Encrypted Social Network Vies For Disgruntled Facebook Users

angry tapir writes "With the look of Google Plus and Facebook-like elements, a new social network named "Syme" feels as cozy as a well-worn shoe. But beneath the familiar veneer, it's quite different. Syme encrypts all content, such as status updates, photos and files, so that only people invited to a group can view it. Syme, which hosts the content on its Canada-based servers, says it can't read it. "The overarching goal of Syme is to make encryption accessible and easy to use for people who aren't geeks or aren't hackers or who aren't cryptography experts," co-founder Jonathan Hershon said in an interview about the service." See also Diaspora.

1984 reference

Syme—Winston's colleague at the Ministry of Truth, whom the Party "vaporised" because he remained a lucidly thinking intellectual. He was a lexicographer who developed the language and the dictionary of Newspeak, in the course of which he enjoyed destroying words, and wholeheartedly believed that Newspeak would replace Oldspeak (Standard English) by the year 2050. Although Syme's politically orthodox opinions aligned with Party doctrine, Winston noted that "He is too intelligent. He sees too clearly and speaks too plainly". After noting that Syme's name was deleted from the members list of the Chess Club, Winston infers he became an unperson who never had existed. Goldstein's book says that "Between the two branches of the Party there is a certain amount of interchange, but only so much as will ensure that weaklings are excluded from the Inner Party and that ambitious members of the Outer Party are made harmless by allowing them to rise." It is unknown whether Syme has been killed or promoted in the Inner Party in another province.

Re:1984 reference

[vain+gloria]

My first thought was Gabriel Syme, the titular Man Who Was Thursday. That's a novel where everyone's an anarchist, a secret policeman or both, so would have made sense as a reference.

Apparently Deus Ex makes several nods to the novel, but I've never played that game (my geek card is already winging its way to the appropriate authorities).

Its reasonable!

I read the article expecting it to be crap, ignore meta-data etc. What I found however was a decent article discussing that the service used open source client side crypto libraries, and they even acknowledged the meta-data problem and how it makes their service not truly private. They also mentioned how its very unlikely to go big like facebook and it summed up with some reasonable example use cases. I haven't see such a non crap article in a long time!

Re:Its reasonable!

It wouldn't be very private if anyone who signed in could see who else is using it, would it? If anything, the inability to do that is a sign of a sound design.

Re:Promises

[TheDarkener]

Except that they don't encrypt your data, you do. Probably would have helped to RTFA, huh bub? =p

Chrome only

[Curunir_wolf]

So it's a social network that "protects your data" ... and requires Google Chrome. :/

Why am I skeptical?

Re:Chrome only

[swillden]

So it's a social network that "protects your data" ... and requires Google Chrome. :/

Why am I skeptical?

The extension should work just fine with Chromium, I would expect. And they said Firefox is in the works.

Personally, I think the idea is an interesting one. In general, I think it's on the right track. The only way to get the masses to use encryption is to make it invisible. The flaws of SSL are well-known, but the fact is that in practice it mostly works really well, and it is used by basically everyone on the web. Making it invisible means that you have to embed key management seamlessly into the infrastructure, and making it have some hope of being secure means that it has to be pushed out to the endpoints -- including key management.

On the right track, but this is a really, really hard problem to solve fully.

One issue is that although the keys are generated in the browser plugins, they're obviously exchanged through the Syme server, putting it in an ideal position to completely subvert the claimed security. Making security both transparent and strong is hard.

Another issue is portability. I can log into Google+ or Facebook from any computer. But if my browser is holding my keys, then I can only use my browser. If the keys are stored in the cloud, well, that's great for portability, but the keys then have to be secured from whoever is holding them.

Still, I like to see initiatives like this. The only way hard problems get solved is by clever people trying.

(Disclaimer: Since this post mentions Google+ and Chrome, I should probably mention that I'm a Google engineer, but I'm not speaking for Google.)

Re:Chrome only

[Nerdfest]

These guys are doing something similar, more more twitter/message based. It was a recent KickStarter,and the beta should be ready in December.

Re:Chrome only

[fyngyrz]

The flaws of SSL are well-known, but the fact is that in practice it mostly works really well

The flaws of SSL are well-known, but the fact is that [the system cripples those who object] really well [via a conspiracy among browser authorship implementing bogus scare-the-user dialogs for perfectly normal implementations of SSL]

FTFY.

