16 min read

Securing the Internet: A Look at RetroShare

RetroShare Home Page

The Internet today is a dangerous place, not the least because of the pervasively insecure practices of so many of its users. Many users do not understand how to properly secure their own machines. And the world is not dangerous because of crackers and invasive criminals; no, the Internet has grown more dangerous because there are so many other attack vectors that come at us. When people do not understand how to protect themselves online, it leads to a lot of information leaks. When it is your friends who do not protect information, any information you share with them must be considered public knowledge. Cloud platforms like Facebook and Google have made their money by convincing you that you don't care enough about your own privacy to worry what they do with the information that they give you. The government relies on its weight to violate the privacy and safety of its citizens with impunity. In short, if you are using any of the commonly appreciated applications for communicating across the Internet, you are creating a dangerous footprint that can easily be used to abuse you and yours. Traditional Internet protocols fail in one or more ways to provide a sufficient solution to this problem.

I want to take time here to detail the dangers of the Internet as we now know it, emphasizing just how dangerous this really is. I also want to point out the current levels of security that most people have on their systems. After that, I want to discuss what the traditional protections for being really secure look like, and why they are inadequate to the modern climate of the Internet. Finally, I want to take a look at the RetroShare application, and see whether it delivers on its attempt to make real security and safety in the Internet Age an accessible reality.

The Dangerous Internet

I want to identify four major, dangerous attack vectors that exist in the Internet:

  1. The Government
  2. Cloud-based Information Companies
  3. Your Friends
  4. Crackers and Malicious Hackers

Let's take each one of these in turn.

The Government

I am continually amazed at how many people readily acknowledge the dangers of the government having free access to all personal information on the Internet, and then turn right around and think that it is not relevant to them, or that it doesn't matter. Here are some of the common phrases that I hear:

  • I'm not doing anything wrong, so what?
  • It keeps us safer and protects us from terrorism, so it's worth it.
  • There is nothing we can do.
  • The government doesn't do that!
  • We can use the legal system to stop the government from doing this.
  • It only hurts the criminals.

I am completely flabbergasted by the number of people who think this way. Much of this reveals an implicit trust of the Government, and furthermore, not only a trust of the current administration, but a trust in the continuing benevolence of an entity that has demonstrated how un-benevolent it really is, over, and over, and over again. The problem here rests firmly in the idea that the government abuses its power; if not now, then it will undoubtedly do it in the future, and very likely within your lifetime or the lifetime of one of your immediate relatives. There may not be a law or statute criminalizing what you do right now, but that won't stop the government. History is nearly defined by the various points in time where the governments have spent time criminalizing things that should not have been. Let's just look at a few examples!

  1. Salem Witch Trials
  2. Treatment of the Japanese in WWII in America
  3. Treatment of the Chinese in WWII by Japan
  4. Treatment of the Jews in WWII by Germany
  5. Treatment of Christians in the Russian Communist Regime
  6. Treatment of Slaves in early America
  7. Treatment of Christians in China
  8. Treatment of just about everyone at one point or another in the French revolutions
  9. Abuses of Law Enforcement in Modern America
  10. Persecution of various people, including Christians, in Public Schools all over

The list goes on. Take a stance on an issue somewhere, and chances are you will find yourself under fire at one point in history or another, and very likely somewhere in the Modern World these abuses continue to be perpetrated on repeated occasions. What this all has in common is that you don't have to be doing anything wrong to be considered a criminal by the government at some point. When the government has complete access to your data in the way that they do today with programs like PRISM and the like, where the safeguards are literally about as much as the NSA saying, "Scouts honor," relatively mundane things that you thought didn't matter at one point or another suddenly can be used against you in a court of "law."

What people should realize is that this is a very real, very present threat. It matters, and it matters a lot. This is not alarmist thinking, but it is simple common sense. You want to protect yourself and keep control of the government. Knowledge is power, and letting the Government have complete access to all of your information is considered a violation for a good reason: such information is a powerful tool that can be used as a tool for abuse of a class of people precisely at the encouragement of the rest of society. Governments, like the abuses occurring in America today, usually violate and abuse some of its citizens at the encouragement of the rest of the society, with everyone thinking that it will never happen to them, until it is too late to do anything about it, and then it happens to them.

