While he is already known in libertarian and Objectivist circles as an administrator for the Mises Institute, ObjectivismOnline and numerous other sites, David Veksler has unveiled his latest project: CryptAByte:
a free online drop box that enables secure (encrypted) message and file sharing over the web using a public-key infrastructure.
Tim: Can you tell us a little about the project, what motivated you to make it?
David: I am a strong believer in the ability of cryptography to empower people to form private, voluntary associations. Basically, I see crypto-anarchism as the most practical path to agorism.
But my project has more modest goals: I want to help make encryption ubiquitous, and that requires making it accessible to everyone. Current secure communication tools like PGP are too difficult for everyone to use. We need something like HTTPS to provide a foundation for ubiquitous encryption. CryptAByte is an API as well as a proof of concept platform for secure communications.
Tim: How long have you been working on it?
David: About three weeks.
Tim: What is your ultimate goal with it?
David: I want to build a platform for private communication. For example, I would love to see someone to build a file sharing or email client on top of my service.
Tim: Who is CryptAByte for, just whistleblowers?
David: No, anyone who wants to keep his communication private is welcome to use it. But it can also be quite useful for whistleblowers and other such scenarios.
Tim: Can you describe some of the technology behind CryptAByte?
David: CryptAByte uses public-key encryption just like HTTPS/SSL and OpenPGP/PGP. The algorithms used are RSA for key pairs, AES 256 to encrypt messages and files, and SHA 256 for hashing. The servers hosting this application support can encrypt 2.1 GB of data per second using the latest Intel CPU’s with AES support built into the chipset. The service is built with ASP.Net MVC and Sql Server for the backend and jQuery UI for the front end. A RESTfull API is available for third party web and desktop apps to build on the platform. The full source code will be release when the platform is stable.
Tim: Is there a role for CryptAByte with crypto-anarchy, or is that an impossibility?
David: I just want to provide a platform for people to build on. I will open-source the encryption architecture when the service is mature. What people do with it is up to them. It will not start an agorist revolution, but maybe take us a tiny bit in that direction.
Tim: With a plethora of open-source PGP and anonymizing projects in development around the world, can any government really stop the inertia at this point?
David: Earlier this week a developer for an encrypted chat application called “Cryptocat” was detained and interrogated at the US border. Back in 2010 Tor developer Jacob Applebaum was also been detained and questioned. So yes, even after Phil Zimmerman successfully fended off US Customs 15 years ago, various agencies are still interested in this space.
Tim: Is there anything else that you would like to say about encryption general?
David: You don’t have to use my service, but if you’re sending your email, IMs, and files in plain text, you should know that some automated system, whether state-based or corporate is probably archiving your data and indexing it for keywords and you have very little control over how that information will be used. There are great tools out there to ensure that your life remains private and I encourage everyone to use them.
Tim: Thanks for your time. And to illustrate David’s concluding remarks, readers might be interested in a recent piece from Wired detailing the NSA’s new facility in Utah as well as the Washington Post’s expansive exposé published last year: Top Secret America.
Tim Swanson is a graduate of Texas A&M University. He has worked in East Asia for more than 5 years and currently lives in China. He is the author of Great Wall of Numbers: Business Opportunities & Challenges in China
{ 3 comments… read them below or add one }
For the general idea of crypto-anarchy, readers might want to look at either Tim May’s work online
http://www.cynikal.net/users/baptista/AP/cyphernomicon.html
or my old article on strong privacy.
http://www.daviddfriedman.com/Academic/Strong_Privacy/Strong_Privacy.html
I sort of question the reasoning going on here.
Given the sorry state of https and the various nefarious certificate authorities… I think you’re taking a known good security standard (pgp / gpg) and fronting it with a much lesser standard — all the while giving the impression that this is state-of-the-art. If you think the Chinese government is a trusted certificate authority (amongst others that are of equal trustworthyness) … then I’ve got a bridge to sell you.
There are free gpg plugins for many mail clients that make pgp simple and easy. They integrate into existing key servers and just work. I think you’d be better off to promote those than to front end them.
Pidgin-otr won’t work for me in yahoo or AIM anymore and there don’t seem to be any active help forums that give answers ? Anyone have better luck with pidgin otr? I started using pidgin-encryption but it is not so highly advanced as pidgin-otr but it is better than nothing (i hope!).