DOCSLIB.ORG

Pep White Paper

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Pep White Paper Privacy by Default. White Paper p≡p foundation council 2016–07–18 (v1.0.5) Contact: mailto:[email protected] Website: https://pep.foundation2 1OpenPGP fingerprint: EC55 39C8 FECF 7C4F 324B F027 A9DE 30FC 56BB B555 2Or using CAcert certificate cf. URL https://cacert.pep.foundation Document versions • v1.0.5 (2016-07-18): Update modules graphics (pEp for iOS; no Inboxcube patch) • v1.0.4 (2016-07-02): Change OpenPGP fingerprint in the title page • v1.0.3 (2016-03-03): Rename “Conceptual White Paper” in “White Paper” • v1.0.2 (2016-03-02): One typographical fix • v1.0.1 (2016-02-29): Stylistic changes and typographical fixes • v1.0 (2016-02-29): First public version • v0.6 (2016-02-29): Draft version • v0.5 (2016-02-28): Second revised early draft • v0.4 (2016-02-21): First early draft 1 Contents 1 Introduction and Motivation 3 2 p≡p at a glance: privacy without compromise 5 3 Design principles 7 3.1 Ease of use: hassle-free installation, automatic configuration and integration 7 3.2 Understandability: traffic lights semantics / Privacy Status .......... 7 3.3 Interoperability: convergence of messaging systems ............. 8 3.4 Cross-platform support: free choice of platforms ............... 8 3.5 100% peer-to-peer: no central providers .................... 9 4 Cryptography being used and communication strategy 10 5 Architectural aspects: p≡p engine and adapters 11 2 1 Introduction and Motivation The Right to Privacy and the Right of the whereabouts of all the personal, to Freedom of Information are part collective or corporate data involved. of the inalienable Human Rights. In the future, mass deployment of These rights are listed in Article 12 and Internet of Things (IoT) technologies is Article 19 of the Universal Declaration expected, meaning that many of the of Human Rights based on Resolution objects we know today – may that be 217 A (III) of the UN General Assem- implants in our bodies, (parts of) our bly as Objects of Legal Protection. clothes, all kind of sensor systems in our homes, streets or organizations In a time when Chartered Rights are – will get “on-line” and “talk” to each being more and more threatened, mea- other. Such developments have the sures have to be taken into our own potential to completely eradicate the hands in order to protect and preserve notion of privacy. This puts in dan- them. Especially because of the Inter- ger an open and democratic society. net the circumstances for a majority of people have changed completely, All that said, it’s vital to act now and and unfortunately not for the better. in the most effective way possible: p≡p stands for pretty Easy privacy Taking a deep breath, we must real- (abbreviated as p≡p) – the “E” or ize that the entrance of humanity into “≡” to be emphasized, but without digital age is accompanied by all of us compromise in privacy. We want the continuously losing more and more of Internet to become a secure place, our privacy rights, which we believe where people and organizations gain are paramount for citizens, families, back their constitutional rights to enterprises, public offices, lawyers, communicate in private by default. NGOs, journalists and political activists for being able not just to feel, but also We start our mission by radically easing to act and interact freely – without the use of well-known and established any fears of becoming discriminated end-to-end cryptographic tools for al- or suppressed based on past behav- ready existing and widely used written iors, opinions expressed or the social digital communication channels (like communication network an actor is in. e-mail, SMS or chat), without forcing users to adhere to new communica- Today, any individual or collective ac- tions channels and by providing the tor engaged in any digital activity, must necessary tools for gluing already assume not only to be just constantly existing – but not easy to use – compo- monitored, but having its behavior auto- nents together and helping businesses matically analyzed by text and data min- to spread p≡p and the technologies ing or other technologies of machine it employs as industry standards. learning3 – leading for literally everyone being scored and categorized. This gen- However, considering the different erally happens without the actors’ con- use cases the Internet has today (e. g. sent and without a clear consciousness it’s also used for voice calls or to carry 3Sometimes also just called “big data” technologies involving (complex) algorithmic methods. 3 out payments), we don’t want p≡p to munciations: at least, we let that be be seen as forever bound and ending the beginning of our efforts to help to in “just” securing written digital com- secure the Internet and its users. 