AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
   Local Database  Slashdot   [351 / 457] RSS
 From   To   Subject   Date/Time 
Message   VRSS    All   Help Wanted To Build an Open Source 'Advanced Data Protection' F   May 31, 2025
 2:20 PM   

Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Help Wanted To Build an Open Source 'Advanced Data Protection' For
Everyone

Link: https://it.slashdot.org/story/25/05/31/185920...

Apple's end-to-end iCloud encryption product ("Advanced Data Protection";) was
famously removed in the U.K. after a government order demanded backdoors for
accessing user data. So now a Google software engineer wants to build an open
source version of Advanced Data Protection for everyone. "We need to take
action now to protect users..." they write (as long-time Slashdot reader
WaywardGeek). "The whole world would be able to use it for free, protecting
backups, passwords, message history, and more, if we can get existing
applications to talk to the new data protection service." "I helped build
Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018,
and Google is way ahead of Apple in this area. I know exactly how to build it
and can have it done in spare time in a few weeks, at least server-side...
This would be a distributed trust based system, so I need folks willing to
run the protection service. I'll run mine on a Raspberry PI... The scheme
splits a secret among N protection servers, and when it is time to recover
the secret, which is basically an encryption key, they must be able to get
key shares from T of the original N servers. This uses a distributed
oblivious pseudo random function algorithm, which is very simple. In plain
English, it provides nation-state resistance to secret back doors, and
eliminates secret mass surveillance, at least when it comes to data backed up
to the cloud... The UK and similarly confused governments will need to
negotiate with operators in multiple countries to get access to any given
users's keys. There are cases where rational folks would agree to hand over
that data, and I hope we can end the encryption wars and develop sane
policies that protect user data while offering a compromise where lives can
be saved. "I've got the algorithms and server-side covered," according to
their original submission. "However, I need help." Specifically... Running
protection servers. "This is a T-of-N scheme, where users will need say 9 of
15 nodes to be available to recover their backups."Android client app. "And
preferably tight integration with the platform as an alternate backup
service."An iOS client app. (With the same tight integration with the
platform as an alternate backup service.)Authentication. "Users should
register and login before they can use any of their limited guesses to their
phone-unlock secret." "Are you up for this challenge? Are you ready to plunge
into this with me?"

Read more of this story at Slashdot.

---
VRSS v2.1.180528
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.0155 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2025 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.1.250224