The future of online privacy lies in a cloud of doubt as tech companies and government agencies confront each other on several fronts in the latest round of the decades-old Crypto Wars.
The feds are looking for backdoords into encrypted communications, describing it as a necessity to fight terrorism and crime. Conversely, tech firms argue that such a move would be a violation of the company rights and would set a dangerous precedent, effectively endangering the privacy and security of all consumers.
The San Bernadino case is just one of the many cases that has pitted tech companies against government agencies on the use of encryption technologies.
The government’s persistence in expanding its surveillance capabilities and gaining a foothold into encrypted communications has led many developers to take matters into their own hands and create apps that will ensure consumer privacy in the even that tech companies are legally forced to hand over decryption keys to the government.
While we’ve seen the apparition of many custom crypto apps in recent years, but it’s hard to convince users to abandon their favorite social media platforms for the sake of a new unknown brand that doesn’t have as wide a user base.
We’re now seeing new crypto apps aimed at enhancing security in already-established social networks.
Cyphor is a Chrome extension developed by two Canadian students., Michael Pawly and Angus McLean.
The app comes into effect when you’re chatting or sending mail through your browser, and encrypts messages before they’re sent over to the web application server.
Most web service providers encrypt user data, but Cyphor’s added layer of encryption makes sure that your information remains safe even if the server is breached, or in case the decryption keys are willingly handed over to an unwanted party.
The goal of Cyphor, as explained by the developers, is to enable users to take privacy matters into their own hands and avoid being affected by hacks resulting from poor security practices by companies or the change in consumer privacy policies.
The use of Cyphor is easy and straightforward.
After installing the extension, you select the input box that you wish to encrypt (e.g. the textbox for your Facebook or Slack chat), and you setup a “channel,” which creates a randomly-generated 256-bit AES key that will used to encrypt data entered in the selected input box before posting it to the server.
Cyphor is used on the receiving browser to parse and decrypt the encrypted data. The keys are stored on the Cyphor server and can only be accessed by users who have access to the channel.
The application has been successfully tested with a number of social media platforms and email applications, including Facebook and Slack.
Cyphor uses a number of techniques and good practices to prevent malicious activity such as cross-site scripting (XSS). Check out a demo of the app here.
Crypter is another crypto app developed by a student, in this case Max Mitchell from England’s Sussex University, and is specifically aimed at securing communications over Facebook Messenger. It is very much similar to Cyphor and is available as plugins for Chrome and Firefox browsers.
As Mitchell explains, Crypter was developed to work with an established chat application – Facebook – instead of introducing a new one, and he’s taken extra steps to make sure it doesn’t interrupt with users’ existing habits.
The application works by adding a few extra elements to the Facebook web chat interface, enabling you to initiate secure chat sessions by setting a password, which is used to create the encryption key. After that, it sits invisibly in your chat and encrypts/decrypts your conversations efficiently without the need to take any extra steps.
Only a user with the password will be able to decrypt and read the messages. Even if your Facebook account is compromised, the encrypted chat logs will appear as gibberish or a lock icon. Check out the video demo here.
Where encryption is headed
Cyphor and Crypter can be perceived as a prelude to a new breed ad-hoc, personal crypto-solutions that we’ll be seeing more in the future as the crypto-debate comes to a head.
The one thing that we can be sure of is that no matter whose favor the balance of the Crypto Wars tips to, encryption is here to stay.