4 2 p≡p at a glance: privacy without compromise What is p≡p? p≡p motivates a new standard to tificate authorities) by default, even securely encrypt and verify written though p≡p (for compatibility reasons communications, without reinvent- and integration purposes) supports ing the wheel. p≡p, by design, eases S/MIME (e. g. used in organizations secure communications relying on for e-mail encryption). However, de- well-established end-to-end cryp- fault p≡p installations shall not be tographic methods (following stan- expected to support non-end-to-end dards like OpenPGP or OTR) by in- approaches of cryptography: for p≡p tegrating into existing systems for centralized cryptographic approaches written digital communications and provide weak cryptography only and automating key management tasks. are considered an unreliable communi- cation type in terms of our approach Ultimately, p≡p wants to change of privacy without compromise. the default in written digital com- munications: from unencrypted, To achieve the goal of spread, from unverified and unanonymized to en- an organizational point of view, the p≡p crypted, verifiable and anonymized.4 project founders set up two different types of entities, distinguished by sep- p≡p restores security and privacy arated legal entities in two different without requiring user interaction for European countries: its basic operation and never putting communications’ security over the • p≡p foundation, a non-profit organiza- ability to communicate: thus, if no tion established as foundation under secure communication channel be- Swiss law holding the trademarks on tween two peers can be established, p≡p and the copyrights of the p≡p the text message is sent unencrypted engine and the p≡p adapters for dif- (cf. 4 for some more details) rather ferent programming languages and than hassling the users involved. development environments. It is sup- porting Free and Open Source Soft- Whenever two p≡p peers established ware Projects (FOSS) to integrate a technically secure communication p≡p. channel, they can add human trust to it by verifying each other’s digital identity • p≡p security, a enterprise incorpo- by comparing Trustwords (cf. 3.2 for rated in Switzerland and Luxem- some more details): like that two peers bourg and licensed by p≡p founda- can increase confidence they are really tion to spread p≡p software to both communicating with each other and Business-to-Business (B2B) and no Man-In-The-Middle (MITM) attack Business-To-Consumer (B2C) mar- is taking place. No trust will be put kets by creating, distributing and pro- into key servers or centralized trust viding support for add-ons, plug-ins infrastructures (like commercial cer- and apps enabling users and organiza- tions to use p≡p technology.5 4For anonymization, GNUnet message transport is considered, cf. https://www.gnunet.org. 5Cf. https://www.prettyeasyprivacy.com/ 5 All software published by p≡p foun- dependent entities for each public dation will be and forever remain release. By all of these measures we freely available for the general pub- do our best effort to make sure p≡p lic under the GNU General Public Li- software is and stays backdoor-free cense version 3 (GPLv3) or any later even if it’s distributed by third party. version. All software will be subject to an independent code review for p≡p software will be cryptographically any release, disclosing the full tech- signed and provided with detailed build nical report. As part of its its model instructions and a fully documented of security by design providing the build chain for each platform involved, most trust possible, p≡p foundation to make transparent how deterministic will make sure that all licensed p≡p builds6 can be created from source. software gets code-reviewed by in- 6Cf. https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global- compromise 6 3 Design principles Above all, p≡p – contrary to existing Furthermore, for their communications cryptographic solutions – shall be p≡p users don’t depend on any specific easy to install, use and understand. (web or operating system) platform, message transport system (SMS, E- In our opinion, not just power Mail, XMPP etc.) or centrally provided users, but all users have the right client–server or “cloud” infrastructures: to use end-to-end cryptography. p≡p is 100% peer-to-peer by design. 3.1 Ease of use: hassle-free installation, automatic configuration and inte- gration p≡p software shall integrate into ex- for regular users, of course power isting systems for written digital com- users will remain free to configure their munications like e-mail clients (e. g. installation by themselves and turn Thunderbird, Apple Mail or Outlook) off the automation proposed by p≡p. and messaging clients, or be provided as apps for smartphones (e. g. for An- From the beginning, the p≡p concept droid or iOS) in a hassle-free way: in bears in mind to be installed not just case of e-mail this means that upon on end user devices, but also in or- installation existing OpenPGP keys ganizations with thousands of users: will be used by p≡p automatically for important features for such settings, any further communication; should like distribution lists, BCC mailings no OpenPGP keys be available, p≡p and unencrypted archiving of e-mails, automatically creates a private and which were sent or received encrypted, public key for the e-mail address con- is possible.