Re:Chrome only

[swillden]

The flaws of SSL are well-known, but the fact is that in practice it mostly works really well

The flaws of SSL are well-known, but the fact is that [the system cripples those who object] really well [via a conspiracy among browser authorship implementing bogus scare-the-user dialogs for perfectly normal implementations of SSL]

FTFY.

It's impressive how completely you missed the point.

Re:Chrome only

[swillden]

SSL would work a lot better if client certificates were used by banks and payment websites ... but since the client can't be authenticated, the key exchange can always be MitM attacked.

An attacker who can successfully fake the server cert can MITM the connection. Client certs would mitigate that... but only if the attacker couldn't also fake the client cert. I don't see why an attacker with access to a CA signing key capable of creating a bogus server cert couldn't also create a bogus client cert.

Re:Chrome only

[Curunir_wolf]

Google+ has about a third as many actual people as Facebook at this point, and growing.

90% of whom would tell you they don't if you asked them.

They'd lie?

They wouldn't know. There are LOTS of people that ended up with G+ accounts without realizing it. It's just the way Google's services work.

Also

[aliquis]

.. with more or less everything else broken into how secure should I really feel using it?

Re:Also

[aliquis]

They answered that themselves:
https://getsyme.com/about

So something like "not much, but at least we're trying."

Re:Who keeps the keys?

[mlts]

I can see two ways to do groups:

1: The group is a collection of private keys, so when one encrypts to Alice's group, in reality, Alice, Bob, Charlie, David, Elizabeth, and Frank have a key encrypted with their public keys and stored. The good about this is that the keys are secured, and there are no intermediate steps. The bad is that if Alice boots Charlie from the group and adds Mallory, stuff encrypted to the group is still readable by Charlie and not by Mallory until the object's core unlock key [1] is unlocked, the old names removed and new ones added.

The second is having the group have its own key, which is unlocked by Alice, Bob, etc. If someone is booted from the group, their user has the key removed from it. This makes things easier in not having to partially decrypt an object to add stuff, but it means one more key generated and possibly compromisable.

[1]: Most encryption uses a core symmetric key that is randomly generated, then encrypts that core key using the user's hashed passphrase, their public key, or both. Public key crypto is very rough on the CPU, so it is only used as little as possible, and in general, symmetric key algorithms are more secure than public/private key ones.

Re:Promises

[CastrTroy]

Exactly. Reminds me of the stuff about Dropbox telling everybody their stuff was encrypted, and that even employees of Dropbox couldn't read the files. But it turned out that it wasn't true, and that files weren't actually being encrypted with the user's password, but with a single master key that was in the hands of Dropbox.

Re:So is it libre or not?

[rudy_wayne]

A truly free social network would have no ads, no profit motive, no logs, no intrusion; just a way for people to share as much or as little with only those they wish to share with.

Is there really no true libre social network, and if not, why not?

Money.

Facebook and Google don't do the things they do simply because they are evil. They do it because that;s how they get the money to pay for those giant buildings full of servers that they run, which provide the services you use.

Maybe in the 24th century when The Federation is building starships, colonizing the galaxy and zooming around the universe, all without any apparent need for money, they can also build your "no ads, no profit motive" social network.

Sniff test

[onyxruby]

If you aren't being charged for the product, you are the product.

This axiom has been true for a very long time and it's true for this site as well as any other such thing. How are they making money? I'm not objecting to their making money, after all they have to pay for their servers, bandwidth and admins and so on.

It's a fundamental question that you simply can't ignore and economics requires that you have to deal with it whether you want to or not. You can have sponsors that donate time and materials, you have generic ads, volunteers to a certain point, you can charge people for your service and so on.

The point is somehow or another you have to get money, and this site is claiming that they get money in ways that don't exploit your privacy. Since exploiting your privacy is how these sites normally pay your bills, this leaves serious questions on how they are monetizing their site.

I love the idea that a site can raise money without exploiting privacy in an evil manner, but before I can give them any credibility to their model I have to know their model works. I hate to rain on people's feel good parade, but you can' run a website on community goodwill, hugs and unicorn farts.

Re:Sniff test

[Hatta]

If you aren't being charged for the product, you are the product.

This axiom has been true for a very long time and it's true for this site as well as any other such thing.

Linux?

Re:Sniff test

[Hatta]

Who said Linux was without cost? You said "If you aren't being charged for the product, you are the product." I am not charged for Linux, and I am not being sold either. What made you think I said no one pays for Linux?