This particular attack vector has a number of different ways that it can get to you. For one, the government could just hack directly into your computer and try to get all of the information on it. However, with so much in the cloud now, it's much easier for them to just force companies to hand over your information, which they collect in droves, for their benefit. The laws are increasingly moving to allowing them to do this without any difficulty and without first having a just cause, probable or otherwise, for doing this. The information that is sent across the Internet can also be snooped and eavesdropped on in the same way that a wire Tap can be used. It's even easier to set up, too. In this way, it doesn't matter if the company in question stores your information, if it is sent out in the air, then it can be found. That's three relatively easy attacks that people often leave wide open for the Government to get easy access to their systems.

Cloud-based Information Companies

Now, you may or may not think that the Government is a danger when it comes to cloud-based information, but that just isn't the case. It would be nice if there were only one enemy, but there are many. Firstly, what is a cloud-based information company? These are companies which store information, your information, for you, on their servers, so that you can access it anywhere, or that provide a service that you access on their servers, through the Internet. Such companies would include all of Google's services and products, Bing, search engines, email providers, instant messaging, forum and Usenet discussion groups, web sharing and web hosting, video conferencing, and the like. Many of these companies offer their services without monetary fee, because what you are paying with is your information, your personal, identifiable information. They often use this information to produce targeted advertisements or to develop interesting new products that they know you will use or can be used to help market researchers understand a new product that they want to push to market. In short, the new currency is your personal information.

The problem with these companies is that they often share your information, and even if they don't share your information, you've given them that information, and it's only your word that nothing bad will be done with it. However, there are many very real cases demonstrating that this just isn't the case. This can lead to embarrassment, abuse, and all sorts of other things arising either from the legitimate or illegitimate use of your information. Those companies can be hacked, and they are much more likely to be hacked seriously because their potential value of the information is so great. Identity theft, government abuse (see above), and simple social awkwardness are all possible abuses that can happen.

Basically, you get some interesting conveniences with cloud-based services, but you also expose yourself to many online dangers. Is it really worth it if there are good alternatives?

One other thing to remember is that cloud-based information companies often have very limited real security when it comes to the handling of your information, especially security that you are able to work with, understand, and control.

Your friends

You'd like to think that the only attack vectors and dangers arise from faceless, abstract entities like the Government and big Companies. But one of the really big places where attacks can happen is your friends. You may be able to trust your friends, and well you should, but at the same time, it is also likely that they don't do enough to adequately secure the information that you give them. For instance, if you send them an email that is not encrypted (very few people send encrypted emails in practice) you are relying that your information is now protected on the email server that they use, and not just on your own. Even if you carefully maintain your own private server with all the appropriate privacy measures in place and security that you want/need, as soon as you send something to someone else, it's out there, and likely not well protected.

Facebook is a great example. We often might want a thing to be disseminated among our friends, and so on from them to other friends, and out into the world. Sometimes we want information to only be visible to a single person. There is no way with Facebook to disseminate information in a way that can be wide-spread without risking your identity. In short, when something is sent out, it's almost always traceable back to the original author. That may be fine in some cases, but in many cases, it might be better if it were not. You may trust your friends, but you might not always trust the friends of friends of friends that can end up learning something about you.

Now, if you have untrustworthy friends, there is not much you can do, because they are the intended recipients of the information you are sending out, but you can try to do something about the spread of information so that information can be spread without you endangering yourself unnecessarily to send it out.

Crackers and Malicious Hackers

Finally, we have the traditional cracker, which cracks systems and gets into everyone's business. I think that this is a fairly well known attack vector, but a lot of people might not understand how it can happen. In general, this is the attack vector against which most people are best protected. Nearly everyone has some sort of virus protection or firewall protecting their computer from attack, and so do the companies with your information. That does not make it impossible to be cracked wide open and robbed blind, but it certainly makes things more difficult. And many of the modern encryption protocols in common use are designed to protect information in transit from one system to another, which helps to protect very well from the kind of attacks that might be easily or readily leveled against you from this vector.

How secure are you today?

If you ask most people, the security measures that they have in place protect them most against the fourth vector of attack, crackers. They use SSL to encrypt their web traffic, and they might ensure that they connect using an encrypted channel to their email and the like. similar defenses exist for video conferencing and all the other common means of communicating. On the other hand, that's usually about as far as it goes. They'll usually have some sort of spyware and virus protection on their computers or else be able to live effectively without it.

