Archives For privacy

>DOMCrypt is a Firefox privacy extension I have been working on for some time. In this post I will attempt to explain what it is and why I am working on it in a somewhat non-technical manner.

What is DOMCrypt?

The core functionality is being able to take a bunch of text (or any data) and turn it into an unreadable blob via a password, right in any web page.

For instance, you can take the sentence: “Meet me in Lincoln Park by the beach at 2:00” and scramble it into something that looks like: iim08xKWVut3eqGubpq2jdCTanU7jV41q4UQKTJOoLD8y6sadUEm/8K9kpv+Wvq

The scrambled “version” of the sentence cannot be turned back into plain text unless you know the password required to convert it back.
This sentence can be sent to your contact, who alone can unscramble it and read the plain text.

The cool thing is that this kind of data scrambling – encryption – is pretty standard these days, in fact, you use this technology every time you visit a page that begins with https://.


The problem I am trying to solve is that the encryption tools in your browser are either not exposed to web pages for developers to use or the implementation (of, perhaps, an extension) is so complex, few users will ever use it.

Why DOMCrypt?

If you think about it, you realize that it is nearly impossible to communicate online without the content of the conversation recorded by a third party. Whether the purpose is ‘advertising’ or truly nefarious, you are stuck revealing your conversation to your internet provider, free email host, or social networking site. Perhaps that is not a problem to you, but to many it really is a bad situation.

The web has evolved into a network where users are tracked as web sites are traversed, their email and personal information is archived, collated, sliced, diced and indexed. Your data is not yours. This is about privacy and it is about ownership. Is privacy a relic? Is the ownership of your data important to you?

Privacy really needs to become the default configuration, a primary feature.

There is a lot of upheaval in the world right now. People all over the world need to be able to communicate privately, anonymously (or pseudo-anonymously) and quickly. With DOMCrypt, developers can build privacy-enhanced pages and applications which fully obscure at least the contents of these messages. The server that accepts these messages can be written so that there is virtually no identifiable data stored about the user.

I have created a Drumbeat project and the code is on Github.

As part of the project, I am building demo pages and web applications to demonstrate DOMCrypt in the wild. The first couple of demos show how basic encryption and an “addressbook” feature work:

http://mozilla.ddahl.com/domcrypt/demos/demo.html

http://mozilla.ddahl.com/domcrypt/demos/get-pub-key.html

I just put together a new demo that showcases a fully-working secure messaging application:

https://messages.domcrypt.org/

It is rough around the edges, but works and the source code is on Github.

Advertisements

>The next wave in web technology should be the inverse of social networking. I wouldn’t want to “brand” it ‘antisocial networking’, since that connotation is a bit negative, but it has a certain ring to it:)

I am amazed by the way that social networking has set aside so many people’s sense of privacy. I was quite hesitant to use Facebook, but started “using” anyway in 2007, (2007?, yeah – late to the game, yadda yadda).

So there I was finally using Facebook, reconnecting with people, wasting a LOT of time. Very cool. Right? Maybe not. This question seemed to enter my mind a lot: who owns this data and what is being done with it? Obviously, it is being datamined and sold and kept forever.

I’d rather my correspondence with my friends and family not be sliced and diced and sold – and kept as a public (or private) record. Forever. Internet users should stop and think hard about how all of this technology impacts us, and how for profit companies are selling and searching and slicing and dicing our thoughts, plans, pictures, ideas, and opinions.

I want to opt out. But, I also want to communicate in a modern, high-tech, fun way.

I use Gmail, and I have to say that it is so easy to use – they even host my personal domain mail for me. I ran my own server for about 5 years, it was not fun. Spammers ruined it for me, I couldn’t afford the bandwidth for the spam. Gmail to the rescue. But, again, my email is datamined, ads are shown, the data is kept forever by a for-profit company.

I want to opt out.

This is the challenge for real “social entrepreneurs”: we need modern, high tech, fun communications channels like Facebook, Twitter, Gmail, GChat, but these tools should be built on top of anonymity, security and privacy, (and be open source).

This is not easy. These “privy-networking” systems have to allow anonymity, security, privacy, and establish that the user owns, can copy, move or destroy the data on a whim. Oh, and they have to be easy to use too.

The fight on the privacy front is not going so well. Researchers have even figured out how to turn anonymous data into names, addreses, and phone numbers: http://www.schneier.com/blog/archives/2009/04/identifying_peo.html

And don’t get me started on “Warrentless Wiretapping”, which appears to continue with gusto under our new president: http://www.eff.org/press/archives/2009/04/05

The last time I checked, you were entitled to a private conversation.