Decentralized Internet and Privacy
Building a Web App that Doesn’t Trust the Server
Securing ProtonMail
How do you know WhatsApp Web isn’t spying on your messages, despite the end-to-end encryption? Why did Signal decide to build a desktop application instead of a web app?
Open Source clients are a necessary, but unfortunately not sufficient, requirement for guaranteeing privacy. This talk explores two other issues: how to securely deliver that source code, and how to securely deliver the encryption keys that users use to communicate. It also presents our proposed solutions to these problems.
At ProtonMail, we’re aiming to build a web application that gives users the guarantee that we are physically unable to read their email, even if we wanted to. This comes with a set of challenges: how can the user trust the source code that comes from the server (without reading it each time), and how can the user trust the public keys that they receive (without hosting key signing parties, however fun they may be :)).
We currently support self-hosting, and manual key verification and pinning as solutions to these issues, respectively. However, these are highly manual solutions. This talk will present two projects we’ve been working on to provide privacy guarantees without requiring any action: Source Code Transparency and Key Transparency.
Finally, we’ll also briefly discuss what kind of APIs we could add to browsers to make it easier to develop web apps that don’t trust the server.
Additional information
| Type | devroom |
|---|
More sessions
| 2/2/20 |
Today, hard disk encryption only protects user's data when their machine is shut down. "Close lid to encrypt" aims to enhance this protection also to suspend mode.
|
| 2/2/20 |
Almonit is a project for decentralized websites and web services. Decentralized websites and web services are an alternative to the way the web functions today. They combine decentralized storage (like IPFS), decentralized name services (like ENS) and P2P networks in order to replace the server-based model of the web. This lecture describes the Almonit project, its architecture, the technical details of the technology and the ecosphere in which it is created. Come discover the state-of-the-art ...
|
| 2/2/20 |
Society is becoming increasingly more aware of the importance of protecting digital information and it is becoming clear that the current centralized model has came to an end. The future of the Internet is distributed. Unsupervised, unmoderated access, affordable storage, data-replication, and security and privacy built-in are the most important aspects of the Internet of the future. Unfortunately, a global, reliable, decentralized network cannot be built without actual physical nodes, as the ...
|
| 2/2/20 |
Inspired by the concept of sharing data between apps on Android devices through Content Providers, this talk explains how this can be achieved on the Web today using decentralized identity and storage (identity hubs). This talk has been accepted late to replace "Decentralized object storage An open source decentralized object storage" by Ivan Fraixedes. Due to health issues Ivan's talk had to be cancelled. We wish him a speedy recovery.
|
| 2/2/20 |
Written in 2001, RFC 3170 states: "IP Multicast will play a prominent role on the Internet in the coming years. It is a requirement, not an option, if the Internet is going to scale. Multicast allows application developers to add more functionality without significantly impacting the network." Nearly two decades later, multicast is still largely ignored and misunderstood. This talk explains why multicast is the missing piece in the decentralization puzzle, how multicast can help the Internet ...
|
| 2/2/20 |
Please note this is a lightning-fast version of our full talk taking place on Saturday at 18:00 in the Main Track Do you know where your internet traffic flows? Does it go through China even if you don't want it to? SCION is a new internet architecture aimed at solving this problem. We will show how you can easily join the already existing worldwide network.
|
| 2/2/20 |
In 1996 Brian E. Carpenter of IAB and Fred Baker of IETF wrote a co-statement on cryptographic technology and the internet. This RFC wasn't a request for a technical standard, it was a statement on their concerns about Governments trying to restrict or interfere with cryptography. They felt that there was a need to offer "All Internet Users an adequate degree of privacy" Since that time successive governments around the world have sought to build back doors into encrypted apps and services to ...
|