Unfortunately, there are a lot of things that people can do to make themselves less secure, and they often do just that. Using the same password in too many places and using the same password for important and less important things. Making the password too easy to crack, and so forth.

A very few people go beyond this and actively use protections that are greater than this. Why?

Traditional Security

What are some additional securities beyond the most common that people could use? There are a few, let's look at the most accessible one first. Whole disk encryption.

On all modern operating systems, including UNIX, Linux, Windows, and Mac OS X, there is a way to encrypt your hard drive and protect all of your files. This is a huge step to improving the overall security of your computer. It's not perfect, because there are still some ways to break this encryption, and often people don't take adequate measures securing the "keys" that open these encrypted disks, but it's certainly a huge step if people could just encrypt their whole disks as part of the effort.

What's even more amazing is that this isn't a place that traditional security has failed. It's actually quite usable and easy to do this in most cases, and sufficiently robust to cover the vast majority of users more than they thought they could get. Everyone should do this.

But now let's look at a few of the other methods. Email is one of the other most common forms of communication, and it should be something that people care about protecting. Unfortunately, the current best solution for securing email is known as PGP, which is the current best known method of doing encryption for these sorts of things. In fact, it works really well, and while it only encrypts the body of the message, and not the recipients or the sender or subject, it is light years better than what normal email gets, which is usually transmitted in the clear at one point or another, or at least stored in the clear. Unfortunately, most web-based interfaces for email do not support PGP encryption, and it's against their business to do so, because they make their money by collecting your information. If you just kept all of your information secret, it would vastly reduce the amount of value that they were gaining by letting you use their system. So this leaves the email clients that you download and run on your local computer, and the default ones available on most platforms don't support this security very well. There are email clients that do support them, but the common clients from Microsoft, Apple, and others do not support it easily out of the box on the platforms that people most commonly use.

So here, the issue is less with the technical quality of the security solution, though there are problems with that, but more with the usability of the system. Basically, people find it difficult to get setup and use. There are many steps to get it working, and there are very few all in one solutions on Windows and Mac that work well.

We can pretty much lump video conferencing, instant messaging, and the like into a single group. The situation here is pathetic. The most popular solutions are the most insecure ones, and the ones that do have some levels of security are hard to use or unreliable.

Finally, there are the forums. Forums, which I include with mailing lists and Usenet are all designed to be more or less public. They are meant for the public dissemination to at least a group of more than one or two, and usually a rather large group. In this case, there are a few things that become important. Firstly, you may want to remain anonymous, but current forum systems don't allow this. There's no way to protect yourself. Exchanging potentially dangerous or private information in a group that is public might be something useful and important, and often is, but we often lie about the names that we have or other things in order to protect ourselves, but this doesn't actually work all the way down. On the other end of the spectrum, we may have people impersonating us, trying to say things that we don't want to say or to appear as coming from us. In this case, we actually want to be able to prove that we wrote something. This is also rather difficult to do in some forums and mailing lists, as it's easy to spoof other people's identities there.

And finally, all of these systems have a common flaw. They rely on centralized servers. These centralized servers are a threat to anonymity, and a threat to your own identity. They store your passwords, and link you to all sorts of activities. They cache information about you that can be used against you later, and they can be cracked, creating a leak of information and a potentially source of impersonating you. Governments can take control of central servers, taking complete control of the information on them, and so forth.

How RetroShare can help

In the end, there are a few things that you want in a complete, secure communications framework.

Firstly, it should be decentralized. That means that it should not rely on any given single point of failure, such as a central server, for operation. You shouldn't have all your information under the control of a single group or entity. Ideally, the information should be distributed across many computers that are own and operated by different people. These should be people that you can trust with your information. In this way, it helps prevent censorship by having the information removed from the central source, and it also makes it more difficult to attack that many servers owned by that many different people, provided that everyone is reasonable about their security.

Secondly, it should allow for truly anonymous communication. Information should be able to get out to many people without people necessarily being able to trace the originator of this information. This includes things like tracing a person's IP.

Thirdly, it should encrypt everything. Assuming that the computers are reasonably secured by using readily available disk encryption and the like, want everything that is transmitted to be encrypted to the highest degree possible. And this means more than just encrypting the line, but also making sure that the encryption at the other end ensures that only the intended recipients can read the message, and not someone who happens to intercept the message partway through. These multiple layers of encryption are important, allowing you to get the highest degree specificity. You want to encrypt things so that the fewest number of people possible will be able to see it.

