Tao Effect Forums

Espionage => Espionage 3 => Topic started by: Bernak on July 01, 2013, 10:29:47 AM

Title: Secure Cloud Idea
Post by: Bernak on July 01, 2013, 10:29:47 AM
Hello Forum Members,

I am an Espionage user since many years and I do like it a lot, but after Apple Filevault 2, my need for it has been slowly decreasing... I wanted to start the discussion about the possibility to implement the EncFS http://en.wikipedia.org/wiki/EncFS (http://en.wikipedia.org/wiki/EncFS) filesystem within Espionage. Such file images would allow efficient encryption on cloud based storage service (read Dropbox, etc.) and imho, could make Espionage a very nice option for efficient data cloud storage. Maybe later an app to be able to read the files from an iOS or Android Device could be a nice addition as well.

May something like that be possible?
Anybody interested on such a solution?

Regards,
Bernak
Title: Re: Secure Cloud Idea
Post by: greg on July 02, 2013, 10:01:44 AM
Hi Bernak,

Yes, EncFS is actually something I've had my eye on since the very early days of Espionage. It has many nice properties about it, but there is one issue with using it directly as it currently exists, and that's the requirement of installing FUSE/MacFUSE, a kernel extension. That's not something that you can do on a smartphone (certainly not an iPhone).

The secure cloud idea is something a lot of people are looking into, including us, and if we do anything in that area, it probably won't use a kernel extension. One thing I learned from iSpy (the kernel extension Espionage 2 relied on), is that kernel extensions are very difficult to maintain and support. If we can solve this without one, I'd rather go that route.

Thank you very much for your suggestion! Rest assured we're looking into this area.

Kind regards,
Greg, Tao Effect
Title: Re: Secure Cloud Idea
Post by: greg on July 02, 2013, 12:12:10 PM
Also, for now, if you want to have your data synchronized over the internet with multiple computers, you can use Espionage 3 with Dropbox or Bittorrent Sync (http://labs.bittorrent.com/experiments/sync.html) (which is secure).

With Dropbox, follow the instructions in Espionage's help (http://www.espionageapp.com/EspionageHelp/pages/ex2-dropbox.html). With BTSync, you don't need to do it that way (although you can). You can instead put the synced folder *into* an encrypted Espionage folder (as opposed to storing the disk image within the BTSync folder as with Dropbox), because BTSync (allegedly) encrypts everything as it travels over the internet.

Note that whereas Dropbox will store your data on Dropbox's servers, BTSync will only store your data on other computers that you have access to and have installed BTSync on.
Title: Re: Secure Cloud Idea
Post by: Bernak on July 03, 2013, 07:58:43 AM
Hello Greg, thanks for the reply.

Quote from: greg on July 02, 2013, 10:01:44 AM
It has many nice properties about it, but there is one issue with using it directly as it currently exists, and that's the requirement of installing FUSE/MacFUSE, a kernel extension.
Thats true, but I don't see that as a mayor problem. Of course, less kernel extensions is always better, but MacFUSE exist since several years and I've not heard any big complain about using it (I am currently using it myself).

Quote from: greg on July 02, 2013, 10:01:44 AM
That's not something that you can do on a smartphone (certainly not an iPhone).

As for iOS Devices, it can be done. For example, you can read EncFS images with this free App: https://itunes.apple.com/de/app/boxcryptor-classic/id484546808?mt=8 (https://itunes.apple.com/de/app/boxcryptor-classic/id484546808?mt=8)

Quote from: greg on July 02, 2013, 12:12:10 PM
Also, for now, if you want to have your data synchronized over the internet with multiple computers, you can use Espionage 3 with Dropbox or Bittorrent Sync (http://labs.bittorrent.com/experiments/sync.html) (which is secure).

Thats true, but it may have the Truecrypt problem: it is only safe to synchronize an unmounted Volume, and a complete image file re-upload may be needed. EncFS is much safer for cloud storage.


