pretty Easy privacy

The state of the pretty Easy privacy (p≡p) project and what to expect next Easy to use automatic for the masses

Hernâni Marques (@vecirex), p≡p foundation (@pEpFoundaton) [email protected] (3173 3E0C 598D 3A1C F709 55D6 CB57 3865 2768 F7E9) Privacy by Default.

Problem

● We have Mass Surveillance, now even widespread in countries we considered safe. ● We need Mass Encryption and Mass Anonymzation to counter this. ● However, p≡p foundation also has a political standing and supports any such action with potential impact (e.g., referendums in Switzerlands). Philosophy: Cypherpunk & Privacy

“Privacy is necessary for an open society in the electronic age. [...]. A private matter is something one doesn’t want the whole world to know […]. Privacy is the power to selectively reveal oneself to the world.” Philosophy: Cypherpunks write code

“Cypherpunks write code. We know that someone has to write to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it.” Philosophy: Cypherpunks publish code

“We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide.” Philosophy: Cypherpunks just do it

“We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.” Philosophy: Cooperation needed

“For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one’s fellows in society.” Philosophy: Cooperation needed

“For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one’s fellows in society.” Need for pretty Easy privacy (p≡p)

● Most nowadays fow between people like postcards → specifcally. ● usage still grows: it won’t die. It’s the most important federated identity system. ● Messages should be encrypted and signed by default, for privacy and security reasons (e.g. phishing attacks). Need for pretty Easy privacy (p≡p)

● Most users are not able to use tools like GnuPG (properly): its usability must be fxed through automatization. ● We need not just good, but easy privacy. ● We need Privacy by Default. Approach of p≡p organizationally

● Commercial partners (p≡p security in Switzerland and Luxembourg) running a business model similar to Red Hat: creating end-user apps and selling support. ● p≡p foundation (in Switzerland, tax-free) controlled by community activists supporting non-commercial projects. ● p≡p foundation owning core code of p≡p and trademarks; enforcing code audits. Approach of pretty Easy privacy (p≡p)

● Privacy by Default is achieved by writing code for automatization instead of manuals. ● pairs are created automatically for each account / URI. ● Public keys are distributed peer-to-peer (P2P) – for emails via attachment (and imported automatically by p≡p clients). Approach of pretty Easy privacy (p≡p)

● No reliance on keyservers or centralized platforms. ● Identity verifcation is possible on a P2P basis through the use of Trustwords. ● p≡p stays compatible and thus is interoperable to existing standards (like OpenPGP). Approach of pretty Easy privacy (p≡p)

● When Privacy vs. Security, choose Privacy (e.g. avoidance of ). ● p≡p is designed for multiple communication channels and not just for email, thus for all written digital communications. ● Private keys can be synchronized (P2P) across the different devices a user owns, such that all messages can always be read. Illustration: p≡p sync Illustration: p≡p sync Approach: GNUnet anonymization (vision)

“You broke the Internet, lets make a GNU one!”

“GNUnet is a mesh routing layer for end- to-end encrypted networking and a framework for distributed applications designed to replace the old insecure Internet protocol stack.” GNUnet.org Approach: and Audits

p≡p is Free Software, always ://cacert.pep.foundation/trac/ https://letsencrypt.pep.foundation/trac (Repositories, all GPLv3) Upon each release of p≡p software: external code audits (work-in-progress) Approach: code audit of p≡p engine

Check https://pep.foundation/docs/code-audits Approach: p≡p Architecture

Applications

Adapters

and Engine

https://cacert.pep.foundation/dev https://letsencrypt.pep.foundation/dev Approach: Example for desktops Running Code status: end-user SW

● p≡p for Outlook available as release. ● p≡p for Android available as beta. ● p≡p for Engimail (almost feature-complete, i.e. almost beta-ready). ● p≡p for iOS under development – not yet feature-complete (alpha). Running Code status: adapters

● COM Server Adapter (#) ● Java Native Interface (JNI) Adapter ● JSON Server Adapter (JavaScript) ● Qt Adapter (C++) ● Python Adapter ● ObjC Adapter (Objective-C / Swift) p≡p Android App (beta)

version 4.3 or higher Play Store or f-droid p≡p Android App (beta) Compose view Grey mode: unencrypted plain text, key will be attached p≡p Android App (beta)

After reply of p≡p user with attached key: Encryption now possible (yellow) p≡p Android Apps (beta)

Asking for handshake p≡p Android Apps Showing Trustwords p≡p Android App Trustwords menu p≡p Android App (beta)

Trustwords language selection p≡p Android App (beta)

Trustwords language: spanish p≡p Android App (beta)

Trustwords menu p≡p Android App (beta)

Show PGP fngerprints p≡pp≡p forfür Android Outlook (beta) (Release) p≡pp≡p forfür Outlook Outlook (Release) (Release) HandshakeHandshake formit p≡p p≡p with für OutlookOutlook .

Start Handshake Accept Trustwords /p≡p für Thunderbird (pre-beta) Benefits of p≡p

● Users don’t need to to do anything for the basic p≡p operation: p≡p is by design zero- touch. ● Users just start to encrypt automatically. ● There’s no dependency on any specifc provider: p≡p itself doesn’t know anything about its users communications. Benefits of p≡p

● p≡p will be able to bridge to other channels, e.g. XMPP (unifed inbox). ● p≡p wants to have its protocols standardized, such that interoperability and alternative implementations are possible. Benefits of p≡p: Unifed Inbox (vision) Comparison to other approaches

To our best knowledge there’s no such general approach as with p≡p to solve the usability issues of end-to-end encrypted communications in a very general sense. ● Either the approaches are centralized and with vendor lock-in (WhatsApp, , ProtonMail etc.) or – when P2P – ● the user base is very small (e.g. ring.cx and .chat). Comparison to other approaches

● The rating system (for the user: Privacy Status) of p≡p is comprehensive, as it relies on traffc light semantics (no color, red, yellow and green). ● All core code and trademarks are owned by the p≡p foundation, which is community-run and without commercial interests: it’ll ensure there are no backdoors and that the code stays forever free. Innovations to come

● Synchronization not just of keys, but also of trust between devices. ● Synchronization of address and calender data (not implementing all the formats, but mapping them to each other). ● Fog of Trust (instead of Web of Trust) as privacy-preserving form for trusting peers (through collaboration). Innovations to come

● Integrate GNU Taler to a point such that pay- to-spam and pay-by-mail features can be prototyped. ● Allow p≡p keys to be stored on hardware devices (HSMs) for more platforms (i.e. w/ Nitrokey). ● Fog of Trust (instead of Web of Trust) as privacy-preserving form for trusting peers (through collaboration). Cooperations of p≡p foundation

● Shared-Ownership agreement w/ GNUnet e.V. on the GNUnet code base. ● Cooperation w/ ISOC Switzerland Chapter (ISOC-CH) to submit Internet-Drafts on p≡p – supported w/ USD 30k by ISOC’s Beyond the Net Programme. ● Coopation w/ the Enigmail project to have Engimail/p≡p (activated by default when no OpenPGP setup available). Cooperations of p≡p foundation

● Cooperation w/ Reva & David Logan Foundation to create software for investigate journalists: frst support by USD 49k donation. ● Agreement w/ Wau-Holland-Stiftung (WHS) to collect donations in the EU on behalf of the p≡p project (foundation-only). ● Cooperation w/ NLnet Foundation for a GNUnet simulation (10k/100k/1m users). Questions on p≡p? ???