Conversations about life & privacy in the digital age

What Trusting Yourself Gets You + Big Events This Week

Trust is the belief that someone or something is reliable, good, honest, effective.

While you would like to think the people with whom you’ve surrounded yourself are deserving of these descriptions, you’ve probably been around long enough to know even those you hold to the highest of standards have let you down. So perhaps Mom was right, the most important person to trust is yourself.

We’re not one to argue with Mom so when it comes to putting your valuable data online, we at SpiderOak believe you shouldn’t have to trust us (though we are pretty good folks).

We don’t want to know what is being stored on our servers, and we don’t want to know your password. This being none of our business is, in fact, our business.

Trust Yourself SpiderOakTRUST YOURSELF for 30% off 

Protect 100GBs of data for less than $6 per month, until the end of February (ends 11:59 pm CT).

Use the promo code TrustYourself to upgrade to a yearly plan and get 30% off.

Already a user? Upgrading is easy:

  1. Login to your account.
  2. Go to Account tab at the top right.
  3. Select Upgrade Plan on the left under your name.
  4. Enter TrustYourself in the promotional code field and select Update. When you see ‘Promo code TrustYourself’ confirmed, select your plan size under Yearly Billing and click next. Congrats – you have 30% off!

New user? Welcome! Here’s what you do:

  1. Get started now and create your account.
  2. Download and install the client.
  3. Click  ‘Buy More Space’ in the client itself, or via the web portal (which you can only login to once you’ve downloaded the client). In the web portal, you will go to Account, and then choose Upgrade My Plan.
  4. Enter TrustYourself in the promotional code field and select Upgrade.  Choose which plan you want under Yearly Billing. Congrats – you have 30% off!

BIG EVENTS THIS WEEK:

We believe strongly that in all conversations about data security, the cloud, and the future of the Internet, ‘Zero-Knowledge’ privacy should be at the table. That is why this week we are proudly hosting and participating in the following:

Responsibly Bringing a new Cryptography Product to Market

Post Snowden, technologists have rushed a variety of “liberation tech” projects to market, making boastful claims about their cryptographic capabilities to ensure the privacy of their customers. These goals are noble but the results have sometimes been embarrassing.

We’re building a new crypto product ourselves: a high-level secure-by-default framework developers can use to build end-to-end cryptographic applications without writing crypto.

Here’s what we required:

  1. To be independently verifiable it must be open source
  2. Have a spec
  3. Have a threat model
  4. Have clear, well documented code
  5. Be audited by security professionals with a crypto background

In this post I’ll share how we’re going about #5. We’re committed to development in the open, including security review.

The first audit we could schedule was with 3 researchers from the Least Authority team. Among other reasons we chose them because they have deep experience building verifiable storage systems. For anyone in that market, Tahoe-LAFS is a must read.

Auditing is both expensive and hard to schedule, with leading organizations booked months in advance.  The best teams are not limited by their ability to sell their services but rather by their ability to hire and fulfill that work. Consequently there’s very little downward pressure on their rates.

To get the most from a security audit, it’s best to go in with the cleanest code possible. It’s like brushing your teeth before you visit the dentist. It’s impolite and ineffective to ask someone to puzzle over the subtleties of code you haven’t clarified [1].

We focused this first audit narrowly on a bare bones single-user (no collaboration or multi-user sharing) demo application built with the Crypton framework. Our goal was good coverage of the framework’s core fundamentals: account creation, authentication, and single-user data storage.

Unfortunately, at the time we could schedule the audit to begin, there were three issues that the Crypton team knew about but hadn’t a chance to fix or even document. The auditors independently discovered two of those three issues with a lead to the third issue (less severe) tagged [UNRESOLVED] in their report. Additionally they found three other serious issues unknown to the team. Overall, some of the best money we’ve ever spent!

Since the purpose of this post is to give clear expectations, I think it’s important to share real numbers and cleared this with Least Authority.

