Encrypted Social Network Vies For Disgruntled Facebook Users 162
angry tapir writes "With the look of Google Plus and Facebook-like elements, a new social network named "Syme" feels as cozy as a well-worn shoe. But beneath the familiar veneer, it's quite different. Syme encrypts all content, such as status updates, photos and files, so that only people invited to a group can view it. Syme, which hosts the content on its Canada-based servers, says it can't read it. "The overarching goal of Syme is to make encryption accessible and easy to use for people who aren't geeks or aren't hackers or who aren't cryptography experts," co-founder Jonathan Hershon said in an interview about the service." See also Diaspora.
Its reasonable! (Score:5, Interesting)
I read the article expecting it to be crap, ignore meta-data etc. What I found however was a decent article discussing that the service used open source client side crypto libraries, and they even acknowledged the meta-data problem and how it makes their service not truly private. They also mentioned how its very unlikely to go big like facebook and it summed up with some reasonable example use cases. I haven't see such a non crap article in a long time!
Re:Chrome only (Score:5, Interesting)
So it's a social network that "protects your data" ... and requires Google Chrome. :/
Why am I skeptical?
The extension should work just fine with Chromium, I would expect. And they said Firefox is in the works.
Personally, I think the idea is an interesting one. In general, I think it's on the right track. The only way to get the masses to use encryption is to make it invisible. The flaws of SSL are well-known, but the fact is that in practice it mostly works really well, and it is used by basically everyone on the web. Making it invisible means that you have to embed key management seamlessly into the infrastructure, and making it have some hope of being secure means that it has to be pushed out to the endpoints -- including key management.
On the right track, but this is a really, really hard problem to solve fully.
One issue is that although the keys are generated in the browser plugins, they're obviously exchanged through the Syme server, putting it in an ideal position to completely subvert the claimed security. Making security both transparent and strong is hard.
Another issue is portability. I can log into Google+ or Facebook from any computer. But if my browser is holding my keys, then I can only use my browser. If the keys are stored in the cloud, well, that's great for portability, but the keys then have to be secured from whoever is holding them.
Still, I like to see initiatives like this. The only way hard problems get solved is by clever people trying.
(Disclaimer: Since this post mentions Google+ and Chrome, I should probably mention that I'm a Google engineer, but I'm not speaking for Google.)
Re:The nerve! (Score:2, Interesting)
}}controlled group.
Impossible. If i can see it. I can copy it. No matter what. I CAN make a copy. Even going all the way to manual transcription or recording my monitor.
Your group just lost complete control. And we're back to the world.
There is always a weak link in any chain. One will always break first.
So you can pretty much guarantee anything you 'share' with a controlled group will be available to the world. Especially if there's gain to be made. Even faster among people who have no severe life punishment for 'sharing'. But even then with severe penalties such as the NSA. Who STILL can't keep control of their secret information among a controlled group.
You share. You're sharing with the world. Bet on it.
Crypto in Syme may be unsound (Score:5, Interesting)
I'm looking at the source to Syme's Google Chrome plug-in. While I'm not a crypto expert, I've found three things that seem to weaken the encryption.
return privateKey.dh(publicKey);
},
Note the commented-out line for strengthening the key. That looks like something was done to weaken the key generation.
This is highly suspicious. This code needs a close look by a security expert before anyone trusts it.
Re:The nerve! (Score:5, Interesting)
It is impossible to control the dissemination of information that you make available to other people. But it is not impossible to make it expensive to crack an entire social network and feast on the gooey interior. Best is the enemy of good enough. Right now it is clearly the case that everything that happens on Facebook and Google is visible and mineable at least by Facebook and Google, and possibly by interested governments. A peer-to-peer social network makes that kind of data mining much more expensive.