A new version of Syme has now been published for Google Chrome. You may know that this is a new social network designed to be so private that your posts can’t even be read by the people who run the network. They’ve also released a whitepaper explaining why their system is novel.
In my opinion Syme is special because it’s really easy to use but still manages to set up true end-to-end encryption. Other tools like PGP are much more complicated. Even if you don’t know anything about cryptography you can use Syme.
If you are one of these people who doesn’t know about cryptography, I wrote this post for you. I want to explain how Syme is special and why it’s better than, say, Facebook. Definitely give it a go, perhaps even before reading the rest of this.
Understanding how you maintain your privacy isn’t so hard. You simply need to follow some logic about what is and isn’t encrypted and who has the passwords.
Before we begin - a little bit of theory
We need to quickly look at two different ways of encrypting a message, both of which are used by Syme. These methods are called symmetric and public-key encryption.
Symmetric encryption is the sort where you lock up a message using a password. You take a message that you want to encrypt, come up with a password like “banana”, do some calculations and receive an encoded version that makes no sense on its own. Anybody who knows that the password is “banana” can take the code and convert it back to the original message.
Public-key encryption is what you use when you want to send a secret message to one specific person only. Suppose your friend wants to send a secret message to you. First you need to create some sort of digital identity that’s unique to you. You ask your computer to generate a keypair. This comes in two parts – a private key and a public key. Imagine these as two small files on your hard drive containing data that looks like gibberish (sometimes they are stored this way). You keep the private key to yourself. This is your identity that represents you. You give the public key to your friend – or just post it on the Internet. Anybody can have your public key.
Your friend types his secret message into a piece of software and also gives it your public key. It spits out encrypted data that can only be decrypted by the person who has the corresponding private key – that’s you. That’s why it’s very important to keep the private key to yourself.
Armed with these two techniques we can explain the most interesting parts of Syme: how your posts are protected, and how you can keep all your data on the Syme server without them being able to read it.
It’s not about money…
When you log in to Syme you are presented with a list of groups. Each group looks and works much like a Facebook page. You can post text messages, photos, videos and files. You can create new groups and join existing ones if you’re invited.
In Syme a group is an encrypted conversation between its members. Nobody else can read the posts, including the people who run the Syme servers. All group members have the ability to invite new people, who can then see all the old posts and add their own.
Suppose Alice is in a group with Bob and Charlie. Alice has a private key that she uses for that group. She has already given the public key to Bob and Charlie. This means Bob and Charlie are each able to send her encrypted messages.
Bob transmits a new message to the Syme server and Alice wants to read it. Bob has encrypted segments of the messages in different ways. These are the relevant parts:
The message is encrypted with symmetric encryption. Alice needs to know what the password is (a much longer and more complicated version of “banana”). We’ll call this password the message key. So how does she get the message key?
Alice’s computer looks through the attached keys to find one that’s addressed to her. This is the message key she needs, but it is itself encrypted. It has been encrypted using Alice’s public key. Alice can use her private key to perform the decryption:
So in total Alice has to do two steps of decryption. First she decrypts the message key using her private key. Then she uses the message key to decrypt the message.
You can see that the only people who can possibly read this message are Alice, Bob and Charlie. Bob encrypted keys for Alice and Charlie and also for himself. As soon as Bob sent the message he deliberately forgot the message key. If he logs on somewhere else he will want to be able to re-download his old post and be able to see what he wrote.
Syme stores this message on their server. They can see who is involved, when the message was sent, roughly what size the message is, the internet addresses of each person, and when each recipient received the message – but they cannot read the message itself.
Now we start to appreciate what Syme can and cannot do. It is not anonymous and it does nothing to hide your communications with particular people. It does however provide encryption such that if the NSA forced Syme to hand over all their computers they would still not know what you actually said.
