Firefox OS will introduce signed “privileged” and “certified” web apps that by default have very strict CSP applied to them. No eval(), no remote scripts or styles – the app is pretty well sandboxed against the most common attacks. These apps are signed and verified before installation and update. Let’s hope these kinds of approaches will help make web apps more “trustworthy”:)

So, how can we use crypto in web pages and not expose anything like keys or actual crypto functions or properties to the DOM? What does that look like? After thinking about the use case for this: web-based messaging, digital signatures for code and document verification – among others, I came up with what I am calling a ‘bridge’ API, I have named it “nulltxt”.

It has one method: window.navigator.bridge.getCipherObject()

This function creates a DOMRequest object, which you can attach event handlers to: “success” and “error”.

To generate a keypair, you pass a config object:

{type: "keygen", format: "DER_BASE64"}

into “getCipherObject”:

var request = window.navigator.bridge.getCipherObject({type: "keygen",format: "DER_BASE64"});
request.onsuccess = function (){ */ this.result.publicKey is our key /* };
request.onerror = function (error){};

Once your keypair is generated, the success callback is executed, handing you a public key and an ID you’ll need to decrypt or sign with that particular key. Multiple keys can be generated per origin.

To encrypt data, you call the same function with a different config object:

{ type: "write",
  format: "DER_BASE64",
  recipientName: "drzhivago",
  publicKey: A_PUBLIC_KEY,
  keyID: 7635263572 
}

This operation opens a special writing widget in the browser chrome where you can safely write plain text outside of the DOM:

Write some plain text, then click the encrypt button. The browser encrypts the data and returns it to your success event handler. The encrypted JSON blob is now available to send to the server where it can be received by Alice.

The result object looks like:

