In July 2013, the world was shocked to find out that most of our privacy has disappeared due to a massive surveillance grid setup in secret by various governments around the world. Although the political reasons for such massive spy-net are unclear, left alone unconstitutional, the ideological implications of surveillance on a massive scale is quite alarming.
Developers didn’t envision that the technologies they are developing, advancing, and supporting, one day would be turned against the general population. It’s disappointing to see the most advanced and ingenious developments result in a total surveillance machine with unclear objectives. Every compression algorithm, search and indexing scheme, cryptographic concept, and open source operating systems like Linux, are used to collect, record, organize, and index the personal information of ordinary citizens who should be protected from such activities.
The hard work of thousands of brilliant men and women throughout the past few hundred years, is now used to covertly sneak into our personal lives without our consent. This problem doesn’t end with surveillance. The cybernetic age is already here where more and more machines are automated through computerization. It is just a matter of time before every appliance on the planet is able to spy on its owner and secretly deliver personal information to third-party corporations or governments. Remote control is another issue. How can you trust your appliance when a third-party is able to log in and take control without your consent or knowledge?
Today, policy makers don’t have the slightest idea of how modern technology works. Without having a proper education and experience, they are unable to validate written code. Developers are responsible for decision making on the developmental direction for the future of the human race.
Luckily, solutions to these problems exist. One solution is encryption. Over the past 500 years, encryption technology has been used as a weapon to gain military advantage over the enemy. It worked using simple encoding schemes known only to kings and the generals under their command. This concept allowed the passing of messages to the battlefield in secret to the intended receiver and guaranteed some protection if the messenger were caught by the enemy. Today, encryption algorithms are much more advanced and mathematically sound thanks to brilliant mathematicians and modern computers that helped to shape these algorithms when tested against real world applications.
If encryption is secure, why do we hear on the news that hackers are constantly breaking into different government and corporate systems?
Two problems with encryption exist for general protection of the public’s private data. They are key management (also known as username and password) and usability. Despite how strong the algorithm you select to encrypt your data, it is secure as long as the key to unlock the data kept secret. As soon as a key gets stolen or taken by force, strong encryption is worthless as original “protected” data can easily be accessed by anyone in possession of the key. There are various security systems in place such as Public Key Infrastructure (PKI) to identify users/institutions as well as to protect them. All systems are focused on key management generated by some “Certificate Authority” or signed by one. For a long time, these systems were considered to be secure since attacking it head on is mathematically impractical. Yet, if anybody gets the private keys of major certificate authorities, the entire security system can be easily compromised. Other public systems such as PGP, require some knowledge on how to use them and appear complex to an average user. Therefore, as practice show, these systems are rarely used even though they are freely available.
The solution we are proposing at Venux is a keyless distributed system. Unlike existing public infrastructure, the Venux system works as soon as the user provides the username and password. It generates the profile address information and required keys to lock or unlock the private information. When credentials are entered, the input is passed through various transformations. The resulting information selects one-way-hash function(s) and crypto algorithms from a large array. This information gives the user access to a virtual profile (UID) that stores personal information directly or a reference along with security credentials (usernames and password) to other resources that are private and require protection.
The Venux system solves two problems simultaneously.
Usability – The user simply needs to create and use the same username and password to access the profile. User’s credentials are transformed into an address which is passed though one-way-hash function(s) and cannot be traced back to user.
Security – The user has the control to specify locations (folder, file, DropBox, iCloud, etc.) as private or public. The system selects algorithms and keys to encrypt files and folders in any location by itself. The complexity is hidden from the user.
Overall, here at Venux, we have developed an easy to use, keyless (keys are not stored anywhere and profiles are not marked in any way) system for public use that is secure, anonymous and virtually unbreakable.