Remove total surveillance from the Internet: European project “pretty Easy privacy” is going to restore privacy for everyone
pEp – pretty Easy privacy – is a bundle of solutions anyone can add to his or her communication tools. Instead of providing another crypto app it encrypts messages in those tools where people are creating them: SMS, Email, Whatsapp, Facebook, Jabber (and more). It will run on the devices people own, including Windows, MacOS X, Apple iOS, Android and GNU/Linux based devices. And it is all 100% Free Software and Open Source.
“In these times we need a real privacy solution for all people. And the solution can't be that everyone has to drop what is connecting us to all of our friends.” says privacy evangelist Volker Birk. The German software architect, a known activist in the hacker community, wants to break with some dogma of the crypto community. “What we need is that technical stuff like picking keys, understanding cryptography algorithms and handling has to be the function of our computers, and the user just presses «send».”
In the first place, this just sounds like the dream of the Cypherpunk movement. In the cypherpunk manifesto they claim: “The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.”
Actually this is no coincidence. pEp is coming out of that community and additionally, it provides easy privacy for the corporate world as well. “What good is having a private communication with your friend only after-hours? Companies have a need for privacy and security that at least equals – and probably exceeds - that of the private person” says Leon Schumacher, former Group CIO of two Fortune 100 companies, Co-Founder and CEO of the commercial arm of pEp, the pEp Security SA in Luxembourg. “It is essential for any successful solution to bring privacy and security in a simple way to both the consumer and the corporate world.”
Surprising for a Free Software solution but fully aligned with this strategy, the first platform pEp is supporting is Microsoft Outlook. “We offer today what enterprises need to secure their communication without the users bailing out: a configuration free, zero touch application which just does the job. And it does it right.” The enterprise version has features like key escrow and is supporting fully automated software rollout tools.
Volker and Leon are convinced that pEp will spread globally. “We're working with one single goal: to help people and companies regain their privacy. And we implement all that as an invisible layer to accommodate how people are communicating already. It is not the task of us technicians to teach people what to do, how to do it or to force them to move to a software or platform they don't like. It is our task to secure and make private what they want to use – and actually are using already.”
Regarding the technology inside, the solution really is something new. “This is not a cryptography software at all.”, the activist explains. “Instead of inventing cryptography again, we integrate what is pretty good already: GnuPG as the most trustworthy crypto-solution, and NetPGP as an amazing project and perfect replacement for all platforms where GnuPG is not available, like for Apple iOS. We let these professional solutions do the encryption job correctly.
What is it then that pEp is doing? “pEp provides the missing link. Probably most people in the hackers' community are able to use PGP correctly. But unfortunately, most people outside don't. This is what we learned from all those crypto parties we organize, for example in CCC Zurich (Switzerland). «Key expired». «Wrong key». «Cannot encrypt». These messages are well known to many users of common crypto software. People really want privacy, but they don't know how to reach it. With crypto parties, we try to teach people who really want to learn – with huge success. But it must become possible for everyone to have privacy, not only for people who're attending cryptoparties. Therefore the pEp engine is doing exactly what a hacker does when he or she is using PGP: create a good keypair with reliable algorithms, handle it safely, manage public keys of other people, and operate the crypto solution in the best known way to keep it safe. But that's only first step.”
The evangelist has huge plans with pEp. “We want to make being private and secure the default in written communication on the Internet.” he states.
How could that work? “pEp is doing everything. You just press SEND, and pEp ensures that your message leaves your device in the most secure way. It is compatible to all established crypto standards, including OpenPGP, S/MIME and CMS. If you receive an encrypted message from anywhere, pEp can handle it and will answer it in the same encrypted way. You don't even notice that all is encrypted in between. If both sides are using pEp, it is getting even better: then we're using an anonymous transport called GnuNet. With that technology, meta data is no longer readable for an attacker. pEp is fully peer to peer itself. And only you have the keys.”
Hard to believe? The proof of concept already exists: The implementation of the very first version of pEp engine, was tested and runs successfully on GNU/Linux, MacOS X and Microsoft Windows already and it is implementated in an Outlook plugin, where anyone can see show how it all comes together seamlessly. That is the prerelease we have today, and which is being tested by 3 Fortune 500 enterprises right now. Additionally, Georg Greve, founder of Free Software Foundation Europe is a member of the project. Georg also guarantees that pEp will be part of the standard deployment of the Free Software Kolab, a groupware solution for SMBs.” So on the business side, adoption is already growing. But what is with the consumers?
“Next will be the apps for iOS and Android – and the Web browser plugins. If you want to have them quickly, please support our crowdfunding on Indiegogo. The pEp team is 100% committed to this project, and will continue development independently from money. But if people support our initiative through crowdfunding or by simply spreading the word, we can provide pEp for all platforms very quickly. Wouldn't it be nice to have privacy with pEp on your most-loved messaging platform today?”
published Mon, 15 Sep 2014 02:15:56 +0200 #announcement #background