US hacker group forges a new free app security framework

The idea is that apps can communicate with each other over the internet privately and securely without going through centralized and often corporate-owned systems.
Rizwan Choudhury
Secure data network graphic.
Secure data network graphic.

Credits: iStock 

A group of hackers who call themselves Cult of the Dead Cow (cDc) has developed an open-source tool for developers to create apps that respect user privacy and security. The tool, named Veilid, was unveiled at DEF CON, a hacker convention held in Las Vegas, on Friday.

The group has created a coding framework that can be used by app developers who want to use strong encryption and avoid revenue from ads that are based on users' profiles derived from the data that most apps collect.

As Engadget reports, cDc leader, Katelyn “medus4” Bowden, said that the group’s vision for the internet was different from the current reality. “We feel that at some point, the internet became less of a landscape of knowledge and idea sharing and more of a monetized corporate machine,” she said. “Our idea of what the internet should be looks more like the open landscape it once was before our data became a commodity.”

Peer-to-peer network

The group is building on the work of free apps and services like Signal, which provides strong encryption for texts and calls, and Tor, which allows anonymous web browsing by hiding the user's location. The new effort, which was presented at the huge annual Def Con hacking conference in Las Vegas this week, aims to provide a basis for apps for messaging, file sharing, and even social networking that do not harvest any data and are secured by end-to-end encryption that makes snooping difficult even for governments.

The code is called Veilid, pronounced vay-lid, and can be used by developers to make apps for mobile devices or the web. The idea is that apps can communicate with each other over the internet privately and securely without going through centralized and often corporate-owned systems. Veilid gives app developers code to add to their software so that their clients can join and chat in a peer-to-peer network. 

Those apps will send fully encrypted content to each other using the Veilid protocol, its developers say. Like the file-sharing software BitTorrent, which shares different parts of the same content at the same time, the network will get faster as more devices join and share the load, the developers say. 

The system, which uses some features of the Tor and IPFS networks, is mainly coded in Rust with some Dart and Python. It allows apps on different devices to connect via Veilid without revealing their IP address or location to each other or to the app makers. This is good for privacy.

Difficulty is to persuade programmers

As with some other open-source projects, the difficulty is to persuade programmers and engineers to devote time to creating apps that work with Veilid. Developers could make money from those apps or sell ads, but the possible income sources are restricted by the lack of detailed information that is used to deliver targeted ads or market a product to a specific group of users.

Veilid is the most important release in more than a decade from Cult of the Dead Cow, the oldest and most influential U.S. hacking group and the creators of the word hacktivism, combining hacking and activism. 

Before the internet became what it is now, Cult of the Dead Cow was a group of online storytellers in the 1980s. Today, the group boasts some of the top cybersecurity experts in the field. Among them were pioneers who were among the first to alert the public about security vulnerabilities in popular software and to work with vendors to fix them.

One such name is Peiter Zatko, better known as Mudge, who worked as a program manager at DARPA, the Pentagon’s research agency, and as the security chief for Stripe. He later joined Twitter as its security leader at the request of Jack Dorsey, its founder. He told Congress last year that Twitter’s security was so poor that it breached its previous agreements with the FTC.

The cDc is currently working on forming a community and a foundation to support the project. Bowden said that some people could not understand their motive for doing this without profit. 

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board