Load more

Recommended publications
  • Copyrighted Material
    Stichwortverzeichnis A B Abstreitbarkeit 167 Bequemlichkeit 30 Adblocker 96 Bitcoin 110 – Adblock Plus 96 Blackberry 215 – Disconnect 96 Bookmarks siehe Favoriten – Ghostery 96 Browser 68, 75 – Privacy Badger 96 – Add-on 87, 90 – uBlock 97 – Apple Safari 77 Add-on – Cache 88 – Browser 87, 90 – Chromium 78 – E-Mail-Client 126 – Chronik 87 – Enigmail siehe Enigmail – Fingerprinting 85, 98 – GpgOL 137 – Google Chrome 77 – Mailvelope 130, 132 – HTML-Engine 80 – Thunderbird 139 – Hygiene 88 Adium 170 – Iceweasel 78 Advanced Programming Interface (API) 90, – Inkognito-Modus 86 182 – integrierte Suche 84 Android – Internet Explorer 77 – Android Privacy Guard (App) 156 – Konqueror 78 – K9 Mail (E-Mail-Client) 156 – Microsoft Edge 92 – OpenKeychain (App) 156 – Midori 78 – PGP 156 – Mosaic 68 – R2Mail2 (E-Mail-Client) 158 – Mozilla Firefox 68, 76 – S/MIME 156 – Netscape Navigator 68 Anonymität 206 COPYRIGHTED– Opera 77MATERIAL AOL Instant Messenger (AIM) 164 – Plug-in 87 Apple Mail – Prole (Identitäten) 87 – PGP 145 – Synchronisation von Einstellungen – S/MIME 155 86 Authentizierung 167, 169, 176, 179 – Web (Epiphany) 78 – Adium 172 Buffer Overow 82 – Multifaktor- 201 Bugs 82 – Pidgin 169 Bundesamt für Sicherheit in der Informations- Authentizität 29, 54, 56 technik (BSI) 215 233 Stichwortverzeichnis C – E-Mail-Adresse 119 Caesar-Chiffre 36 – Header 121 Certicate Authority siehe Zertizierungsstelle – Provider 129, 131, 139 Chain of Trust siehe Web of Trust – Server 122 Chaos Computer Club (CCC) 133 Eingangsverschüsselung 125 Chat 161 Electronic
    [Show full text]
  • Authentication and Key Management Automation In
    Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets Itzel Vazquez Sandoval∗, Arash Atashpendar∗†, Gabriele Lenzini∗ ∗SnT, University of Luxembourg †itrust consulting, Luxembourg Email: {itzel.vazquezsandoval,gabriele.lenzini}@uni.lu, [email protected] Abstract—We revisit the problem of entity authentication in management, affecting email more acutely, is intertwined with decentralized end-to-end encrypted email and secure messaging authentication and the need for automating it has been known to propose a practical and self-sustaining cryptographic solution for a long time, e.g., see (Ruoti et al., 2018). based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low- Over the years, several methods have been established to entropy secrets, e.g., memorable words, without a public key tackle authentication, and indirectly key management: man- infrastructure or a trusted third party, but it also paves the ual validation, web of trust, public key infrastructure (PKI) way for automation and a series of cryptographic enhancements; and hierarchical validation, public key directories as well as improves security by minimizing the impact of human error and server-derived public keys such as identity-based encryption potentially improves usability. First, we study a few vulnera- bilities in voice-based out-of-band authentication, in particular (IBE). The set of viable candidates becomes much smaller a combinatorial attack against lazy users, which we analyze in once we consider a decentralized setting, i.e., without a PKI the context of a secure email solution. Next, we propose solving or a trusted third party (TTP).