Anyways, I just think it may be a really good feature to implement a robust cloud encryption solution, as many users begin to face uncertainties about how private cloud storage really is.

Best wishes,
Bernak
Title: Re: Secure Cloud Idea
Post by: greg on July 05, 2013, 09:28:17 AM
Quote from: Bernak on July 03, 2013, 07:58:43 AM
Hello Greg, thanks for the reply.
Thats true, but I don't see that as a mayor problem. Of course, less kernel extensions is always better, but MacFUSE exist since several years and I've not heard any big complain about using it (I am currently using it myself).

Hmm, I remember recently trying to install MacFUSE and running into various problems because the project was abandoned and picked up by someone else (at least once, maybe twice). I think the current "go to version" is the one maintained here: http://osxfuse.github.io/

We are working nearby this area right now though, in a slightly different direction. Stay tuned...

QuoteAs for iOS Devices, it can be done. For example, you can read EncFS images with this free App: https://itunes.apple.com/de/app/boxcryptor-classic/id484546808?mt=8 (https://itunes.apple.com/de/app/boxcryptor-classic/id484546808?mt=8)

Oh neat! Thanks for the link!

QuoteThats true, but it may have the Truecrypt problem: it is only safe to synchronize an unmounted Volume, and a complete image file re-upload may be needed. EncFS is much safer for cloud storage.

A complete image file re-upload is not necessary with Espionage, but as per the help instructions, you do have to be care to coordinate syncing across computers, or your data could become corrupted, so that is a valid point.

With Bittorrent Sync, however, this is not an issue, because you place the synced folder *within* the encrypted volume. This is essentially the opposite of what you do with Dropbox, where you place the encrypted disk image within Dropbox. The reason this is safe to do with Bittorrent Sync is because it uses its own encryption to transfer your files to other computers. You just have to make sure that the other computers are re-encrypting the files on their end (perhaps by using Espionage there too).

I hope to write a blog post on how to do this in detail at some point.
Title: Re: Secure Cloud Idea
Post by: greg on July 05, 2013, 09:41:28 AM
Also, another reason why I'm hesitant to jump on board with FUSE is because it creates a potentially serious liability. I know how difficult it is to maintain a kernel extension, and the sorts of troubles relying on one can cause. What if Apple updates their operating system in such a way that it breaks FUSE? They've done this before and both iSpy and FUSE had to be updated.

Right now Espionage 3 has far fewer liabilities compared to to Espionage 2. It relies on very little external code that has the potential to break or lose support. We like that because it makes it much easier for us to keep things secure and working correctly when there is less source code involved. Fewer points of failure.

OSXFUSE's Github issues page (https://github.com/osxfuse/osxfuse/issues) has some issues that point out some of what I'm talking about:

- OS X Will not boot after MacFuse Install (https://github.com/osxfuse/osxfuse/issues/87)
- Finder reports error -43 when copying symlinked directories (Mountain Lion) (https://github.com/osxfuse/osxfuse/issues/75)

That's not to say it's not a solidly stable kernel extension, but the potential for future failure is there.
Title: Re: Secure Cloud Idea
Post by: tzugo on September 21, 2013, 09:53:58 AM
greg wrote:
QuoteRight now Espionage 3 has far fewer liabilities compared to to Espionage 2. It relies on very little external code that has the potential to break or lose support.

Espionage 3 has one huge liability and this is the reliance on Apple's disk image and encryption framework. Well, this reliance is deliberate, and every user of Espionage knows about it (well, they better should!), but many people would perhaps prefer a solution that does not tie their important secret data¹ to one operating system.

I like the way 1Password ensures that the encrypted data can be read on basically any system using just a web browser!

Perhaps EncFS could lead Espionage into a possibly brighter - 'cause cross platform - future?!

