True privacy by design
requires data encryption and host-proof applications.
Even though strong encryption algorithms have been in the public domain for quite a while now, your typical end user won't benefit from them and your typical web application won't make use of them.
Why? Two reasons: For the user it is too complicated to get it running and for the service provider there is little incentive as the current business models revolve around knowing as much as possible about your users.
And even the few existing solutions today suffer from one major drawback: The code that handles de- and encryption comes from the same site as the rest of the service and could potentially be manipulated.
Add-ons to the rescue
So on the one hand we require an Open Source client side solution that cannot be tampered with by malicious web site scripts regardless of their origin.
On the other hand we want to enable web sites and web applications to provide true privacy by design very easily.
A dilemma? Not any more. With Mozilla's new Add-on SDK, we can finally build an Add-on that covers both aspects. The keys to that are an SDK architecture that rigorously separates the Content process from the Add-on process and the availability of the browser's built-in cryptographic NSS methods through WeaveCrypto.
True, that currently limits the potential to the Firefox user base, but think of it as a beginning.
Let's build the Cipherbox
After a successful proof of concept, we have decided to start this Open Source project to develop the cipherbox.
Also, browse through our wiki for more details about what the cipherbox will be able to do and to explore potential use cases.
Together, let's build the next big thing in online privacy and security by giving control of data back to where it belongs: to the user.