    [Show full text]
  • Secure Email - a Usability Study
    Secure Email - A Usability Study Adrian Reuter1, Karima Boudaoud2, Marco Winckler2 , Ahmed Abdelmaksoud2, Wadie Lemrazzeq2 1 Technische Universität München, Arcisstraße 21, 80333 München, Germany 2 Polytech Nice Sophia, 930 route des Colles, 06903 Sophia Antipolis, France Abstract. Several end-to-end encryption technologies for emails such as PGP and S/MIME exist since decades. However, end-to-end encryption is barely ap- plied. To understand why users hesitate to secure their email communication and which usability issues they face with PGP, S/MIME as well as with pEp (Pretty Easy Privacy), a fairly new technology, we conducted an online survey and user testing. We found that more than 60% of e-mail users are unaware of the existence of such encryption technologies and never tried to use one. We observed that above all, users are overwhelmed with the management of public keys and struggle with the setup of encryption technology in their mail soft- ware. Even though users struggle to put email encryption into practice, we ex- perienced roughly the same number of users being aware of the importance of email encryption. Particularly, we found that users are very concerned about identity theft, as 78% want to make sure that no other person is able to write email in their name. Keywords: mail encryption, user study, usability, PGP, S/MIME, pEp. 1 INTRODUCTION To prevent cyber-crime and to protect user privacy, almost all services running on the Internet critically depend on cyber security measures. Most dominantly, transport layer security (TLS) is used for securing a variety of communication protocols.
    [Show full text]
  • Signal Telegram Surespot Threema Whatsapp Freie Software Ja Teils Ja Nein Nein
    „Ich möchte nicht in einer Welt leben, in der alles, was ich sage, alles, was ich tue, jedes Gespräch, jeder Ausdruck von Kreativität, Liebe oder Freundschaft aufgezeichnet wird. Das ist nichts, was ich bereit bin zu unterstützen. Das ist nichts, das ich bereit bin mit aufzubauen. Das ist nichts, unter dem ich zu leben bereit bin. Ich denke, jeder, der eine solche Welt ablehnt, hat die Verpflichtung, im Rahmen seiner Möglichkeiten zu handeln.“ - Edward Snowden Was ist eine CryptoParty? ● Workshop zur digitalen Selbstverteidigung • "Tupperware-Party zum Lernen von Kryptographie" (Cory Doctorow) ● Einsteigerfreundlich ● Öffentlich & unkommerziell ● Fokus auf Freier Software ● Von Anwendern für Anwender -> Gelerntes weitertragen 3 / 49 Agenda ● Inputvortrag zu: • Sichere Passwörter • Verschlüsselung von E-Mails (PGP) • Tracking beim Browsen vermeiden • Dateiverschlüsselung (VeraCrypt) • Smartphones ● Praxis 4 / 49 Sichere Passwörter Wie werden Passwörter geknackt? ● Brute Force • Alle möglichen Kombinationen ausprobieren ● Listen / Wörterbuch-Angriffe • Alle Wörter einer Liste ausprobieren ● Social Engineering • Phishing, Person austricksen um PW zu erfahren 5 / 49 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) 6 / 49 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) ● Listen / Wörterbuch-Angriffe => Kein einzelnes
    [Show full text]
  • Security Analysis of Subject Access Request Procedures How To
    Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data Coline Boniface, Imane Fouad, Nataliia Bielova, Cédric Lauradoux, Cristiana Santos To cite this version: Coline Boniface, Imane Fouad, Nataliia Bielova, Cédric Lauradoux, Cristiana Santos. Security Analy- sis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data. APF 2019 - Annual Privacy Forum, Jun 2019, Rome, Italy. pp.1-20. hal-02072302 HAL Id: hal-02072302 https://hal.inria.fr/hal-02072302 Submitted on 19 Mar 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data Coline Boniface2, Imane Fouad1, Nataliia Bielova1, C´edricLauradoux2, and Cristiana Santos3 1 Univ. Grenoble Alpes, Inria, France fcedric.lauradoux,[email protected] 2 Universit´eC^oted'Azur, Inria, France fnataliia.bielova,[email protected] 3 School of Law, University Toulouse 1 Capitole, SIRIUS Chair [email protected] Abstract. With the GDPR in force in the EU since May 2018, companies and administrations need to be vigilant about the personal data they process.
