June 2nd 2020
Rust and WebAssembly for the server-side
Internet privacy is broken
The Public Key Infrastructure (PKI), invented over 40 years ago, has been the bed rock for security and privacy on the Internet. While PKI algorithms are behind the most internet security protocols, such as HTTPS and TLS, the idea for individuals to use public keys to exchange data, (eg, PGP), was not adopted in large scale.
Traditional PKI is not scalable. It is a O(n*m) complexity problem for an individual to encrypt and send each of her files (n) using the public key from each of the recipients (m).
Centralized file sharing services, such as Dropbox, reduced the problem complexity to O(n+m) as the individual only needs to upload each file once and to manage her contacts list one person at a time.
The complexity could be further reduced to O(m) as the centralized service automates file uploading. The centralized model has proven scalable but also brings significant privacy implications. The service at the center “sees” all data and can be hacked even if they do not do evil themselves.
Privacy over profit. — Mozilla Foundation
A new hope
Second State has developed a suite of open source tools and runtimes for the cloud native Internet. Second State tools enable developers to write fast, safe, portable, and serverless functions that can be deployed as web services. In Mozilla Open Labs, the team sets out to build web services that streamline and simplify developer adoption of proxy re-encryption in building privacy-first applications.
Each individual (Alice, Bob, and Charlie etc) creates an identity on the service via a create_identity request.
- Alice can grant Bob access to all her data via a grant_access request.
- When Alice creates a confidential document, she creates a new AES encryption key to encrypt it. She generates the AES key via a create_sym_key request.
- Alice encrypts and publishes the encrypted document on any public web server.
- When Bob wants to decrypt the document, he asks for Alice’s AES key via a get_sym_keyrequest.
In the era of COVID-19, online privacy is more important than ever.
Telemedicine solutions are increasingly used to avoid infections from hospitals visits. More than ever, we need to share personal medical records with multiple members of the care team in a secure and private manner. As societies re-open, data surveillance efforts such as immunization passports and contact tracing are increasingly used to ensure public safety. It is paramount that we do not give central data repositories, such as governments or big corporations under government contracts, the ability to infringe on our privacy.
Hence, the next phase of Second State’s work in Mozilla Open Labs is to build prototype user interfaces for privacy-first exchange of personal medical information.