Felony – An open-source PGP keychain(github.com) |
Felony – An open-source PGP keychain(github.com) |
Interesting app, and it looks cool, but it rules out usage for me. Why the JS + Electron stack?
Is it possible to use existing PGP keys with Felony?
I’ve had a passion for politics, history, and programming since the age of 12 growing up in a suburb of Chicago. During my freshman year, I developed an interest in software. A couple of apps and hackathons (programming competitions) later, I was working on my own startups when I made the leap to drop out of high school to become a software engineer at a venture-backed tech startup.
While working there I learned that PGP encryption was the tool used by Edward Snowden to securely send messages to journalists. The immense value of encryption as a core component of our free society became clear to me. Amongst fellow coders, I had no trouble using command-line encryption to communicate. But my friends who didn’t code couldn’t easily do the same since they don’t know how to use the command-line. Given how important encryption is, I decided to build a first-rate encryption tool that could be used by anyone on any website, regardless of background.
Question: what's the memory usage like A) at idle, B) after some using and left running for a day or two?
Same idea -- strong crypto that's usable for anyone. It uses the OTR Ratchet protocol which uses perfect forward secrecy. The app also provides a way to verify keys through an OOB channel.
I would recommend considering OTR Ratchet integration just like WhatsApp did recently.
PGP is not a good design choice for a messaging app as you're always using asymmetric crypto operations which are computationally intense -- not terrible on modern computers but will be dreadful on mobile devices. Also can you provide some more documentation on how the app leverages PGP? Hopefully conversation is not using the same private keys to encrypt. That is vulnerable to data or side channel leakage. The modern approach is to generate and exchange an ephemeral key. Also please provide information on key storage.
Rather than making vague security claims like "first-rate" and " Security++ to the greatest extreme" you should rather provide a threat model and explain why one can remain confidential and have authenticity against particular types of adversaries. No security tool is perfect and it's only a matter of time before an adversary breaks it. Developers are doing a disservice by claiming anything more.
Before you can claim a first-rate security tool you will need to face a lot of scrutiny first.
The OpenPGP library it uses has been audited (twice). Most of the mistakes that could have be made are avoided this way.
Edit: Yes, you lose PFS by using PGP, but it would not really be possible to negotiate PFS via, say, email.
Maybe someone could fork the application and rename it to something cool that I can use?
1. Add public keys to your buddies list— A public key is like a username - Adding someone’s public key to your buddies list lets you send them messages. You can find other public keys on markets like keybase.io and darknet.
2. Encrypt a message— Select a recipient from your buddies list and compose a message. Only your chosen recipient(s) can read the message. Encrypted messages might contain sensitive information, such as an address, document, or anything intended to be read only by intended recipients.
3. Send the encrypted message anywhere— You can send the encrypted message on any website! For example, facebook messenger, twitter direct message, or youtube. Felony is security when and where you want it.
(fwiw i say this as a college dropout who doesnt regret it at all)
I recall even Snowden dropped out of high school.
PS: I love the name. You did a good job with it creating a buzz. It made me laugh and curious enough to take a look. Maybe pointing out on your site that "privacy is a human right" and the name should remind us of that rather than succumbing to peer-pressure, in the hope of not offending the 0.01% of your non-tech savvy users.
Felony: Next Level PGP Felony: An open-source PGP keychain built on the modern web
It's the worst name since that framework called "cocaine" with tools and subprojects named after illicit drug market terms.
Yeah, "felony" and "cocaine" are not things I will put on my CV or would like to show up when someone Googles my name.
What's the joke here? That some people are incorrectly labelled felons for what they say and write?
Do you know what most "felons" did to be called that? It's not for what they said and wrote that should be constitutionally protected.[1]
[1] I don't have numbers to back this up. Maybe most people are actually felons for drug possession, but you know what? I don't want to be associated publicly with those actions either. Also do you want to be on this table? https://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2015/...
Violent crime,Murder,Rape, Robbery, Property crime, Burglary, Larceny-theft,Motor vehicle theft, Arson
Exercised journalistic integrity and protected an anonymous sources?
http://uscode.house.gov/view.xhtml?path=/prelim@title18/part...
The press is free, as long as it doesn't protect sources that have leaked embarrassing information about the armed forces.
Because that's what I asked (rhetorically).
Looks great otherwise.
I hate when people hate the "if you have nothing to hide, why do you care?" question because it's a valid question. You can answer, "because I fear the creeping growth of a surveillance state like in 1984", but then again, if you do that you no longer get to claim that other "slippery slope arguments are fallacies".
I've been a bigger privacy freak than all of you since before you were born, google my somewhat unusual name, you won't even find me. But still, I enjoy making fun of the groupthink that infects these types of communities.