    [Show full text]
  • Massenüberwachung Mittels Computerlinguistik Und Sprachtechnologie Im Lichte Der Snowden-Enthüllungen
    Masterarbeit zur Erlangung des akademischen Grades Master of Arts UZH der Philosophischen Fakultät der Universität Zürich im Rahmen des fakultätsübergreifenden Master-Studiengangs Computerlinguistik und Sprachtechnologie Massenüberwachung mittels Computerlinguistik und Sprachtechnologie im Lichte der Snowden-Enthüllungen Recherchen zum Stand der Technik und kritisch-illustratives Datenprojekt zur automatischen Generierung von Selektoren für verdachtsunabhängige Massenüberwachung von Datenströmen mit manueller Evaluation resultierender Treffer Verfasser: Hernâni Marques Madeira {[email protected],hernani@ccc-ch}.ch 7FE5 71F9 3B0C AE18 8424 C7C2 7B83 6E41 F7AB 9CE5 [email protected] (OTR-verschlüsselt) Referent: Prof. Dr. Martin Volk Betreuer: Dr. Noah Bubenhofer Institut für Computerlinguistik Abgabedatum: 30.11.2015 PUBLIC//V1.14//20160902 V1.14: EDITION NDG-ABSTIMMUNG1 1Formal sind diese Bilder und der Aufruf natürlich nicht Teil der offiziellen Abgabe. 2 An Schweizer Stimmberechtigte: Am 25. September NEIN zum NDG! https://www.stopndb.ch/ 3 Abstract The master thesis gives an overview of the state-of-the-art in mass surveillance methods and practices following the Snowden relevations and scientific papers with a focus on NLP methods. For the practical part of this work, genesis and the nature of search terms (content or soft selectors) used in finding text material by the needle-in-a-haystock methodology are researched, implemented, evaluated and critically dicscussed. Quantitatively and technically, as expected, it is found that false
    [Show full text]
  • Technological Sovereignty: Missing the Point?
    2015 7th International Conference on Cyber Conflict: Permission to make digital or hard copies of this publication for internal use within Architectures in Cyberspace NATO and for personal or educational use when for non-profit or non-commercial purposes is granted providing that copies bear this notice and a full citation on the M.Maybaum, A.-M.Osula, L.Lindström (Eds.) first page. Any other reproduction or transmission requires prior written permission 2015 © NATO CCD COE Publications, Tallinn by NATO CCD COE. Technological Sovereignty: Missing the Point? Tim Maurer Isabel Skierka Open Technology Institute Global Public Policy Institute New America Berlin, Germany Washington, DC, USA [email protected] [email protected] Mirko Hohmann Robert Morgus Global Public Policy Institute Open Technology Institute Berlin, Germany New America [email protected] Washington, DC, USA [email protected] Abstract: Following reports of foreign government surveillance starting in June 2013, senior officials and public figures in Europe have promoted proposals to achieve “technological sovereignty”. This paper provides a comprehensive mapping and impact assessment of these proposals, ranging from technical ones, such as new undersea cables, encryption, and localized data storage, to non-technical ones, such as domestic industry support, international codes of conduct, and data protection laws. The analysis focused on the technical proposals reveals that most will not effectively protect against foreign surveillance. Ultimately, the security of data depends primarily not on where it is stored and sent but how it is stored and transmitted. In addition, some proposals could negatively affect the open and free Internet or lead to inefficient allocation of resources.
