2013-12-23

Co.Labs

How Privacy Software Improved In 2013 Following The NSA Revelations

Since Edward Snowden's whistleblowing about NSA mass surveillance this summer, there has been a flurry of improvements in privacy software. Here are some of the year's most notable.



Given concerns about NSA mass surveillance, the general public has taken an interest in privacy as never before. In response, developers have worked on beefing up the security of their privacy tools as well as making them more user-friendly. The list below is by no means exhaustive, but it provides a glimpse into some of the most impressive and impactful privacy software of the year. When discussing privacy tools, it's always important to remember that none of these is a magic bullet—but they do provide significant improvements over the technologies we would normally use and that they replace or augment.

SecureDrop

Freedom of the Press Foundation, run by Electronic Frontier Foundation activist Trevor Timm, manages SecureDrop: an "open-source whistleblower submission system that media organizations can install to securely accept documents from anonymous sources." This write-up at Forbes by Runa Sandvik (who knows a thing or two about security, having contributed to both Tor and TrueCrypt) lays out the rationality behind SecureDrop very clearly:

In the past couple of years, the U.S. government has spied on media organizations, ordered journalists to testify against their confidential sources and filed charges against an increasing number of whistleblowers. As a result, more and more news organizations have enlisted a system to enable sources and journalists to anonymously and securely handle sensitive documents.

SecureDrop was originally coded by the late Aaron Swartz; Freedom of the Press Foundation took over development in October, seeing a clear need for such a tool. In early December, Freedom of the Press Foundation released a new version of Secure Drop.

Cryptocat

There's been a trend following Snowden's revelations, with a number of existing privacy and encryption tools really kicking their development into high gear. Some have made usability improvements, while others have squashed critical security vulnerabilities. Cryptocat, being user-friendly from its inception, worked on the latter after a major security flaw was discovered this summer. With the slogan "private conversations for everyone," Cryptocat's aim is to make the OTR encryption protocol accessible to a wider population. Users install Cryptocat as an extension for Firefox, Chrome, or Safari and can join encrypted chats with other users by simply entering the same chatroom name. Unlike many encryption tools, Cryptocat seems to have met its usability goals, and it's reportedly being used by a large number of non-technical users.

arkOS

I reported on arkOS last month during its crowdfunding campaign. ArkOS aims to address a key privacy problem: the general public's reliance on major corporations (which have generally complied with the NSA) for hosting our personal cloud services. The arkOS solution makes it dead simple to run open source replacements for Dropbox, Google Drive, and eventually even email, all from a cheap computer running inside your own home. By the time arkOS is feature complete, installing each of these services will be—it's hoped—as simple as using an app store. Fortunately, the crowdfunding campaign was wildly successful, bringing in several thousand dollars more than its $45,000 target. That money will allow lead developer Jacob Cook to work on arkOS as a full-time job in 2014 and make a self-hosted cloud something the average Internet user could actually run themselves.

TextSecure (with CyanogenMod)

TextSecure is both an app and protocol for Android phones. It provides an encrypted text messaging solution that is as dead simple as regular SMS and MMS. The major catch, like with PGP email encryption, is that both users have to be using TextSecure in order for it to work. That significant barrier was recently removed when TextSecure integrated with CyanogenMod, the popular open source custom Android build. Now all CyanogenMod users (of which there are reportedly 10 million) effectively use TextSecure as their default messaging app. Now whenever one CyanogenMod user messages another, their messages are automatically encrypted. The same applies for a CyanogenMod user messaging someone running the TextSecure app on stock Android.

Tor

Tor is one of the tools you'll see mentioned anytime online privacy gets mentioned. And for good reason—it's one of the most powerful tools out there, as evidenced by a document the Guardian released showing that Tor is apparently a major headache for NSA eavesdroppers. Tor is often referred to as an Internet anonymizer, but what it actually does is disassociate your originating IP address from the destination of the IP address you're browsing to. The result is that sites you visit can't tell who you are, while entities snooping on your Internet traffic can't tell what sites you're browsing to. That's great, but it's important to remember that you also have to change your practices when using Tor to preserve your anonymity (no magic bullets!). Naturally, it's been a busy year for Tor. There was a critical vulnerability found in the Tor Browser Bundle (actually a bug in the version of Firefox that the bundle used), which has since been fixed. That's important since the browser bundle is the most user-friendly way that a general Internet user can run Tor. Just last week TorServers.net, a group that runs high-bandwidth Tor relays, was awarded a $250,000 grant to help strengthen the Tor network. In addition, there has been some talk of incorporating Tor into the next HTTP standard, making it a part of how everyone conducts web traffic—but these conversations are still preliminary.

Syme

Syme is a relative newcomer to the privacy world and is hoping to become a sort of private encrypted social network. There have been a slew of ill-fated attempts at creating alternatives to Facebook for social networking, including the much-publicized Diaspora*, the Free Software Foundation's GNUsocial, Appleseed, and Riseup Collective's apparently abandoned Crabgrass. The merit of Syme is that it's not trying to replicate Facebook, as some of the open source spin-offs above do. Rather, its use case seems to be for ad hoc groups of friends that you want to connect to for a specific purpose—not en masse sharing with hundreds of Facebook friends. It's currently available as an extension for Chrome, with one for Firefox on the way. We'll see next year if the combination of living in the browser as a plugin and a focus on more targeted sharing can be the answer to the social network privacy problem.

[Image: Flickr user Emilio Labrador]


Article Tags: nsaprivacysnowden





Add New Comment

3 Comments