{
  "content": "yeGwdhLSs8qKDywerhs7pchNzxIpmtRGuBf59zMHegR/+urU20RbGxmHEvrx5yxmcEk8j9yPYHJLRKH6SJlEcDR4TKFzWNYLsMdoAxFi7AecN74MP2s0udvmg4vU944hYFo/F3fh2E9hnBF6xsdoRtCdkiNBLTRINCdDv3dgxLEe1UgdeXpbsIljgHc8svaD/lYik2rV+UojHk0yk9NFzv2tCu8wb58kzZluuo10qyqrX1X/rLpu2ZVlk/Ik+MbM7HxK1cSBL5kqUdNU/tx9qqVZVLzcAZz2ZDr2l0wRGKwoJ3f41QrwN8SGCRvMtpPEl1PdcYtdpTg4atAbNZ7T3cJhybtrYW64Yu7d9coguFQg2TQFU8hyIiWdFhY7XqOwR71KNgkHQr+ET/dRpV6TmBlN5IiUMgKq7achpOjkyJEBCfEURRpV71ViEo+37dT1SqIzxhlNY8yDn2gPhcC/DHk4eXi5axFkg4OyhxD9Q7hW7oW+1K/pzjYm2M+yCTtguQ9xikYouiiYbC3oFKMO9F6unfmDHJKc/XwWI9nsuYwSVSqPPZ8tj91pI/SB/ng8UyCojPrUO/jJ3cHjsWccY2XDg5ryVYVAmNWQQ9UEsTT8WrwyJ04i9/FEEYvVznyHlYB3z9diKDW35j7EZKPJQi7uYQVcdB3e2NMve2JPrxxwmebBLrHv4hpfaKmS8NcWpvJYp5r5U1iVLnwIpH98wEsHSrhyBKwBq1bf7s+Lvz9Hx8XuME4zbC6SN4j00QIx4eU3yuKnsa2LGj7b8UQ0GrtNwiRWKwF+qaH15f5rUEUN/9bwdljUVkXNbRg0s1Jde8z/OWevnS/B/AX760fPRxVz6QtEcKCSKZd5AqiVnqSTSzJmvY2izmweHb0uUde7PMsY3aYhNU9eNpA7p2Wmvd+YbSQjMNgnaqB9I+XwNwVZymjhQzar91FZtFSvw4YERA/zUIPFVgrEwdnOnp0t0ORyVOo1QZnvyPMwVddfWpN68aJCVK5dYGyI1uL8CzcBjZqgRjuKSQgt9JfhZJakvdXXPyCq3y5N8cbZZeQvpK8VcRCFHk6fRGrt4vAVSU6dgNewEoj51j+RsH0OOgcuCyJJ7BZgP4mHrrQWfLelnMU=",
  "pubKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8p4gH/RlmICUyCJop4AfvHvIkQjMWhUI4keK22MDVyNrDWSektxxX+VN5hLQzmNU/4jTCBBx2gICYcw0DGiw5HGBHp3e0KCmhcc48s3tLwf1TUuhdCEj1v+Oq+Z0FhVEEUF+GYpMBLQvy2HGlPUHbOZsYamKUspMnuiLgqNdsEmjQtO3L8tfrfGcksb7K3siPDomcya1NPkIsmInHy3KB4yv8ATcVQS1rIQ/6I8/vb5OBoVKa9dLm42C5lVcBd9SFqCIxy49Z52DU7y48LmDayUvtrHZx5gI61mV2/CWDhwWSnAD9l/f/s8IjHxuuWzYfaRaO+6ROY380TNIigjTswIDAQAB",
  "wrappedKey": "DWscCbnT63FJuU7dQueXverB31cU0A49omSHw98aqlkW/8qiKuyQgWss9QNp/8qB97xjheJxQcozKrkbulF1ExCfSFuGXR++psel8LFiXoreDRwxJPO/Fqbqf9bIBLpOHx6GLjbUze4fWEGHs1Dt22GHHLvkaHgFPc+sBZcHvHnKF1+iKFonFXSDfUODozNV/poyi1UJ6RrXX/HIgbUlkUos02FcTn9qQqATRUj4lAY0tgFJlqJdpiQJDOWcWV3DJtaPIU2qPo9i95xFDzXBZbb6j/zp6518urFh8hSQKJUG4JPI0yeeW3iTEgN6EUTl0gYXgGvYDQIbeCM+oRZj+A==",
  "iv": "dITA6JK5SUBeP/Hgn6xf1w==",
  "type": "encryptedData",
  "format": "DER_BASE64",
  "signature": "wkkhQVZW3MdQtZha/AKf6hdIntKQI74vvYwKG+VtxUN+XXup2GkeNXWzJJY51YQC2/3EPwn6n+lUXm2xCRjV4ICY3+A0nbZrZnNrG0t6QpDWIQz1g9YYLe8pysjym95CsKy7AlXgo43BX811fv+aShQQTRkLwur5/geHF8idIeYORqt0B/9pwOnjfZnshT4Cj5ILwoe2VKZ3eWnIxND1a3Z8rE0s6WTFojFbshGQU6pf8dOj8w0cD6EDuOnEQ7Y40GbdwR9G3PhDY/JhMUjODhP+5X9nXesW2VlMPXE0byNhtzbnzg5Yi0pP9eBr7t5fTjwBTg5XjR4qDZKeyF0pqQ=="
}

Reading plain text is the reverse process, your app will need to change some of the properties of the received object:

var readCipherObject = receivedCipherObj; // an object received via the app 
readCipherObject.type = "read"; 
readCipherObject.authorName = "Alice"; 
readCipherObject.keyID = myKeyID; 

var request = window.navigator.bridge.getCipherObject(readCipherObject); 
request.onsuccess = function (){ */ this.result.verification contains the 'verification' boolean /* }; 
request.onerror = function (error){};

The reading UI looks like:

Upon clicking “Decrypt”, the content changes to plaintext:

The plain text is read inside the reading widget and is keep out of the content DOM. A validation boolean property is returned in the success event handler, none of the text.

This UI in this addon is only a part of the point of it. I have long wondered how crypto can be used more safely in web apps – where we don’t have to worry about keys being stolen and primitives being ‘monkeypatched’. I am fairly certain the UX can be made much better. The main idea I want to get across is the internal API. It is quite simple. Once you have a keypair, you can do “hide()” and “show()” – similar to the simplicity of Dan Bernstein’s NaCL (box/unbox).