If the NSA wanted to get the unencrypted contents of a group, their easiest option would probably be to get someone already in the group to invite an account controlled by an NSA operative. Alternatively they could break into one of group members’ computers, apparently not a difficult task.
This is perfectly good for, say, friends or colleagues sharing stuff with each other. We’re getting essentially the same level of security as encrypted email, except much easier to use for everybody involved.
On the other hand this is completely insufficient if you are a journalist trying to protect the confidentiality of your sources. If you were sent messages or documents their contents would be obscured but there would almost certainly be some sort of trail leading back to the sender.
Unfortunately there remains a pretty fundamental gap in our understanding. We assumed that Alice would have her private key right there ready to go. This is okay if you can save your private keys on your hard drive but Syme is meant to work across multiple computers and on your phone or tablet if you have one. If you jump on a new device and type in your username and password how can it possibly decrypt any messages?
Keeping your keys handy
Every time you create or join a group you create two new keypairs to use in that group – one for encryption (that’s the one we were talking about before) and one for signing (we ignored that one). If you’re in 5 groups you have 10 different private keys to keep track of, plus everybody else’s public keys. That’s a lot of keys. The good news is that Syme is happy to store all of this on their server for you in what they call a keyfile.
However, you don’t want Syme to know your private keys. You have to encrypt your keyfile before you send it off. This raises a tricky question – what password do you use to encrypt it?
Suppose you’re logging on using a fresh computer. You only have your email address and your password. You don’t have any private keys on hand. You want to achieve two things:
- Convince Syme that you are who you say you are and log on. You can then download your encrypted keyfile and all the encrypted posts.
- Decrypt that keyfile so you can access all your lovely private and public keys.
That’s two separate tasks you need to achieve with one password. Happily they have come up with a solution.
Essentially your computer will do some maths on your password (it’s called a key derivation function) to make a much bigger version of it, with the special feature that it’s impossible to calculate backwards and find out what the original password was.
This enlarged result is chopped neatly in half. The first half is used as your “actual” password to log on to Syme and get your keyfile. The second half is used as a symmetric password to encrypt and decrypt that keyfile.
The Syme server never ever sees the password you typed in, nor the keyfile encryption password. You can save keys in your keyfile, encrypt it, upload it to the Syme server and be confident that they won’t be able to read them.
…Or can you? If you download an app from Syme, how can you know that it’s actually doing all this stuff rather than just sending your password and your keys straight to them?
Pass the source
As with any software, you have to trust it to some degree. Syme so far is releasing the source code for the parts of their software that relate to encryption and key management. The theory is that if you can read the code that does the encryption you can check to make sure that it’s doing the right thing.
In practice it’s a little murkier. If you’re running it on an Android or Apple phone there are myriad exploits already used by black hat hackers and law enforcement to take over your phone. If you have a well-resourced adversary you simply don’t want to be typing anything important into your phone. You have to trust processes like Apple’s App Store to deliver the product to you from Syme without malicious modifications.
If Syme gains traction I expect that 100% open source projects will start up to independently implement Syme encryption and protocols. More paranoid folks might prefer to use these instead. It remains to be seen how this would fit into Syme’s as-yet-unexplained business model.
This has been a brief tour of how Syme keeps your posts private. There is of course a lot more to it, particularly when it comes to inviting new people to groups and verifying the other person’s identity.
Syme has demonstrated that it is possible to build a pretty and user-friendly social network that prioritises your security – more sophisticated systems will certainly follow.
A couple of closing thoughts:
This service is probably going to cost money. Facebook makes all of its money by targeting ads at you and selling data about your connections and interests. Syme will probably have to charge some sort of subscription fee to hold an account, perhaps beyond a certain number groups. If this comes to pass I would advise that it’s well worth paying a few bucks. The network should be the product – not you.
Finally, this is all very early days for Syme. Holes may yet be revealed in their cryptography or in the software they’ve written. Nonetheless I’m much more excited now and will certainly be following to see where they go from here. I suggest you do too.