping Your Online Activities Private Suddenly More Interesting
from the well,-look-at-that dept
Given all the recent leaks about surveillance lately, we figured this week’s awesome stuff would look at some crowdfunding projects that are a bit more focused on keeping your online activities secret. Startups that actively protect their users privacy from snooping eyes of the government are getting a lot of renewed attention. Search engine DuckDuckGo has seen a massive bump in traffic. Kim Dotcom’s Mega is now working on encrypted email and messaging to go along with its encrypted storage offerings. On the crowdfunding front, we’re seeing a bunch of other privacy-related projects popping up — some with a bit more reasonable plans than others.
- Deservedly getting a ton of attention this week was the announcement about Heml.is, a new secure messaging app for mobile devices, put together by the same crew of folks who created Flattr, including Peter “brokep” Sunde (also of The Pirate Bay fame), Linus Olsson and Leif Hogberg. These are three very, very smart guys.
- HiddenToolbox looks like they’re trying to create a userfriendlish version of TrueCrypt or something similar, such that you can store your documents/files/data secretly, with some additional cool features built in, such as remote self-destruct, a panic shutdown, file shredder and more. Some of it sounds cool feature-wise, but it would be interesting to see if any security experts have really had a chance to stress test their system to find out how secure it really is. There seems to be precious little info on that front.
- There are a bunch of anonymous surfing tools out there, but iAnonym is looking to make completely anonymous internet surfing easier. The project looks pretty comprehensive, and (unlike the HiddenToolbox above) they lay out a lot of the details of what they’re trying to do and why it should actually allow for anonymous activities online.
- Can’t trust pure software? How about hardware. Adonify is offering a plug and play network device for people to surf the web privately. Unfortunately the video explanation is horrible. I mean this might be the worst crowdfunding video I’ve ever seen. The video quality, the sound quality, the explanation of the product, the dude standing around smoking while the other guy explains what’s going on… it’s all pretty weak. When will people finally learn that a quality video is a pretty key part of a crowdfunding campaign. For what it’s worth, their IndieGoGo page isn’t particularly informative either.
- If the Adonify had some problems attracting attention, that appears to go double for Cryptomania, a Swiss company that is trying to crowdfund money for a secure storage and communications platform. They don’t have any video for their product, and they barely explain their product at all. And the crowdfunding awards are for equity in their company, which almost certainly violates public offerings laws in the US and other countries (while other countries do allow equity crowdfunding, and the US is getting there, the rules tend to be rather specific and rather strict — and it doesn’t appear these guys followed any of that). They’re also trying to raise a much larger amount: 250,000€. So far… they’ve made 0€ with less than 3 weeks to go. It seems doubtful they’ll get much more.
Unfortunately, the last two projects especially demonstrate one of the key problems with most tools to protect privacy that are on the market today. They’re designed by engineers and cryptogeeks who very often are not very good at explaining what they do, making it user friendly, or convincing non-geeks why what they’re doing is valuable. The quick success of Heml.is’ funding, combined with the growth of DuckDuckGo are good signs, though. When you can make privacy user-friendly and understandable, people are definitely interested. I’m hoping that the new attention on privacy due to the recent leaks about surveillance will drive more companies to look at ways to do user-friendly, powerful privacy tools. It’s good to see some are already on that path, though they may need some work to improve.
Filed Under: anonymity, awesome stuff, encryption, privacy, surveillance
Comments on “Awesome Stuff: Keeping Your Online Activities Private Suddenly More Interesting”
Another encrypted email service, the ixquick/startpage guys are soon to start beta testing https://startmail.com
Invasion of privacy
It’s not just about the NSA’s monitoring, either. Microsoft routinely scans its users’ private SkyDrive folders for images depicting nudity and content believed to be illegal or infringing.
There ought to be a law barring service providers from monitoring the content of private folders in any capacity, but in the meantime I guess encryption will have to do.
Re: Invasion of privacy
No, there are laws requiring, eg. landlords, to ensure their property isn’t used for illegal purposes. Encryption is the correct solution for this. Alternatively, don’t leave your stuff in The Cloud.
Re: Re: Invasion of privacy
I don’t know about other countries, but there aren’t any laws in the United States requiring cloud service providers to screen for nudity online like Microsoft does with SkyDrive (nudity of any kind will automatically raise a red flag, even for paintings and pictures of naked adults). They do have to report child pornography if and when they find it, but they don’t have to screen for it, nor do they have to screen for things like copyright infringement and artistic nudity.
It’s really quite simple: Cloud storage providers should not be allowed to go looking through people’s files, be it manually or automatically. If there’s cause to go looking, then let it be handled by law enforcement. Otherwise, keep out.
Re: Re: Invasion of privacy
There are no laws requiring landlords to come onto their property to search for illegal activity. In fact, there are laws that limit the landlord’s ability to do this.
Confidence.
Given recent events I have no confidence that any of this will work and get passed nsa supercomputers or that half of these or all aren’t CIA/NSA front companies. This is the new world we live in. You can’t trust anybody. Especially the ones who say you can trust me.
Re: Confidence.
Which is exactly the mindset that groups like the NSA thrive on, that of ‘It’s no use encrypting your stuff, they can just crack it anyway’, as it makes their job so much easier.
Whether they can or not, it’s still worth trying, if for no other reason than to make them work for the information.
Re: The Glorious Power of FUD...