Sign() and Verify() are also in the works. I would also like for this API to support IETF’s JOSE formats.

If you would like to give “nulltxt” a try, (remember, nulltxt is EXPERIMENTAL ONLY), the addon is hosted here: https://addons.mozilla.org/en-US/firefox/addon/nulltxt/

A demo page is hosted here: https://nulltxt.se/nulltxt/demo-code/demo.html

And, of course, the source code is here: https://github.com/daviddahl/nulltxt-extension/

Let me know what you think of this approach. I can imagine a web application where the web site only ever handles ciphered data and provides no crypto in the DOM – offloading all of it to the browser chrome. Of course, there are still attack surfaces here, mainly around spoofing the browser chrome UI. With a severe CSP in place, I think this approach might work well.

Join us next Monday 7th of May, from 19:00-20:30 UTC (3:00pm-4:30pm Boston local)

*         Zakim Bridge +1.617.761.6200, conference 27978 (“CRYPT”)

*         IRC irc.w3.org:6665  #crypto

Please dial in if you would like to discuss or find out the plans for this important specification.

However, I began to think critically about Facebook. This is where all of the problems come in. Facebook’s creation is a tale of amazing scale, ingenuity and engineering prowess. The dark side of the equation is the unprecedented knowledge that can be gleaned from our data about us. The impulse to use this data improperly is probably impossible to resist.

Google is another can of worms. They did not become the biggest search engine for nothing. The amount of information Google has about you, your spouse, your friends, kids, your preferences, likes, dislikes, where you go, who you talk to, what might ail you, political views – it goes on and on and on.

It is time for me to disconnect from Google. Can I do this and still have a positive internet experience? I hope so. I began this process over a year ago when I switched to a PAID email service, pobox.com. It works pretty good. I am fairly confident my email is not datamined, and the web UI is OK – not the best. (That is what Thunderbird is for). However, I kept my GMail accounts and Google-hosted mail service intact (but idle), just in case.

For search, I switched to DuckDuckGo.com well over a year ago. It has gotten really, really good. I have found myself using Google less and less. I even changed my “urlbar keyword” search in Firefox to use DuckDuckGo. (I occasionally use Bing and Yahoo as well).

Twitter is the only hold-out as I feel like Twitter is “not evil yet”. Perhaps someday Twitter will become a protocol. That, I hope, will be inevitable.

Today, as I read about Google’s new non-opt-out privacy policies, it occurred to me that I really don’t rely on Google anymore, I have slowly freed myself from that dependency. I may yet have issues using certain apps on my Android device and I need to figure that out next. (Yay, Boot2Gecko!).

In the meantime, I have taken this experiment up one notch by adding google.com and http://www.google.com to resolve to my local webserver in /etc/hosts – my machine can no longer reach Google or Facebook. (or Google analytics servers for that matter).

The point is, there are many great internet services out there that you can rely on to handle search, email and social that don’t infringe on your privacy, try them out!

Of course coming up with a good one is another matter, I thought about it for days and days…

I thought about my “newbie” place at Mozilla and dredged my unconscious memory of all of the movies I had ever seen and chose the title: “Civilian Observer“.

Folks who have seen my business card are aghast – “What the hell does that mean?”

Surely you remember the 1980 movie “The Final Countdown” starring none other than Martin Sheen? (For my millennial readers, that is Charlie Sheen’s old man). His role was that of “Civilian Observer” on board the USS Nimitz.

From Wikipedia:

In 1980, the supercarrier USS Nimitz (CVN 68) takes on a civilian observer, Warren Lasky (Martin Sheen), at the orders of his reclusive and mysterious employer, Mr. Tideman (who helped design much of the ship), just before it departs Pearl Harbor for a training mission in the Pacific Ocean. Out in the Pacific, the ship encounters a strange storm-like vortex which disappears after the ship passes through it.

Naturally, I am not going to spoil it for you, but the Civilian Observer helps try and figure out alternative ideas for the strange place the ship finds itself in.

In working on open source or free software, you know there is a lot at stake. I feel like all of us are observing the growth of the internet and with it the growth of attempts at curtailing the power that this computer network gives us. We are seeing more and more of the growth of surveillance technology, some of which is created in Silicon Valley – technology that is used to prevent and record private communication, help identify and  round up and torture or kill dissidents all over the world.