Zooko explained, “We gave SpiderOak a small discount on our normal price, and moreover we pushed back our other projects in order to get the work done for you first. We did these two things because we wanted to form a relationship with SpiderOak since you provide end-to-end-encrypted storage, and we wanted to support Crypton because it is end-to-end-encrypted and is fully Free and Open-Source Software.”

Our bill was $30,000, or about $5k/researcher per week.

We have a second audit with the nice folks at Leviathan Security, covering the multi-user features of Crypton, and we’ll share that report when it’s complete. In the meantime, here’s the report (rst, pdf) from the first audit by Least Authority.

Here are some of the resulting GitHub issues and pull requests to
resolve the findings. Issue B, C, D, and E.

The resolution for Issue A involves a switch to SRP based authentication. This was part of the longer term roadmap as it provides several additional benefits, but proved to be a nontrivial undertaking and that effort is still ongoing. Some attention is given to this implementation in the next audit by Leviathan Security.

Update: Zooko at Least Authority just published an article discussing their motivation for accepting the project.

Update 2: The originally published version of this post erroneously linked to a non-final draft of the report from Least Authority. That link is corrected; and the final audit report should say “Version 1, 2013-12-20″ at the top.

NOTES:


[1] Zooko shared a story about an experiment that was conducted by Ping Yee in 2007. The results of the experiment illustrate auditing challenges.

In short several very skilled security auditors examined a small Python program — about 100 lines of code — into which three bugs had been inserted by the authors. There was an “easy,” “medium,” and “hard” backdoor. There were three or four teams of auditors.

1. One auditor found the “easy” and the “medium” ones in about 70 minutes, and then spent the rest of the day failing to find any other bugs.

2. One team of two auditors found the “easy” bug in about five hours, and spent the rest of the day failing to find any other bugs.

3. One auditor found the “easy” bug in about four hours, and then stopped.

4. One auditor either found no bugs or else was on a team with the third auditor — the report is unclear.

See Chapter 7 of Yee’s report for these details.

I should emphasize that that I personally consider these people to be extremely skilled. One possible conclusion that could be drawn from this experience is that a skilled backdoor-writer can defeat skilled auditors. This hypothesis holds that only accidental bugs can be reliably detected by auditors, not deliberately hidden bugs.

Anyway, as far as I understand the bugs you folks left in were accidental bugs that you then deliberately didn’t-fix, rather than bugs that you intentionally made hard-to-spot.

The Crypto-Cherub Asks You: What Apps Should He Shoot Privacy Into?

We’re wildly, madly in love with privacy but we’re not keeping it a secret.

Many of you know we’ve spent a lot of the past year working on Crypton. And we believe it is the future. We plan to use it to build a new internet, and hope others will take its open source code to infuse their apps with privacy. We’re about ready to get started: our Crypton code just underwent two large security audits, of which we plan to share the results in the coming two weeks here on the blog.

There are also some other exciting things happening in the next few weeks. We believe strongly that in all conversations about data security, the cloud, and the future of the Internet, Zero-Knowledge privacy should be at the table:

On the cusp of these events, and in celebration of our passion for privacy this Valentines Day, we ask for your help, input and ideas. You always make us better and influence what we do. (Yes, we love you!)

What apps do you want to see our Crypto-Cherub shoot his privacy arrows into in 2014?

Giving Privacy to the Internet: Developers Meet Crypton

We believe privacy doesn’t have to be a pain. So we’ve been working hard on Crypton. Now, anyone can easily build cyptographically secure cloud applications with Crypton, a Zero-knowledge framework for Javascript.

Last week in The New Yorker, our CEO Ethan Oberman talked to cyberculture journalist Joshua Kopstein about Crypton’s potential:

“I can tell you from firsthand experience that privacy is now at the forefront of how all these companies are thinking about their strategies moving forward,” Ethan Oberman, the C.E.O. of SpiderOak, told me. His company is one of many whose notoriety has spiked since the Snowden leaks. Its latest project, Crypton, is an open-source framework for “zero knowledge” privacy systems—that is, systems where user data is encrypted locally before traveling to cloud servers, leaving the company with nothing to hand over to authorities but jumbled ciphertext and a few pieces of metadata. “It makes it so that users don’t have to trust the company in the middle,” said Higgins. “In the long run, that leads to a better relationship with that company, and, ultimately, I think it does lead to trust.”

