Unless you live under a rock, it’s hard to communicate information securely. Phone calls, text messages, emails could be open to snooping from governments, companies, or hackers. This, by the way, also includes paper mail!
You could be privy to private online communications, but most of these tools require a high-level of technology know-how. If you cannot set up a PGP key to encrypt your emails, there is no way you can expect to communicate securely.
However, since Edward Snowden’s trove of leaked government reports uncovered the degree of the National Security Agency’s domestic spying tools, digital privacy awareness among average consumers and even a small group of alls has sprung up to them. A couple companies, like Signal, Telegram, and WhatsApp, have made basic apps for private communication, their advanced interfaces masking complex security systems built to withstand even the most intense attacks.
A digital security software company is trying to make privacy tools open to more app developers, and also to more consumers. SpiderOak has been in the business of protecting data for quite a long time now, with a Dropbox-like backup service that allows users to save data on the company’s services. This is saved in a way that even the company itself cannot decrypt the information the servers hold.
Edward Snowden privacy policies
SpiderOak also built up an open-source platform called Crypton, a code library that is free for developers so they can create their own apps. The library handles security protections, allowing less crypto-savvy programmers to focus on more important aspects.
David Dahl, Crypton’s director, says privacy is a user-experience problem. “There has historically been very little interaction between [user-experience] designers who love to create very pretty and functional things and computer scientists who specialize in cryptography,” Dahl wrote in an email.
This kind of disconnect has kept encrypted correspondence from “looking and acting like everyday software.” Sending a PGP-encrypted email, for example, is a lengthy process that includes a setup, finding and verifying the public key of the intended beneficiary, using software to encode a message with that open key, and later decoding the response. A couple of basic privacy apps have such pleasant interfaces that cover complex security systems worked to withstand intense attacks.
As a proof-of-idea for basic privacy software, SpiderOak built a basic social networking app called Kloak on the Crypton stage. Like Twitter, Kloak allows users to communicate short status messages, however not at all like Twitter’s emphasis on public engagement, it just allows sharing between users who have follow each other, encrypting the messages and photos as they go between users gadgets. Still in beta stage and a little rough around the edges, Kloak is more of an experiment than a fully-formed viable platform.
“It’s an easy way for us to encourage other people to build other zero-knowledge applications,” said Alan Fairless, SpiderOak’s co-founder and CEO. “Here’s a nice example of one: It was built without using any fancy tools, no advanced JavaScript frameworks—just very vanilla, approachable by new developers.”
One of the security capabilities that Kloak shows is a very simple key-verification process, which is an essential part of most encrypted communications. Whenever sending and receiving encrypted messages, every member involved must verify that the individual on the other side to be sure who they say they are. A lot of advanced encryption services use an arrangement of open and private keys, allowing users to check their partners’ identities by comparing computer-generated images or passcodes.
One of the ways user-experience focused privacy apps are making secure communication more friendly by integrating a simpler verification process. Telegram, for instance, creates blue squares based on the public keys of the participants in an encrypted chat, which by the way are identical. An encrypted call made through Signal displays two words on the users’ devices, which they can compare to verify whether their communication is secure or what.
Kloak uses a process more similar to Telegram’s, creating a QR code that allows users to add others to their system by verifying it. Yet, SpiderOak says it’s building up a stylish substitution for Kloak’s drained looking QR code that will include an animated design.
“If you’ve ever used a product like PGP, the key-verification process is just a disaster for most people,” Fairless said. “How can we make it feel private, and be effective, and unobtrusive enough that people will actually do it?”
The animated key-verification system will include in a product SpiderOak plans to launch in the next couple of months, a team-collaboration app that will rival tools like Microsoft SharePoint. It has been derived from the company’s Crypton system, the product will allow groups to trade messages and records that will remain encoded and inaccessible even to SpiderOak employees.
Andrew Mitry, a cloud-computing engineer at Walmart said he likes Kloak’s privacy focus. Acknowledging that he keeps running in tech-savvy circles, many in his network would love such a private/secure social network.
Another early Kloak user, Brazil-based beta tester David Nielsen, said he kept running into a few ease of use issues, but on the other hand loved the application’s way to deal with privacy. “At least Kloak offers something unique and hopefully valuable to users in this post-NSA-data-addiction world: the freedom to make an informed decision on privacy,” Nielsen said. “Provided everybody they care about make the same choice.”
For sure, the biggest hindrance to any security first software is launch. Security-cognizant early adopters aside, a lot of users aren’t willing to give up essential features for encryption, and understand very little about it too. Also, more current security first apps are up against giants like Facebook and Gmail, which have built gigantic user bases, and get by profiting from those users’ information.
In any case, as the intensified impact of Snowden’s NSA secrets and the expanding list of hacks at companies and government agencies saturates people in general awareness. There is a possibility that users will demand more protection from their everyday software. To meet the demand, developers need to invest more in creating user-friendly privacy tools.