The battle for the Web and the Internet is a full on war. It will always be that way. The issues of privacy vs. surveillance, open or closed software stacks and walled gardens are here to stay. We must be vigilant and we must create tools that fight and overturn the impulse to control or subordinate and use people and networks of people.

I have felt like the “Civilian Observer” since before I started at Mozilla, its just become more pronounced in the past few years. Take for instance, a smattering of my Twitter feed – tweets and links selected in the past day, mere hours:

Sometimes these tweets pop up right after one another:

Wow!, right?

Recently, WikiLeaks published a database of surveillance companies that produce tools that provide “Mass interception of entire populations…“.

These tools deployed on a mass scale essentially turn the Internet into a surveillance system.

We need more Countermeasures for this.

Firefox is one of these countermeasures, without it we would really be in a world of pain. I cannot even imagine how craptastic the net would be without Firefox.

Mozilla’s Boot2Gecko project is also a countermeasure. If we pull this off, it will truly be a Coup d’état in the mobile device space. The goal: building mobile phone apps from HTML, JavaScript and CSS! That is the way it should be.

Deuxdrop is another project in Mozilla labs trying to create a secure messaging system – I have high hopes for it. Again, these are the kinds of tools that need more focus.

I have been working on DOMCrypt for a few years now. DOMCrypt provides a Cryptography API in web pages, making it trivial and fast to encrypt data that may be part of a message to another web user or data that should stay private while stored in LocalStorage (amoung many other use cases). I am proud to say we have implementation bugs and plans lined up for both Gecko and WebKit. The W3C is using the API as the strawman proposal for the Web Cryptography Working Group. Web developers will be able to use strong and fast crypto via a DOM API. Exciting stuff.

Web developers are way out in front on this issue – there are several crypto libraries for JavaScript out in the wild, and developers are using them to push the envelop in web apps.

This is great stuff, but we need safer, built-in crypto APIs for browsers to provide a foolproof way to use crypto in the browser, not to mention the speed boost you get when calling native code APIs vs. native JavaScript functions. The other thing we need are new ways to communicate. The Web has won as the default communication channel and developers need to be able to write apps that allow people to communicate without sharing the conversation with a 3rd party.

Not sharing data with a 3rd party is the key issue. This concept destroys a lot of business models, well, one business model – the one everyone seems to think will work long term. I doubt that. Here’s a business model you can try: make a cool product and charge people a small fee to use it while simultaneously preserving their privacy. Novel, isn’t it?

What can you do to help? You can demand privacy and security be a feature of the products you use, not an afterthought. You can help test or help develop “countermeasure” applications.

Wikipedia lists several applications that enhance communications with more security:

https://en.wikipedia.org/wiki/Secure_communication#Programs_offering_more_security

(The link above does not mention  Tahoe-LAFS – please comment if you know of any more notable applications or toolkits)

I hope the future will bring a slew applications and startups that trumpet privacy and security enhanced applications. I hope web developers begin to think about more creative uses of their talents than online coupons and advertising-funded social media. The future of online privacy and security is both bright and bleak. Bright in that we have the CPU power, talent and base algorithms sitting right in front of us. It may seem bleak if you think no one cares about privacy or there is no ‘free lunch/free beer’ business model.

Another thing you can do is support organizations that are “watching the watchers”, the EFF, Privacy International and others. A great resource for this is privacy.org.

The Final Countdown Poster

I did a talk at the conference called “From Web Developer to Firefox Hacker“.  There were a number of web developers at the conference and I wanted to convey to them that their skills are relevant to hacking on Firefox itself. Lowering the bar to hacking on Firefox is hard to do – and technical, patch-creating contributors are very important to the project. Someone who comes into the community as a newbie from a talk or workshop like this, this year, may become a rockstar next year, you never know.

The questions I kept asking myself in putting together this presentation were “How to start?”,  “Am I covering X or Y in sufficient detail?”,  “Am I scaring potential contributors with too much detail about the Mozilla process?”, and “Did I forget anything important?” There is just so much detail to cover.