These companies do so because it is in their mutual best interest to do so (the overwhelming majority of Linux code is written by large corps). My point about the costs stand, the costs are overwhelmingly donated.

And that's a great point. If you provide value to the parties providing the resources, free riders are not a problem.

SenderDefender

[BitcoinBenny]

When I read the summary I immediately thought to myself that I have similar goals to these guys, in that I want to make cryptography easily accessible to a wide variety of users. I'm specifically focused on secure file transfer, and am in open beta. You guys can check it out at https://www.senderdefender.com/ and let me know what you think. Given how insecure cloud data is in general I suspect we will see a growing number of client side encrypted communication tools.

Matt

Re:Promises

[noh8rz10]

well, if they're looking to woo disgruntled users, then slashdot is a great place to advertise!

Re:So is it libre or not?

[Toe,+The]

Yeah, I understand Economics 101. I also understand that Firefox, Linux, Wikipedia, Apache, PHP, etc. are not all about the money (thought money is tied to most of them extraneously; but not really at all to Wikipedia).

There are these things called non-profits. A non-profit social network seems like a no-brainer, and I'm not sure why it doesn't exist; let alone rule them all.

A non-profit social network could show ads... to people who felt like seeing them. Money gets made (enough to buy servers & connectivity), but the profit itself isn't the core motive. And the users are not product.

Re:So is it libre or not?

[fyngyrz]

So what's the point of a different Facebook if it's not libre?

How about a "different Facebook" where they didn't censor the things you write and post, but instead, your content is judged, and viewed (or not viewed) based on the opinions of those you've invited to share your pages? How about a "different Facebook" where anyone can join? How about a "different Facebook" where you can cleanly choose ads, or paid presence? How about a "different Facebook" where you control how your personal information is accessed, instead of having control assumed by the social network?

Your focus on "libre" is incomprehensible to me. Of all the myriad things wrong with Facebook -- and by that I mean things directly harmful to its users and potential users, and unchangeable by them -- "libre" is far down any list ranked by importance.

Re:The nerve!

[tftp]

you have no right to violate my privacy as i tell the world about everything in my entire life!

The discussion here is about sharing within a controlled group.

Re:The nerve!

}}controlled group.

Impossible. If i can see it. I can copy it. No matter what. I CAN make a copy. Even going all the way to manual transcription or recording my monitor.
Your group just lost complete control. And we're back to the world.

There is always a weak link in any chain. One will always break first.
So you can pretty much guarantee anything you 'share' with a controlled group will be available to the world. Especially if there's gain to be made. Even faster among people who have no severe life punishment for 'sharing'. But even then with severe penalties such as the NSA. Who STILL can't keep control of their secret information among a controlled group.

You share. You're sharing with the world. Bet on it.

Re:Brower = not encrypted

[EvilSS]

If the content's viewable in a regular Web browser without needing special plug-ins...

It is not. It requires a browser plugin.

Re:What could go wrong?

[Opportunist]

So what? The threat from pedos is insignificant compared to the threat from politicians.

Well, I'm also a disgruntled Chrome user, so...

[Max+Threshold]

I guess I'll wait for the Firefox version.

Crypto in Syme may be unsound

[Animats]

I'm looking at the source to Syme's Google Chrome plug-in. While I'm not a crypto expert, I've found three things that seem to weaken the encryption.

• In "crypto.js", lines 262-270: diffieHellman: function (privateKey, publicKey) {
  // Calculate the Diffie-Hellman shared key.
  return privateKey.dh(publicKey);
  // Strengthen the key by running through PBKDF2.
  //return this.deriveKey(symKey, salt);
  },
  Note the commented-out line for strengthening the key. That looks like something was done to weaken the key generation.
• Syme uses the Stanford JavaScript crypto library, which has a crypo-grade random number generator. But it only works if you turn on its entropy collector before asking for random bits. Otherwise you just get a function of the current time, which is easy to guess. The enthropy collector is turned on by calling startCollectors(). There is no call to startCollectors() in the add-on.
• There are two copies of the "sjcl" crypto library, one in "sjcl.jh" and one in "app.js". They may be different. One of them is dead code. Not clear which one.

This is highly suspicious. This code needs a close look by a security expert before anyone trusts it.

Re:Crypto in Syme may be unsound

[Kjella]

Note the commented-out line for strengthening the key. That looks like something was done to weaken the key generation.

More like the commented out code was done by someone who doesn't understand crypto and replaced by someone who did. PBKDF2 has a single purpose and that is to make password recovery from a hash difficult, this looks like it is negotiating a session key where it would be totally pointless since it's not based on a password at all.