Fourthly, you want to be able to prove that a message came from you if you want it. Sometimes, it's important to have the opposite of anonymity, which is proof that someone did in fact say something.

And finally, and this is really important, you want to create the minimal impact on the convenient use as possible. People don't like change that often, and many people don't use current encryption technologies precisely because they don't find it easy enough to use. It should be easy to use while still being highly secure. Current solutions are either easy and insecure, or hard and mostly secure.

RetroShare is a communications framework that attempts to deliver on all five of these points. And actually, it does pretty well. It provides all of the above features, enabling instant messaging, forums, a form of blogging, email, and group chat in ways that allow for decentralized communication in secure forms. You can be sure that your information is encrypted using the latest encryption technologies, and the current best practices regarding secure communications. Moreover, it's much easier to use than current solutions.

That doesn't mean that there is not room for improvement. The biggest current limitation is that the GUI program for the RetroShare system is not the best looking and doesn't always feel the nicest to use, but it is functional. Work is active on a web-based and phone-based application that allows you to use RetroShare through these two mediums, instead of a desktop application. I see improvements to RetroShare in its future as well in terms of usability. There are also some inherent differences to using decentralized communication than centralized communication. These issues aren't really deal-breakers though, and there are things that can be done to help mitigate the apparent limitations.

I will leave other people, such as the RetroShare home page linked at the top of this article, to describe RetroShare in more detail, including its cryptographic basis and all the various features. It could do with some more documentation and it would be nice to see other improvements, but overall, people who pay attention will be able to make it through and learn what they need to in order to use the application.

Getting Started

The biggest thing you'll want to know is how to get started. This is where RetroShare does pretty well I think. For the amount of security that you get, RetroShare is really easy to get started. Once you install the RetroShare application, you create a unique identity. This is your online identity, with a private and public key. The public key is a certificate that you give to everyone else, that allows them to communicate with you, and the private key is one that you keep hidden and safe, which is your secret, allowing you to decrypt messages that come to you, and sign messages proving that you are who you say you are.

After creating your identity, you need to add friends. To add a friend, you and your friend send each other your public certificates. RetroShare makes this very easy by allowing you to export your certificate to a file or copy it to your clipboard, where you can paste it into an email or attach it. Once you have exchanged certificates with your friend, and both of you have added each other as friends in the RetroShare application, you are connected. Once connected, you can email, chat, and share content between one another. This includes content from friends of friends, forums, channels (sort of like blogs), and chat groups. However, even though you are sharing information, friends of friends are insulated from you, so that they might not know where the information is coming from, only knowing that a given friend as the information, not where it came from. Likewise, you can share files between friends and friends of friends and so on, without ever knowing who gave you the file. This allows for information to get out and shared between people while still protecting your identity.

The default of RetroShare is to keep everything secure, and all of the encryption and decryption happens automaticaly, making the actual use of secure communication as easy as regular communication, except more secure. The only extra hurdle is that you need to add your friends and they need to add you. But if you think about it, this is exactly what you do in Facebook or any other social media application. It pays off big time in terms of being able to share information and be sure that you know the identity of senders and keeping your information secure.

Conclusion

All in all RetroShare is the first application that manages to combine real cryptography and security into a package that is relatively easy to use and cross-platform. Pretty much everyone will be able to use RetroShare, and it makes a fine replacement for things like Facebook and Google's communication framework, which are some of the worst security holes in our Internet world. I hope that everyone will give it a try and make sure to spread the word. The more people are accessible on the system, and the more people use it, the more useful RetroShare becomes. It's hard to imagine not working in Facebook, but I can't help but hope that people will be willing to exchange their horrible Facebooks ( :-) ) for RetroShare certificates of more Security and less ads.

As a final note, one should recognize that sometimes RetroShare doesn't address certain things. For instance, it's meant to be a Friend-to-Friend network, and it's not designed to be an information dissemination platform for random audiences that you don't know. Sure, information can spread across the network, in the same way that people can share information on Facebook, but it relies on the idea of friends and friends of friends sending information, mirroring information in a secure manner. However, for almost all our modern communications, RetroShare is a really, really good solution. You can even setup "pseudo-servers" to serve as nodes for sharing information and providing an insulation barrier between you and your "audience." I haven't seen a lot of this happening yet, but I imagine that it could happen more in the future as more people use RetroShare.