    [Show full text]
  • Parldigi 2014-11-24 Pretty Easy Privacy
    Parldigi 2014-11-24 pretty Easy privacy The World is threatened… …our privacy and security is gone! Google, Facebook, WhatsApp,… are all reading, selling and using our data for their benefit. Snowden has proven that governments record all internet traffic, have built back-doors and access into software, hardware and cloud solutions. Citizens lost their privacy. Democracy is undermined. SMBs and Enterprises face Industrial Espionage. p≡p – pretty Easy privacy Protection is compromised The common protection technology TLS (based on X.509) is compromised if: • one single Certification Authority (CA) is taken (hacked, undermined, infiltrated) … • … like the NSA in the most probable case… • … then all communication – using software which is trusting this CA – is compromised. p≡p – pretty Easy privacy Metadata alone reveals a lot E-mail, even encrypted, leaves header metadata (to: - from: position and subject:) in clear text available for spooks to see. Metadata alone allows to draw interesting conclusions, like Leon’s relationships illustrated by 12 months of metadata. Organisations like the NSA can do a lot more with our metadata. p≡p – pretty Easy privacy Metadata alone reveals a lot p≡p – pretty Easy privacy p≡p is contributing to change. The Network is 0wned by the Five Eyes already. Probably it’s a lost case for now. We urgently need Free Hardware to trust in! Open Source Hardware projects are working on it. We need secure Free Software. Support Free Software now! And we need peer-to-peer communication in between: p≡p. Landscape of Messaging Solutions Voltage Datamotion Echoworx Symantec Peanut Totemo TrendMicro Zixcorp SMS LuxSci Privato Enigmail Email Agari Mailpile Textsecure Virtru Darkmail Neocertified p≡p Edgeware Cryptzone Encryptomatic BBM Mysecureemail Walnut Heml.is Threema myEnigma Kaitenmail iPGmail K9mail Messaging Sophos IronPort Barracuda Proofpoint Wickr Telegram Seecrypt Surespot Silentcircle Tigertext Chatsecure HoccerXO Kontalk iMessage p≡p.
    [Show full text]
  • Ich Möchte Nicht in Einer Welt Leben, in Der Alles, Was
    „Ich möchte nicht in einer Welt leben, in der alles, was ich sage, alles, was ich tue, jedes Gespräch, jeder Ausdruck von Kreativität, Liebe oder Freundschaft aufgezeichnet wird. Das ist nichts, was ich bereit bin zu unterstützen. Das ist nichts, das ich bereit bin mit aufzubauen. Das ist nichts, unter dem ich zu leben bereit bin. Ich denke, jeder, der eine solche Welt ablehnt, hat die Verpflichtung, im Rahmen seiner Möglichkeiten zu handeln.“ - Edward Snowden Was ist eine CryptoParty? ● Workshop zur digitalen Selbstverteidigung • "Tupperware-Party zum Lernen von Kryptographie" (Cory Doctorow) ● Einsteigerfreundlich ● Öffentlich & unkommerziell ● Fokus auf Freier Software ● Von Anwendern für Anwender -> Gelerntes weitertragen 3 / 39 Agenda ● Inputvortrag zu: • Sichere Passwörter • Verschlüsselung von E-Mails (PGP) • Tracking beim Browsen vermeiden • Dateiverschlüsselung (VeraCrypt) • Verschlüsselung von Chats (Pidgin-OTR) ● Praxis 4 / 39 Sichere Passwörter Wie werden Passwörter geknackt? ● Brute Force • Alle möglichen Kombinationen ausprobieren ● Listen / Wörterbuch-Angriffe • Alle Wörter einer Liste ausprobieren ● Social Engineering • Phishing, Person austricksen um PW zu erfahren 5 / 39 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) 6 / 39 Wie erschwert man das Knacken des Passworts? ● Brute Force => Länge (10+ Zeichen) => Verschiedene Zeichentypen (Groß- und Kleinbuchstaben, Zahlen, Sonderzeichen) ● Listen / Wörterbuch-Angriffe
    [Show full text]
  • Evaluating Ambiguity of Privacy Indicators in a Secure Email App