To give you a very brief primer on PBKDF2:
In the beginning, people stored passwords in plaintext. That was stupid so they started hashing them with for example MD5, so instead of storing $password they'd store md5( $password ). Of course since the same password would end up having the same MD5 sum in every system, leading to rainbow tables. To counter this you add a salt and store md5( $password + $salt ). However, short passwords are quite few so it was still possible to loop through all of them in a short amount of time. So someone thought hey, why don't we just MD5 it again many times and store md5(md5(....(md5(md5($password + $salt))...)). PBKDF2 is basically a system for this, where you pick the hash function and number of iterations. Now testing a single password takes much longer, which is feasible to do on a single login but takes far too long to recover the passwords from a hash table by looping through all of them. So it is useful, but only for this specific purpose.

Re:Crypto in Syme may be unsound

[IamTheRealMike]

Read the link you provide - startCollectors is not required when the browser supports the proper crypto RNG, Chrome does, and they only support Chrome. So there is no bug.

A bigger problem is the possibility of back doors. Their privacy policy merely asserts that they would rather shut the service down than add a back door, but when the men in black come knocking they won't be given any choice in the matter so this assertion is worthless. What's more Chrome apps silently auto update. I won't be too harsh on them for this though because fixing it would require them to split the RSA key used for signing updates, find people in other jurisdictions who can review their code (assuming it's open source - their website didn't seem to say), and generally making the whole process deterministic. BTW if the authors are reading this comment, I have an open source RSA threshold signature library (but which isn't publicly available, it's the result of some academic research project). Feel free to email me and I will send it onwards. It might make it possible to ensure app updates have to be signed by a large group of people before they take effect.

Re:So is it libre or not?

[Richard_at_work]

Paid for either as part of your ISP bill when you use their servers, or when you sign up to a USENET provider. I never saw a free provider which gave you all branches, especially alt.binary etc.

Re:So is it libre or not?

[cascadingstylesheet]

There are these things called non-profits. A non-profit social network seems like a no-brainer, and I'm not sure why it doesn't exist; let alone rule them all.

A non-profit social network could show ads... to people who felt like seeing them. Money gets made (enough to buy servers & connectivity), but the profit itself isn't the core motive. And the users are not product.

I think that was rudy_wayne's point ... that one doesn't exist, let alone rule them all, would suggest that the economics of that idea don't work, for that particular problem space anyway. At least at this time.

Re:So is it libre or not?

[mellon]

Wikipedia does frequent fundraising. Linux is all about the money—there are amateur linux hackers, but more professionals. Firefox makes money. Of course they aren't all about the money, but money is important. A geek's got to eat. So if you don't think about the economics of the development cycle, you are being unrealistic. It may well be that the economics of a good distributed social network do require that the hacking be done by amateurs; it may be that there's a way to make a business of it.

I don't know why a non-profit social network would be better. Have you looked in your email inbox recently? I get constant spam from the nonprofits I've made the mistake of supporting, even the ones I think are really important. And nonprofits can get harvested—IIRC some big church I won't name sued a nonprofit that had targeted it into oblivion, and then purchased the assets.

Personally I think the right distribution model is lots of smart CPE routers, with no paid hosting at all except maybe for some kind of DNS rendezvous system. The Diaspora model seems too centralized, despite the fact that it's technicall a distributed architecture. But I have no idea how it gets paid for, and apparently the Diaspora folks don't either, now that the initial funding is finished. Crowdfunding features and maintenance might be the best model.

That said, there has to be a model. It's not going to Just Happen.

Re:The nerve!

[mellon]

It is impossible to control the dissemination of information that you make available to other people. But it is not impossible to make it expensive to crack an entire social network and feast on the gooey interior. Best is the enemy of good enough. Right now it is clearly the case that everything that happens on Facebook and Google is visible and mineable at least by Facebook and Google, and possibly by interested governments. A peer-to-peer social network makes that kind of data mining much more expensive.

Re:What could go wrong?

[MikeBabcock]

This is an attitude I wish more people would understand; Big Brother vs. Criminals ... I'll take criminals.

Re:So is it libre or not?

[Xylantiel]

Actually check out friendica. Much more reasonable than diaspora.

But the problem with social networks is that people have accepted the panopticon that is facebook. If you even try to talk to a facebooker about why facebook is bad they fall all over themselves to rationalize why its okay.