|Tahoe-LAFS draws from a combination of computer security philosophies, backed up with cryptography implement in open-source code.|
The Principle of Least Authority
This post, by International Director Danny O’Brien, originally appeared on the Electronic Frontier Foundation website on Sept. 6.
Many people want to build secure Internet services that protect their users against surveillance, or the illegal seizure of their data. When EFF is asked how to build these tools, our advice is: Don’t start from scratch. Find a public, respected project that provides the privacy-protecting quality you want in your own work, and find a way to implement your dream atop these existing contributions.
So, for instance, the New Yorker’s Strongbox, a dropbox for anonymous sources, uses Tor as its basis to provide anonymity to its users. If you want anonymity in your app, building your tool on top of Tor’s backbone means you can take advantage of its experience and future improvements, as well as letting you contribute back to the wider community.
Anonymity is only one part of what will make the Net secure and privacy-friendly, though. The recent National Security Administration revelations as well as glitches and attacks on single services like GitHub, Amazon, Twitter and The New York Times, have prompted demand for online data storage that doesn’t depend on companies that might hand over such data or compromise security to comply with government demands, nor depend on one centralized service that could be taken down through external pressure.
The Tahoe Least Authority File System (Tahoe-LAFS) has been actively developed since 2007. Just as Tor concentrates on anonymity, Tahoe-LAFS’s developers have worked hard to create a resilient, decentralized, infrastructure that lets you store online both data you’d want to keep private, as well as data you want to share with selected groups of friends. It’s also able to protect against a single source of failure or censorship, like a commercial service being attacked or responding to a takedown.
Tahoe-LAFS is open source, but this month, some of the Tahoe project’s founders launched S4, a commercial “PRISM-proof” secure, off-site backup service that uses Tahoe as a backend and Amazon as a storage site.
Tahoe’s protections against third-party snooping and deletion have the kind of strong mathematical guarantees that reassure security experts that Tahoe-LAFS is well-defended against certain kinds of attack. That also means its privacy and resilience are not dependent on the good behavior or policies of its operators. (See the box for more information.)
Secure online backups like S4 are one possible use for Tahoe’s time-tested code and approach. You and your friends can run your own Tahoe network, sharing storage space across a number of servers, confident that your friends can see and change only what they have the caps to see, and that even if a sizable number of those servers disappear, your data will still be retrievable. Services like git-annex-assistant, a decentralized Dropbox-like folder synchronizer, already optionally offer it as backend. Some privacy activists have run private Tahoe networks over Tor, creating an anonymous, distributed and largely censorship-proof storage system.
It’s great to see commercial services like S4 emerging in the face of our new knowledge about pervasive online surveillance. Even better is the possibility that others, including entrepreneurs, designers and usability experts, will stand on the shoulders of the secure possibilities that protocols like Tor and Tahoe provide and give us all innovative Internet tools that can truly keep users and their data safe and sound.