Oh, and it's not a slippery slope fallacy if we literally are headed towards 1984. Not even Orwell thought that social graphs would allow for automated analysis. The NSA doesn't need tele-screens when they have Facebook.
You probably shouldn't be making that claim, to be honest. It's only a slippery slope fallacy if there's no historical evidence to support it. Part of the reason we record history is so we can tell whether a slippery slope might be a real danger.
There's several instances where a historical collection of information on citizens, done under claims to protect the people, turned into an oppressive regime, sometimes leading to the deaths of innocent citizens. The SS, Stasi and OVRA are all good examples, and a more current example can be found in China.
- the app has an unintuitive and harmful name that casts aspersions on the core values it purportedly touts because the developer saw that it was an available .io domain [0]
- This app has a shitton of leftover boilerplate and dev dependencies from a bootstrap scaffold, even though AFAIK there is no testing suite. (Because we all know how safe npm dependencies are...)
- A good number of unnecessary non-dev dependencies too. It includes font-awesome, which seems unnecessary to include in its entirety already...but are there any uses of font-awesome? I did a search for "font-awesome" and "fa-" but couldn't find any.
I understand using boilerplate generators to learn the ropes of creating within a framework...I've done it to learn React and Angular. But to use a scaffold-generator for a niche and highly specialized/sensitive app like this? It can't mean that it's anything more than a toy app. And yet one in which the decision to give it the name "felony" just looks immature on the author's part, meaning that it's not even useful as a resume padder.
I know almost nothing of the above frameworks. However, Google gave me front pages for each that look more complex in implementation and dependencies than a C, Ada, or Rust app. Unnecessarily so. Secure applications should follow Lean and KISS principles every chance.
Note to author: All that said, if you're just doing it for fun or learning, then that's cool. Also a good area to learn about. :) The above applies to implementations meant to be used in field.
Your comment on image is possibly also true. I remember much of the press of another messenging app oriented toward privacy came because it advertised as "the beautiful messenger" with many nice pictures. It was Icelandic with .is site but I don't recall name. Versus competition, wasn't much to say in terms of implemented features or security. The U.I. was beautiful, though. ;)
Note: The Apple website takes this technique about as far as it can go outside a dedicated, high-def, image board.
Note 2: I could add Nim to my prior list if there's been any work evaluating it for security-critical applications. Particularly, how it helps or hinders expressing such things plus risk compiler brings in during transformations. Anything on that yet?
... built on the modern web with Electron, React, and Redux.
Building desktop applications with web frameworks should definitely count as a felony.
"The accused was even using an app named Felony!"
Security? Encryption? Privacy?
https://gigaom.com/2014/06/30/the-dark-side-of-io-how-the-u-...
In fact, the reception this name is getting is quite ironic. Just think about it, and you might just burst out laughing.
Please stop referring to non publicly open platforms as they were actually usable.
There is keys.gnupg.net, pool.sks-keyservers.net, pgp.mit.edu, etc. These are the well-known ones that had been around for a while.
There have already been trends in the mainstream and right wing media that "If you have nothing to hide, you have nothing to fear", that the NSA only monitors the communication of criminals, and that things like iPhone encryption help terrorists first.
With that in mind, can you imagine the reaction that the average lay-person will have when they see a clickbait headline or morning news report that says "A new app called Felony allows ISIS and online pedophiles to communicate in secret with ease."
It looks like a great app, and I will honestly use it.
But I don't think the name helps the cause of promoting easy and default end-to-end encryption for all to remove the implication that the only people that use it have something to hide.
https://github.com/TLINDEN/pcp
(Just submitted it to hn - I thought there was an old submission, but apparently I was mistaken): https://news.ycombinator.com/item?id=12035081
If felony is PGP protocols wrapped in modern web technology, I suppose pcp is NaCl wrapped in old PGP command line and protocols...
I feel certain that the name was the critical factor that made his company so nervous. For a while he had two different names for the program, SATAN and SANTA, to try and reduce the stigma, but it didn't work.
[1] https://en.wikipedia.org/wiki/Dan_Farmer
[2] https://en.wikipedia.org/wiki/Security_Administrator_Tool_fo...
Now we have an effort otherwise but... cannot... resist... doing... something... to make it unfriendly...
The first picture that came to mind is this http://i.imgur.com/EyFFRsa.gifv
Patriot
Freedom
Liberty
Good Citizen
Free Speech
America
Fourth Amendment
Secure In Papers
Right To PrivacyPatriotism is something I wouldn't like either, I think that's a rather odd concept (and not related to liberty, freedom or security).
Good Citizen sounds like it comes straight from a famous book inventing doublespeak.
Even Free Speech is not a global concept - the way you capitalize it I assume you're after the US version again.
