Privacy in the private sector
Daniel Barabasi | Monday, November 24, 2014
Recently, Silicon Valley has ramped up their response to the wary public. In the past month, Facebook announced a Tor-specific site available to those interested in extra levels of security, then in the two past weeks Whatsapp implemented end-to-end encryption for Android devices, with plans to extend the service to iOS devices.
Before you get too lost in the tech mumbo-jumbo in the last paragraph, here’s a bit of background. Facebook’s unveiling gained more visibility for the Dark Web, a collection of websites hidden behind multiple levels of encryption with tools like Tor and I2P that hide user and site IP addresses. While the Dark Web is famous for big names like Silk Road, an online drug black market, and child pornography, recently it has been enabling more productive services, such as SecureDrop, which allows for the secure upload of leaked documents to news sites.
It may not be clear at first why a site like Facebook, which requires users to give an identity upon entry, would be on the Dark Web, but Tor and I2P work by encrypting and decrypting web traffic in layers through various servers chosen at random around the world. Since each step only removes one layer of encryption, it becomes next to impossible to track the relay of signals back to the user. Although using Tor on Facebook won’t make you a ghost on the network, it gets around local censorship and surveillance. The move from Facebook comes as the next step of customer security, following up on the general SSL security offered by most tech companies today.
Whereas Facebook’s appeal to Tor users is rather specific, Whatsapp’s new encryption service seeks to enable the the security of all users, whether or not they understand what is happening behind the user interface. Whatsapp integrated Textsecure into its software, which allows for end-to-end encryption. In the past, messages would be shielded while traversing the space between the users’ devices and Whatsapp servers, however end-to-end security now scrambles messages on the device itself, and only unscrambles them when reaching the target. This allows user conversations to be hidden from not only prying eyes, but the Facebook-owned company itself.
The only other messaging software of similar capacity, according to Wired, is Apple’s iMessage. However, Textsecure has been lauded as a much stronger alternative to the Apple service. A major concern with iMessage is a lack of so called “forward security,” meaning that a single encryption key is generated for each user. Thus if the user’s key is cracked or obtained in some way, all of her encrypted data is vulnerable. Even more striking though is the prompt to back up iMessages to Apple’s iCloud, which would probably be considered one of the least secure platform by the general public after the photo leaks scandal earlier in the semester.
Both Facebook and Whatsapp represent the necessary next steps that need to be taken by tech companies. Many consider Tor access to be a necessity for any company hoping to keep pace. With the NSA building bigger and better and all the while less-regulated facilities, it makes sense to fear for our information and demand the private sector to address the issue. Even if you have nothing to hide, if you’re uncomfortable with someone looking over your shoulder in person, why should someone doing it online be any more natural?
The views expressed in this column are those of the author and not necessarily those of The Observer.