ZeroDark.cloud enables a new class of privacy-focused applications
End-to-end encryption is hard. So hard, in fact, that you rarely see it in apps today. With the few exceptions being WhatsApp, and privacy-centric apps such as SpiderOak or Storm4. The end result is that developers use whatever tools are available, and end up storing all user data on servers in an unencrypted fashion. That is, the servers themselves are capable of reading the user’s data — even in situations where the server doesn’t need this capability. This is a problem for users & companies alike. It puts a big target on those servers for hackers. And it makes the companies vulnerable to insider attacks, which may be a bigger threat considering that 92% of security breaches involve privileged credentials. [1]
The pain is especially felt by healthcare companies, because hackers know how valuable such data is. “On the black market, the going rate for your social security number is 10 cents. Your credit card number is worth 25 cents. But your electronic medical health record (EHR) could be worth hundreds or even thousands of dollars.” [2]
The problem can be visualized as a warehouse that contains valuable goods. Thieves want to steal the goods, and companies want to keep the thieves out. Existing tools focus on building better walls, or on detecting thieves after they break in. But ZeroDark.cloud takes a completely different approach: zero-knowledge encryption. So none of the data stored in the cloud is readable by the server — it’s all encrypted with keys unknown to the server. This is kinda like a warehouse that stores each item within a different safe. If a thief breaks into the warehouse, they’d be confronted with row after row of unmarked safes. And the warehouse doesn’t contain any of the keys — it simply receives and stores safes. But we’re talking about encrypted files in the cloud here. So the data is protected by math, not by steel. No amount of dynamite will work. Since each file is encrypted with a different 512-bit key, it would take supercomputers hundreds of years to crack just one file.
With ZeroDark.cloud hitting the market, app developers now have a drop-in solution for end-to-end encryption. They simply use the open-source framework in their app, and they get a tool for sync, messaging & collaboration. The framework handles all of the networking & encryption for them. And the developer controls who has permission to read the files in the cloud. Except these permissions get enforced using encryption, rather than brittle policy. And the solution even uses the Ethereum blockchain to perform public-key verification.
“ZeroDark.cloud is a toolkit that allows any developer to have a solution to a critical and very hard problem: how do I let my customers use the app without having me be privy to their business? How do I remove myself as a threat to my customers?” said Jon Callas, Senior Technology Fellow, ACLU. “Once, this was something only the most savvy developers could reliably solve. ZeroDark.cloud brings it into a concise API.”
This is good news for users, and better news for companies & developers. Increasing numbers of regulations (such as HIPAA for healthcare in the US, and GDPR for personal data in the EU) mean that software companies have more hoops to jump through in order to bring their products to market. Security tools that solve these difficult problems, such as ZeroDark.cloud, allow software companies to innovate quickly. And with the average cost of a data breach now at $3.92 million [3], it may help them save money too.
[1] — McAfee, Cloud Adoption & Risk Report 2019
[2] — Forbes
[3] — IBM
About 4th-A Technologies
4th-A Technologies develops technologies that restore to people their inalienable right to be “secure in their documents”. The ZeroDark.cloud product simplifies the development of apps that interact with the cloud, and performs tasks such as syncing, messaging & collaboration. It uses zero-knowledge encryption, ensuring the data in the cloud cannot be compromised.
4th-A Technologies was founded in 2015 by Robbie Hanson and Vinnie Moscaritolo with a long history of pioneering some of the best technologies for securing email and messaging.
4th-A Technologies is a privately held company based in Oregon, USA.
