Awesome Stuff: Keeping Your Online Activities Private Suddenly More Interesting
from the well,-look-at-that dept
Given all the recent leaks about surveillance lately, we figured this week's awesome stuff would look at some crowdfunding projects that are a bit more focused on keeping your online activities secret. Startups that actively protect their users privacy from snooping eyes of the government are getting a lot of renewed attention. Search engine DuckDuckGo has seen a massive bump in traffic. Kim Dotcom's Mega is now working on encrypted email and messaging to go along with its encrypted storage offerings. On the crowdfunding front, we're seeing a bunch of other privacy-related projects popping up -- some with a bit more reasonable plans than others.- Deservedly getting a ton of attention this week was the announcement about Heml.is, a new secure messaging app for mobile devices, put together by the same crew of folks who created Flattr, including Peter "brokep" Sunde (also of The Pirate Bay fame), Linus Olsson and Leif Hogberg. These are three very, very smart guys.
- HiddenToolbox looks like they're trying to create a userfriendlish version of TrueCrypt or something similar, such that you can store your documents/files/data secretly, with some additional cool features built in, such as remote self-destruct, a panic shutdown, file shredder and more. Some of it sounds cool feature-wise, but it would be interesting to see if any security experts have really had a chance to stress test their system to find out how secure it really is. There seems to be precious little info on that front.
- There are a bunch of anonymous surfing tools out there, but iAnonym is looking to make completely anonymous internet surfing easier. The project looks pretty comprehensive, and (unlike the HiddenToolbox above) they lay out a lot of the details of what they're trying to do and why it should actually allow for anonymous activities online.
- Can't trust pure software? How about hardware. Adonify is offering a plug and play network device for people to surf the web privately. Unfortunately the video explanation is horrible. I mean this might be the worst crowdfunding video I've ever seen. The video quality, the sound quality, the explanation of the product, the dude standing around smoking while the other guy explains what's going on... it's all pretty weak. When will people finally learn that a quality video is a pretty key part of a crowdfunding campaign. For what it's worth, their IndieGoGo page isn't particularly informative either.
- If the Adonify had some problems attracting attention, that appears to go double for Cryptomania, a Swiss company that is trying to crowdfund money for a secure storage and communications platform. They don't have any video for their product, and they barely explain their product at all. And the crowdfunding awards are for equity in their company, which almost certainly violates public offerings laws in the US and other countries (while other countries do allow equity crowdfunding, and the US is getting there, the rules tend to be rather specific and rather strict -- and it doesn't appear these guys followed any of that). They're also trying to raise a much larger amount: 250,000€. So far... they've made 0€ with less than 3 weeks to go. It seems doubtful they'll get much more.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymity, awesome stuff, encryption, privacy, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Invasion of privacy
There ought to be a law barring service providers from monitoring the content of private folders in any capacity, but in the meantime I guess encryption will have to do.
[ link to this | view in chronology ]
Re: Invasion of privacy
No, there are laws requiring, eg. landlords, to ensure their property isn't used for illegal purposes. Encryption is the correct solution for this. Alternatively, don't leave your stuff in The Cloud.
[ link to this | view in chronology ]
Re: Re: Invasion of privacy
It's really quite simple: Cloud storage providers should not be allowed to go looking through people's files, be it manually or automatically. If there's cause to go looking, then let it be handled by law enforcement. Otherwise, keep out.
[ link to this | view in chronology ]
Re: Re: Invasion of privacy
There are no laws requiring landlords to come onto their property to search for illegal activity. In fact, there are laws that limit the landlord's ability to do this.
[ link to this | view in chronology ]
Confidence.
[ link to this | view in chronology ]
Re: Confidence.
Whether they can or not, it's still worth trying, if for no other reason than to make them work for the information.
[ link to this | view in chronology ]
The Glorious Power of FUD...
Oh, wait. I'd just spread a meme that it was useless to try to use encryption. That all encryption is super-secretly "backdoored" anyway. And that it was useless to try to protect yourself, because the NSA has super-magical powers that transcend the reality of our universe and its mathematics. And that anyone who says otherwise is a secret NSA stooge - so don't trust anyone who offers counter-FUD. It's a hermetically sealed, self-reinforcing circle of bleh.