A realization dawned on me while putting together these slides: our documentation is very well done at this point. I was impressed with a lot of new MDN content I linked to that did not exist when I started 3 years ago. Slowly we are chipping away at making technical contribution easier. Perhaps what we need are a few more “starting point” type documents, presentations and workshops to kick off a slew of new patches, no matter how small.

The talk went well.  A few new folks pinged me on irc in the days after, and I was invited to Taipei to give the talk as an in-depth workshop. A Chinese translation was also discussed.

Now is as good a time as ever for technical contributors to learn our process and contribute to Firefox. It may not be easy, but it is easier than ever:)

The short story is that “Web Identity” APIs and protocols are still very much in an R&D phase and while incredibly important, there was not much agreement between interested parties on what to begin working on.

A high-level, hard-to-muck-up, asynchronous crypto API, on the other hand, had massive support from almost all of the interested parties involved. In the end, a “Web Cryptography Working Group” is being established, and I have thrown my hat into the ring as an “editor candidate”.

One of the first tasks is to clearly define what is “in scope”, “out of scope” and what features can be considered part of a potential “road map”. The starting point for this API will have to be a bit narrow, with no UI-based features so we can establish core functionality without too much complexity.

The current charter is here: http://www.w3.org/wiki/IdentityCharter#Web_Cryptography_Working_Group_Charter (I have a feeling this url will change soon)

This is pretty exciting stuff. I met with a whole lot of folks from Microsoft, Google, Apple, Netflix and other companies that have many potential use cases. We need to collect as many use cases as possible in order to understand the most common uses so the first iteration will provide the best capabilities. If you have a use case in mind, do not hesitate to send it to me (ddahl + at + mozilla dot com) or the w3 mailing list, public-webcrypto@w3.org (which is yet to be set up).

• DOMCrypt is not a low-level crypto API. DOMCrypt is very high-level, making it much harder to ‘do it wrong’. The only configuration is telling DOMCrypt what algorithm to use. See: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
• Private key material is never exposed to content JS. Each keypair is represented by an ID. This keeps the key material in a secure key store outside of content. (In the case of Firefox, the key material will be stored in NSS’ key database)
• Each domain/origin will have its own keypair. You will have to know the ‘KeyID’ to use the domain’s keypair to encrypt data. Being able to handle secret key material in content is ‘doing it wrong’. The original DOMCrypt prototype code as well as all of the crypto libraries do this. Not good.
• All algorithms are well designed, well tested and maintained crypto functions created by tried and true cryptographers (In the case of Firefox’s implementation we have NSS under the covers). Millions of users have depended on this underlying crypto for a decade plus. Part of the motivation for DOMCrypt is that each site might roll their own crypto implementation, or use an implementation that is out in the wild, which are likely to be subtly wrong.  By providing DOMCrypt, we can leverage all the careful scrutiny that has already gone into browser crypto implementations. We are not re-building the wheel. (Random numbers are truly random as we are calling into NSS or other system crypto depending on the browser implementation)
• Fast. This is not a concern in the Matasano article, but I think it is a valid point. DOMCrypt calls crypto functions written in C, so all of the crypto operations are quite fast.

There are, of course, still many concerns even with a built in crypto API, but I think it is a step in the right direction. Moving all of the heavy crypto operations into the browser itself and exposing only a high-level API to consumers is the beginning. Making encryption as trustworthy as possible in a malleable content JavaScript environment will take some additional work.

*thanks to Adam Barth for input

The details of my life are quite inconsequential.

1. My father was a relentlessly self-improving boulangerie owner from Belgium with low grade narcolepsy and a penchant for buggery. My father would womanize, he would drink, he would make outrageous claims like he invented the question mark. Some times he would accuse chestnuts of being lazy, the sort of general malaise that only the genius possess and the insane lament.

2. My mother was a fifteen year old French prostitute named Chloe with webbed feet.

3. My childhood was typical, summers in Rangoon, luge lessons. In the spring we’d make meat helmets. When I was insolent I was placed in a burlap bag and beaten with reeds, pretty standard really.