    Evaluating ambiguity of privacy indicators in a secure email app Borce Stojkovski and Gabriele Lenzini1 Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg [email protected] Abstract Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead of helping users, fail to convey clear and unambiguous messages. Even in well established and studied applications, like email clients providing end-to-end encryption, the problem seems far from being solved. Motivated to verify this claim, we studied the communication qualities of four privacy icons (in the form of coloured shapes) in conveying specific security messages, relevant for a particular secure emailing system called p≡p. We questioned 42 users in three different sessions, where we showed them 10 privacy ratings, along with their explanations, and asked them to match the rating and explanation with the four privacy icons. We compared the participants' associations to those made by the p≡p developers. The results, still preliminary, are not encouraging. Except for the two most extreme cases, Secure and trusted and Under attack, users almost entirely missed to get the in- dicators' intended messages. In particular, they did not grasp certain concepts such as Unsecure email and Secure email, which in turn were fundamental for the engineers. Our work has certain limitations and further investigation is required, but already at this stage our research calls for a closer collaboration between app engineers and icon designers.
    [Show full text]
  • Technological Sovereignty: Missing the Point?
    Technological Sovereignty: Missing the Point? An Analysis of European Proposals after June 5, 2013 by TIM MAURER, ROBERT MORGUS, ISABEL SKIERKA, MIRKO HOHMANN Following reports of foreign government surveillance starting in June 2013, senior officials and public figures in Europe have promoted proposals to achieve “technological sovereignty”. This paper provides a comprehensive mapping and impact assessment of these proposals, ranging from technical ones, such as new undersea cables, encryption, and localized data storage, to non-technical ones, such as domestic industry support, international codes of conduct, and data protection laws. This analysis shows that most technical proposals will not effectively protect against foreign surveillance. In addition, some proposals could negatively affect the open and free Internet or lead to inefficient allocation of resources. Finally, proposals tend to focus on the transatlantic dimension, neglecting the broader challenge of foreign surveillance and promising ideas like the expansion of encryption tools. Ultimately, the security of data depends primarily not on where it is stored and sent but how it is stored and transmitted. This paper is part of a joint project by New America's Open Technology Institute and the Global Public Policy Institute (GPPi) called "Transatlantic Dialogues on Security and Freedom in the Digital Age". For more: www.digitaldebates.org November 2014 Acknowledgements OPEN NEW TECHNOLOGY AMERICA INSTITUTE The authors would like to thank the members of the Steering Committee for the project Transatlantic Dialogues on Security and Freedom in the Digital Age (go to www.digitaldebates.org for more) as well as the participants of our workshop hosted in Washington, DC, on September 18, 2014, for their valuable input and feedback (see Annex 4).
    [Show full text]
  • Network Working Group V. Birk Internet-Draft H
    Network Working Group V. Birk Internet-Draft H. Marques Intended status: Standards Track Shelburn Expires: July 13, 2018 pEp Foundation S. Koechli pEp Security January 09, 2018 pretty Easy privacy (pEp): Privacy by Default draft-birk-pep-01 Abstract Building on already available security formats and message transports (like PGP/MIME for email), and with the intention to stay interoperable to systems widespreadly deployed, pretty Easy privacy (pEp) describes protocols to automatize operations (key management, key discovery, private key handling including peer-to-peer synchronization of private keys and other user data across devices) that have been seen to be barriers to deployment of end-to-end secure interpersonal messaging. pEp also introduces "Trustwords" (instead of fingerprints) to verify communication peers and proposes a trust rating system to denote secure types of communications and signal the privacy level available on a per-user and per-message level. In this document, the general design choices and principles of pEp are outlined. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 13, 2018.
    [Show full text]