The thing is, if I was running the NSA and I wanted to make sure folks didn’t use effective, widely-available, proven encryption tools to protect themselves from my multi-billion-dollar dragnet surveillance machine, what would I do..?
Oh, wait. I’d just spread a meme that it was useless to try to use encryption. That all encryption is super-secretly “backdoored” anyway. And that it was useless to try to protect yourself, because the NSA has super-magical powers that transcend the reality of our universe and its mathematics. And that anyone who says otherwise is a secret NSA stooge – so don’t trust anyone who offers counter-FUD. It’s a hermetically sealed, self-reinforcing circle of bleh.
So if folks bought into my FUD, and spread it, I’d cut out a big chunk of the most effective resistance out there. Because FUD works… well, it works if people aren’t willing to take the time and effort to actually dig out facts. Hunting down and testing facts is, admittedly, alot more work than just engaging in fatalistic FUD, but on the upside it’s not pathetically defeatist.
Just sayin’…
Mourice
Compiling Compilers
I read the other day (maybe here) about someone inserting a back door through the compiler, and someone else suggesting that the entire Linux kernel should be audited. I am not a programmer, but do have some understanding of how things work. One could audit the source code of anything but could not be sure of it if they did not know the compiler was compromised.
Here is where I get stuck. What compiles the source code for the compiler? Is it just written in Assembly Language (machine code for those who don’t know), or is there a compiler compiler? What processes would be necessary to KNOW that the compiler one uses is clean?
Once one knows that the compiler is clean, and that the source code for whatever package you are compiling is clean, then you might have clean software.
Then we need to take a look at the hardware, and all of the drivers used by whatever system.
Odd thought. Do software companies agree to this shit because they know that they will be employed for a long time cleaning it up? What makes them think they might be trusted to do such a cleanup. Looking at you Microshaft!
Re: Compiling Compilers
“What compiles the source code for the compiler?”
It’s called a “cross compiler”, which can run on one platform but produce machine code for another platform. Of course you could just use a different compiler (or an earlier version of the compiler you are compiling) to compile your newest version of your compiler on the same platform.
Re: Re: Compiling Compilers
I guess I may not have been clear enough. One of the articles stated that (roughly) the creator of a compiler put code in the compiler that automatically installed a back door, even if that code was removed from the source code, the compiler would re-insert it.
How does one now trust any compiler?
Re: Re: Re: Compiling Compilers
The same way you trust any other piece of software: you audit the source code. The ability to insert backdoor code is a bit limited — it has to be tailored to compiling a particular application. You couldn’t really do this in such a way that it would insert a backdoor in everything. In the example you’re talking about, it was when compiling the login application. So you’d be fine by compiling the compiler using an entirely different compiler. Or bootstrapping the compilation process.
Re: Re: Re:2 Compiling Compilers
Plus, writing a login application that does not work like the other login app
Re: Compiling Compilers
Linux really does need an audit, although it would be a mind-bending task due to the overzealous kernel releases.
There’s also the issue that Linux kernel devs are notorious for passing off vulnerablilities as bugs and not maintaining/adhering to a proper disclosure list.
2.6 billion penises times 100 times a day
ya if we had a script that just unencrypted sent a penis image back no forth while hte real encrypted message gets sent along and we only see the encrypted message via a client i think the nsa would and could be then called a gay ol organization….
Secure texting
I use gli.ph and love it. I can text, send email w a cloaked address, send or receive bitcoin, all in a simple and free no ad platform (subscriptions) are also available.
It’s so secure that you can choose what metadata to share and even use a set of symbols called a gliph to communicate.
Missing a project not like the others; Nametag
Link: Nametag Social
Hello, i’m the researcher and developer behind Nametag, a secure programmable social media service that isn’t on this list, and I began an Indie GoGo campaign this month.
What’s different? Well, it’s the word “programmable” that should stand out – we allow people not only to utilize a facebook-esque infinite scrolling feed interface (for starters), but we let people write entire secure social media applications in the browser – without sending a dram of readable anything to the people running the server, even though you’re using pure HTML!
We allow anyone without programming knowledge to use secure social media.
We allow people who know javascript to expand what the tool can do without revealing anything, even to us
That’s something I feel we need badly. To bring the lowest common denominator of secure programming to web developers, not just crypto-geeks, and do it right.
check out the campaign igg.me/at/nametag
and the site explaining it (with real, runnable demos!) at domalgebra.com
we deserve better. Thanks,
James Robey,
DOM Algebra
Re: Missing a project not like the others; Nametag
Encrypted xmissions
Lots of us can’t be bothered with the nitty-gritty of encryption, so we just use Blackberry apps (email, messaging,browser, etc). It’s way easier than having to actually think about this stuff.
It's a people problem not a tech problem
The move towards unprecedented levels of communication monitoring isn’t a technical problem – it’s a people problem.
Trying to engage in a never ending cycle of attempting to get around unacceptable and dubiously legal levels of surveillance by technology alone is destined for failure in the long run. We don’t need better cryptography. We need better people in government. People who understand what’s at stake and will give a clear and resounding “NO!” to our Executive Branch next time it asks them for a blank check to override the Constitution.
Suggestion: vote out the of office ALL the people responsible for this debacle while you still have a vote and some marginal say in the matter. Because in another 20 years, we likely won’t have a vote if this trend is allowed to continue.
Wow, this is some really awesome suff. Thanx for posting!!