Probably the lesson is (again) that naming things is a hard problem (I agree that Felony might not be a good name too by the way)
The mental operation of inverting the word felony is kind of interesting and thought provoking, IMO.
That's the concept that encapsulates privacy, speech, etc.
The America-centric names are less appealing to me, since many equate "America" with the federal government, which is definitely not the friend of liberty / free speech / privacy.
How does the app handle encryption? Has there been a security review?How are keys handled? How are conversations persisted in the app? Does it use iCloud? Etc...
It's built on Electron, React and Redux. There is no security as it is a fundamentally insecure environment.
EDIT: He closed my issue without comment.
Five hours on HN, and the name's not changed yet? I'll check the next time this is posted with a usable name. IOW, when you start taking it seriously, so will I.
Those are taking something negative and wrap it in a positive name (positive gain for the author)
We're taking something positive and wrap it in a negative name. This will only cause negative gain. Not only for the author but also for making encryption seem like something evil. This is especially bad time when politicians are trying to ban encryption.
I'm not an American, by the way.
Afraid not. Would be awesome to see somebody that is security conscious taking a look at Nim and verifying these things :)
Should note that I never use the thing since in practice it's easier to fetch my key via traditional methods, a la pgp.mit.edu...
There seems to be a number of forks already (currently 12).
It's okay if your audience is strictly other tech people, but this is built for general use.
> The Web site Serge had used (which has the word “subversion” in its name) as well as the location of its server (Germany) McSwain clearly found highly suspicious.
I'm in favor of crypto, privacy and the same things you are... I just don't lie about it: criminals are more interested in crypto than the average citizen, so are kiddy pornographers (for those of you who don't think that's a crime). So are "chinese dissidents", but seriously, there are more criminals out there.
my arrogance comes from my ability to be both smart and honest rather than a propagandist.
That is the problem that should be solved. Everyone should be interested in crypto. You're just spouting arrogance and irrelevant information.
That has nothing to do with PGP. You could do the same by base64-ing an OTR session (in fact, people do that all the time).
I don't like the choice of PGP because it has non-repudability. If you send me a message, I can prove to anyone in the world that you sent me the message. OTR and Axolotl don't have this problem (only I can be sure you sent me the message and I cannot prove that I didn't fake it to anyone else).
Only if you sign the message, right? But you can use PGP to send encrypted messages without signing them.
Axolotl and OTR provide signatures, just that they are "non-transferrable" (so to speak). Not to mention that the actual crypto is more modern.
But PGP also works for printing stuff on a post-card (or you know, email) - asynchronous communication. While Axolotl does push OTR-like modes towards asynchronous use - they do involve a lot more than getting hold of a public key (say, one published in a magazine, or shown in a frame of a movie, or...).
There's been an argument since the early crypto-wars about whether gpg/pgp could (should) be made easier to use. And I absolutely think it could (and should).
Key distribution is still hard, but it's not helped by a silly cli app, and no great recommendations on how to manage trust (I suppose the gist is: get a hw token for your key, print a backup and store a revocation order in a safe, sign keys you trust and upload them to the keyservers. But even if that list seems easy, users are left with questions like: which hw tokens should I use? When I lose it, "re-trusting" keys? How big a problem is it that I've just exported meta-data about who I communicate with? Which clients easily integrates with my hw token so that I can use gpg on my smart phones, my laptop and my desktop? What if my phone lacks NFC? Can't use USB host? And last, but certainly not least -- why isn't there a fork of gpg2 that does "the right thing(tm)" out of the box -- and make this "best of breed" flow easy, rather than making all kinds of sub-key shenanigans equally cryptic?)
It's hard to say that most mistakes are avoided from two audits. Especially in a browser; there's a lot of attack vectors.
What do you consider a "trusted medium?"
How about calling it "Freedom"
Everybody wants rights and nobody sane is against having rights when rights means their right the free speech, their right to a fair trial etc.
Best to go with something like Freechain or something so at least people can search for it.
Still, other suggestions are coming up in this thread that may be of use. I really like the idea of a name that, for a non-technical user, cab be a lead in to answering "why do I want this app? what does it do for me?"
What a great missed opportunity...
Problem solved, welcome to open source.
Edit: To put the converse: If it's a shitty idea, then no one will use it and it didn't matter that you were polite anyways.
You might as well just be offering to not refer to it at all by any name.
Only a Hacker News type of person will invert the logic. The general public won't.
Ask your neighbor to guess the purpose of the Banking Secrecy Act [1]. Does it protect your money and your financial privacy, or does it make banks snitch on you and strip away financial privacy?
Even I was surprised that the name of the law and the actual text are exact opposites.
The OP is honestly interested in furthering the right to privacy. State it plainly and simply. (It doesn't inoculate the app from being painted as a terrorist abetter, but it's the best you can do.)