¹) And I argue that many people will not bother using tools like Espionage for any not-so-important stuff anymore since the introduction of full disk encryption by Apple since Lion, FileVault 2, solves a big enough part of their privacy problems already.
Title: Re: Secure Cloud Idea
Post by: greg on September 21, 2013, 12:53:29 PM
Quote from: tzugo on September 21, 2013, 09:53:58 AM
greg wrote:
Espionage 3 has one huge liability and this is the reliance on Apple's disk image and encryption framework. Well, this reliance is deliberate, and every user of Espionage knows about it (well, they better should!), but many people would perhaps prefer a solution that does not tie their important secret data¹ to one operating system.

I like the way 1Password ensures that the encrypted data can be read on basically any system using just a web browser!

Perhaps EncFS could lead Espionage into a possibly brighter - 'cause cross platform - future?!

EncFS is definitely something we're aware of and may consider. We also don't like being tied to any one operating system, especially to one that's closed source. Another possibility is reverse engineering sparsebundles and making them cross-platform. Some work on this has already been done by others.

Re: 1PW, that whole world is quite different from what Espionage does. 1PW encrypts lots and lots of really small bits of text (and leaves some unencrypted, for example, the names of the websites you have login items for). Its keychain cannot act as a general-purpose filesystem.

Quote¹) And I argue that many people will not bother using tools like Espionage for any not-so-important stuff anymore since the introduction of full disk encryption by Apple since Lion, FileVault 2, solves a big enough part of their privacy problems already.

Our interest is in building a meaningful and powerful security product. FileVault, in my opinion, is somewhat lacking.

For one, FileVault gives you zero plausible deniability. We want to protect users even if they find themselves forced to disclose their password (or face serious consequences).

With FileVault, the security of all of your data depends on a single password. It's an age old saying that you shouldn't put all your eggs in one basket, and when FileVault is the only thing protecting your data, that's exactly what you're doing.

Our app also lets users use laptop tracking software (should their laptop get stolen). Those apps don't work with FileVault.

So, some people might think FileVault gives them adequate protection, and that's fine, but there definitely are others who are interested in something more.
Title: Re: Secure Cloud Idea
Post by: tzugo on September 21, 2013, 03:24:10 PM
QuoteAnother possibility is reverse engineering sparsebundles and making them cross-platform. Some work on this has already been done by others.

That's of course a nice approach, too.

QuoteRe: 1PW, that whole world is quite different from what Espionage does.

I know, just wanted to point out that they found a really nice and clever way to address this particular problem. Having the whole logic and crypto stuff which is needed to access the data "anytime, anywhere" implemented in JavaScript is plain cool. I use this option rarely, but if I need to, I am extremely glad it's there. But I just brought this up as an inspiring example, it is clear to me that you cannot easily go the same route as what you are doing is very different.

QuoteFileVault, in my opinion, is somewhat lacking.

Yes, but I wasn't intending to claim that Espionage is no longer needed now that FileVault is there, on the contrary actually.

My point is this: Before FileVault 2, everybody travelling with a laptop was basically forced to use some third party encryption solution such as Espionage, since everybody has private data which they need to protect e.g. in case their device is stolen. A solution catering for this broad user base and use case must be easy to understand and use, which Espionage is and was IMO (yes, I see from the forums that there still are people that have problems understanding it, but that's partly a problem of educating them well enough).

Now that FileVault 2 is there, this base is covered,¹ so I assume people will turn to Espionage to "go some extra mile", i.e. they don't just strive for privacy, but they want safe and secure storage of important data. Data which they can neither afford to lose access to nor afford for it to become disclosed. The "no disclosure" part might be handled by Espionage quite well already, but do I see room for improvement on the "loss of access" front.  ;)



¹) Heck, the great thing about FileVault 2 on my MacBooks plus my multiple, distributed, and encrypted Time Machine backup USB drives is that I don't need to worry losing any of them anymore. Every single piece of hardware is disposable and the data is safe against failure, loss and theft. If something breaks or gets lost, I buy it anew. Espionage exists to solve a very different problem.