So if folks bought into my FUD, and spread it, I'd cut out a big chunk of the most effective resistance out there. Because FUD works... well, it works if people aren't willing to take the time and effort to actually dig out facts. Hunting down and testing facts is, admittedly, alot more work than just engaging in fatalistic FUD, but on the upside it's not pathetically defeatist.
Just sayin'...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Compiling Compilers
Here is where I get stuck. What compiles the source code for the compiler? Is it just written in Assembly Language (machine code for those who don't know), or is there a compiler compiler? What processes would be necessary to KNOW that the compiler one uses is clean?
Once one knows that the compiler is clean, and that the source code for whatever package you are compiling is clean, then you might have clean software.
Then we need to take a look at the hardware, and all of the drivers used by whatever system.
Odd thought. Do software companies agree to this shit because they know that they will be employed for a long time cleaning it up? What makes them think they might be trusted to do such a cleanup. Looking at you Microshaft!
[ link to this | view in chronology ]
Re: Compiling Compilers
It's called a "cross compiler", which can run on one platform but produce machine code for another platform. Of course you could just use a different compiler (or an earlier version of the compiler you are compiling) to compile your newest version of your compiler on the same platform.
[ link to this | view in chronology ]
Re: Re: Compiling Compilers
How does one now trust any compiler?
[ link to this | view in chronology ]
Re: Re: Re: Compiling Compilers
The same way you trust any other piece of software: you audit the source code. The ability to insert backdoor code is a bit limited -- it has to be tailored to compiling a particular application. You couldn't really do this in such a way that it would insert a backdoor in everything. In the example you're talking about, it was when compiling the login application. So you'd be fine by compiling the compiler using an entirely different compiler. Or bootstrapping the compilation process.
[ link to this | view in chronology ]
Re: Re: Re: Re: Compiling Compilers
[ link to this | view in chronology ]
Re: Compiling Compilers
There's also the issue that Linux kernel devs are notorious for passing off vulnerablilities as bugs and not maintaining/adhering to a proper disclosure list.
[ link to this | view in chronology ]
2.6 billion penises times 100 times a day
[ link to this | view in chronology ]
Secure texting
It's so secure that you can choose what metadata to share and even use a set of symbols called a gliph to communicate.
[ link to this | view in chronology ]
Missing a project not like the others; Nametag
Hello, i'm the researcher and developer behind Nametag, a secure programmable social media service that isn't on this list, and I began an Indie GoGo campaign this month.
What's different? Well, it's the word "programmable" that should stand out - we allow people not only to utilize a facebook-esque infinite scrolling feed interface (for starters), but we let people write entire secure social media applications in the browser - without sending a dram of readable anything to the people running the server, even though you're using pure HTML!
We allow anyone without programming knowledge to use secure social media.
We allow people who know javascript to expand what the tool can do without revealing anything, even to us
That's something I feel we need badly. To bring the lowest common denominator of secure programming to web developers, not just crypto-geeks, and do it right.
check out the campaign igg.me/at/nametag
and the site explaining it (with real, runnable demos!) at domalgebra.com
we deserve better. Thanks,
James Robey,
DOM Algebra
[ link to this | view in chronology ]
Re: Missing a project not like the others; Nametag
Many systems that could be described that way provide only illusory security: the people running the server could (be compelled to) send a modified version of the app to the client, which does the usual crypto in the client and also leaks the user's key to the server.
Some "browser-based" systems use a trusted browser extension to avoid this exposure, but "pure HTML and Javascript" suggests you don't take this approach.
Is there a plan to deal with that?
[ link to this | view in chronology ]
Encrypted xmissions
[ link to this | view in chronology ]
It's a people problem not a tech problem
Trying to engage in a never ending cycle of attempting to get around unacceptable and dubiously legal levels of surveillance by technology alone is destined for failure in the long run. We don't need better cryptography. We need better people in government. People who understand what's at stake and will give a clear and resounding "NO!" to our Executive Branch next time it asks them for a blank check to override the Constitution.
Suggestion: vote out the of office ALL the people responsible for this debacle while you still have a vote and some marginal say in the matter. Because in another 20 years, we likely won't have a vote if this trend is allowed to continue.
[ link to this | view in chronology ]
[ link to this | view in chronology ]