Just saying.
One example comes to mind, back in the day people used to use the word "Exploited" to talk about workers being drained of their life force. When you say exploited you assume that there is an exploiter, that someone is guilty of that worker's shitty life.
Now we mostly say the "Disenfranchised" or "Disadvantaged" which takes the "Exploiter" out of the equation entirely and put the workers plight mostly on the back of bad luck than anything else.
Words are very important.
So you think calling a product "nigger" is a good idea? It's just a word and it would certainly stand out.
(Before responding directly to my comment, please consider that I'm criticizing your logic, and don't actually want anyone to create a product with a hateful name)
I'm guessing exactly zero.
Seriously, though, "freechain" strikes a nice balance between being a new term, and hinting at what the use-case is.
2. How are the public keys securely distributed? You say that "a public key is like a username", but without a central authority you hit a lot of issues (essentially the CAP tradeoff, but for user IDs). And with a central authority, you have no trustworthiness. Or are the users just meant to find public keys themselves (in which case you're back to the current state of affairs).
3. The name choice is stupid. Why on earth would anyone sane in this political climate call an encryption program "Felony"?
That's how you'd prefer to bootstrap secure communication with a journalist, or for recruiting people to demonstrate against the current regime in Egypt?
> But in principle if you assume that key distribution is "solved" then you can implement the unique parts of OTR.
How can it make sense to think of it as solved? How do you backup your keys? Your list of trusted keys? Protect them against theft? Alert others to their compromise? Get alerted when keys are compromised?
Key distribution really is the only really interesting problem in secure, trusted, communication (with secure one time pads, most problems go away. The trick is to make sure you have secure one time pads, shared only with the person(s) you want to communicate with...).
Public key encryption opens up some new ways to make the problem easier, but it's just one step in the right direction.
All in all an order of magnitude less security then a native app to put it mildly.
http://blog.scottlogic.com/2016/03/09/As-It-Stands-Electron-...
Anything webkit based is going to lose on all of those points almost immediately. Anything nodejs based is also going to lose on all of those points, because nodejs has a culture of massive dependency stacks run by whomever. Javascript in general is a pretty insecure language, unless you are using explicit subsets but even then javascript has a horrible reputation for security.
Something is better than nothing. I'd rather people use Telegram (pretty well known for terrible crypto) than people use nothing at all. Same with Felony. I'd rather people use bad crypto than no crypto.
But in general it would seem likely that anything built on a webstack has a low chance of passing a security audit. The cultures surrounding the webstack technologies prioritize shipping product and doing cool things over shipping bug-free or secure code. It's one of the reasons that the webstack is so popular. It's easy, and if you ship something buggy it's generally not too bad to go back and fix it later, especially for something like a webpage, because your users will get your updates immediately.
Of course, there are other concerns (why PGP and not Axolotl or OTR, how on earth does "your key is your username" work without causing other CAP-like issues, etc). But I'm not going to spend any time trying to improve a project that is working against encryption for everyone.
Criticizing a name is hardly something that "shows off" smarts. Dismissing everyone for having nothing interesting to say, on the other hand...
I wouldn't say it belongs to any nation, though if it had to belong to one it'd probably be France. The first two things that come to mind when I think of the word 'liberty' are both of French origin:
Oddly, this government minister [http://news.sky.com/story/1675276/conservative-mp-calls-for-...] was so shocked and outraged about requests for leaders to reveal their tax returns he suggested banning curtains as a equivalent. He's from the same government that collects and reads all email of all citizens.
Also do keep in mind that the 130MB number is right after start without even logging in or using it at all. Due to memory usage by actual feature usage, and creep due to leaks, i can expect that number to easily double and more.
Chrome does a better job of containing the damage to individual tabs, but I'm not how much that really helps with something like this. And of course, eventually I still end up killing Chrome periodically to get RAM back for real work, like running VMs without the host thrashing.
Disclaimer: it's not my only machine, but I'm posting from a Pi 3. 1GB RAM is roomy for most things that aren't Web browsers and apps that embed Web browsers.
It may be a braindead idea but it's their idea. If you don't like it, fork it.
If you don't like it, write your own.
But don't complain because someone wrote some software and kindly published it for all to use for free.
Because that's how PR works. The problem is that it's a publicity problem, not a technical problem. Technical problems are solved by forks, but publicity problems have to be solved by the community.
> But don't complain because someone wrote some software and kindly published it for all to use for free.
And then decided to give it a name that actively bombards the crypto community's efforts to bring encryption to the masses. Sure, it's free software and that's fine. But it's free software that will cause a PR nightmare for no good reason. "Hackers and terrorists are using a new app called 'Felony' to steal your money and freedom." -- That's the headline here.