4. At the age of 12 I received my first scribe. At the age of fourteen, a Zoroastrian named Vilma ritualistically shaved my testicles. There really is nothing like a shorn scrotum, it’s breathtaking, I suggest you try it.

Uh, just kidding… Of Course, the previous points are a joke.

Here we go:

When I was five, my family moved to Germany so my dad could help with the post World War II occupation, you know. This was in 1977. (Wow, I am  old.) We lived in Augsburg for 3 years. I was quite aware of the Cold War at the age of 5.

I enrolled in my Junior year of college and never paid the tuition and never showed up to class, instead, I played guitar in a band that was nearly signed to a major record label. of course, these things just never turn out the way you want them to. My band played some pretty big shows opening for Blur once, and other indie bands such as Medicine, The Leaving Trains and Catherine. We recorded at the same studio as Smashing Pumpkins and occasionally hung out with some of them. Ahhh, hanging with Rock Stars at 20 years old… those Were the Days.

I saw the Orb in 1993 and renounced rock music for techno, starting a fledgling techno music group in Chicago. I DJ’d at some pretty huge Raves back in the day. Some of my music is on SoundCloud.

Back in 1995, Netscape went public, I finally set up a PPP account at Suba.net in Chicago. My boss at the time told me the “internet is a fad, the future is in the CD-ROM”. I quit my job and went to work at Northwestern University where they have had an internet connection since 1981. I taught myself HTML. I was into the web.

My wife and I eloped to Italy for a wedding in Florence. We spent a month in Italy, Croatia and Germany and probably spent as much money as the average bride spends on a dress. I HIGHLY recommend it.

I worked at Industrial Light and Magic for 18 months and that is all I can tell you about it, except that it felt more like working at IBM than a tech company on Tatooine (it WAS also a lot of fun).

My wife and I have 2 children, Cecilia – 5 and Henry – 1. Last year we moved back to the Chicago area, bought a place in the woods and are adjusting well to country living.

That about sums it up. I am supposed to tag 7 people now: @shorlander, @dao (is he on twitter?), @limi, @faaborg, @pastith, @ratcliffe_mike and @neonux

(note: The DOMCrypt extension, which is the bleeding edge code still uses ‘window.mozCipher’ as the window property name. The Firefox patch uses ‘window.mozCrypto’, the plan is to eventually merge this API into window.crypto )

I tried to make this API as simple as possible:

Encryption:

window.mozCipher.sym.encrypt(plainText, function callback(aCryptoObject){})

The resulting ‘CryptoObject’ has the following properties:

{
  cipherText: "...ENCRYPTED TEXT...",
  wrappedKey: "...A WRAPPED SYMMETRIC KEY...",
  iv:         "...KEY INITIALIZATION VECTOR...",
  pubKey:     "...A PUBLIC KEY..." // By default this pubKey
                                   // is the current user's public key,
                                   // which is used to wrap the symmetric key
                                   // so the actual key is never exposed to content.
}

Decryption:

window.mozCipher.sym.decrypt(aCryptoObject);

You can also pass in a public key to each method to wrap the key with another user’s key

Internally, a symmetric key is generated each time you run encrypt, it is wrapped with a public key to keep it safe and that cryptoObject is returned.

This is a first pass on an implementation – I tried to make it as simple as possible, with key safety the top priority.

A common use case for this API is localStorage encryption:

// web-based password manager app:)

var myWebPasswords = {gmail: "password", facebook: "password", twitter: "password"};

var jsonPasswords = JSON.stringify(myWebPasswords);

window.mozCipher.sym.encrypt(jsonPasswords, function callback(aCryptoObject){
  var jsonCryptPasswords = JSON.stringify(aCryptoObject);
  localStorage.setItem("jsonCryptPasswords", );
  delete myWebPasswords
});

// decrypt

var myWebPasswords;

var cryptoObj = JSON.parse(localStorage.getItem("jsonCryptPasswords"));

window.mozCipher.sym.decrypt(cryptoObj, function callback (aPlainText){
  myWebPasswords = JSON.parse(aPlainText);
});

This API is simple to use, and gives you a more secure way of using localStorage – or IndexDB, etc.