“Both Higgins and Oberman said that demanding transparency is an important first step in a much longer process, and they admit that many companies may not be willing to go the extra mile just yet. But Oberman said that once transparency measures are in place, users can start to make more informed decisions about how much they value their privacy and what information is important to them. He predicts that this could create an incentive for services to offer multiple levels of privacy, storing sensitive data in secure containers while allowing less-sensitive bits to be available for ad-targeting purposes. “We’re engaged with a lot of companies that are starting to think about data along those terms,” he said. “I think they’re all now taking a deep breath and considering what they can do to rebuild trust.”

Bringing Privacy to the Internet with Crypton

SpiderOak just hired David Dahl to supercharge Crypton development. David is a veteran software privacy engineer with more than 15 years at Mozilla Corporation, and is also one of the founding members of the W3C Web Cryptography Working Group. On Monday, he wrote on our blog about how he will be pushing Crypton forward, and details on how you can join weekly Crypton calls.

Companies can also leverage Crypton and give privacy back to their users.

Here are the basics on this first ever privacy-first platform:

BUILT BY DEVELOPERS FOR DEVELOPERS

Crypton is for developers who want to build privacy into their apps. Crypton allows developers to provide customers a truly private storage and collaboration environment with no access to unencrypted customer data, without having to rely on 3rd party security layers or post development hacks.

EASILY DEVELOP ZERO-KNOWLEDGE APPS

More people are becoming “privacy aware.” Enterprises refuse to adopt solutions where the developer and service provider can access critical internal data. Crypton is the first application framework that provides a foundation for building zero-knowledge cloud products.

BUILT TO SCALE WITH YOUR APP

Built on PostgreSQL and node.js, Crypton was built with the intention of being horizontally scalable. Privacy doesn’t have to be a pain.

View the developer guide, and get started.

Please share with the developers you know. Let’s give privacy to the internet, together.

Bringing Privacy to the Internet with Crypton

Pushing on the Open-Source Crypton Effort

After 5 years working on Firefox at Mozilla, last week I began a new adventure at SpiderOak. And whereas I will be working on a wide range of projects, my main focus will be directing the Crypton, open-source project.

Earlier this year I read about Crypton, SpiderOak’s open-source web framework that makes scalable, privacy-centered web applications much easier to produce. As a founder and sometime-editor of the W3C’s Web Cryptography Working Group, I knew there would eventually emerge a ”jQuery for web crypto.” Crypton seemed to be that and then some - a complete solution, including the server and storage mechanism. I was hooked. I have been tinkering in this space for a few years, producing a couple Firefox extensions including DOMCrypt and Nulltxt. These extensions model what I thought made sense for crypto APIs hanging off of each web page, as well as web applications to go along with these APIs. I implemented window.crypto.getRandomValues in Firefox and worked on the team that maintains and improves Firefox security.

With the idea that the Web Crypto API is now forthcoming and the recent media attention on ever-present Internet surveillance, I want to do something more tangible about it now. SpiderOak has been building privacy-oriented products that uphold its ‘Zero-Knowledge’ concept for almost a decade, which makes this move for me a natural fit. I am excited to play a role in making Crypton the standard for web crypto as well as providing an easy way for developers to easily build meaningful, useful ‘Zero-Knowledge’ applications.

As of September 26, 2013, SpiderOak is hosting a weekly development teleconference to discuss the latest developments, features, milestones, bugs and anything else Crypton users or developers would like to discuss. The details are on our Github wiki.

If you have any questions or ideas about Crypton, feel free to contact me via our many channels of communication or email me directly at ddahl[at]spideroak.com.