Connect with us

Technology

Wormhole encrypted file transfer app reboots Firefox Send after Mozilla fled • The Register

Voice Of EU

Published

on

Earlier this month, a startup called Socket, Inc., launched Wormhole, a web app for encrypting files and making them available to those who receive the URL-embedded encryption key, without exposing the files to the cloud-based intermediary handling the transfer.

That may sound a bit like what Mozilla tried to do with Firefox Send, launched in 2017 and shut down a year and a half later. And that’s intentional.

“Wormhole is a reboot of Firefox Send, but with many improvements,” explained Feross Aboukhadijeh, a widely known open source developer and co-founder of Socket, in an email to The Register. “We loved Firefox Send and were so disappointed when it was shut down that we decided to rebuild it, but with additional enhancements.”

Wormhole offers the same sort of free service: You load the app in your browser and select up to 10GB of local files. The files get encrypted locally and uploaded to Socket’s servers. You’re then presented with a URL that looks something like this:

https://wormhole.app/V0o7p#iyT9HT_3MXby3Y0VuurdLA

The link can then be texted, emailed, or otherwise sent, allowing recipients to download the protected files for 24 hours in unencrypted form before the link expires.

dropbox

Dropbox absorbs DocSend to add analytics, secure links to document sharing

READ MORE

But Wormhole has some improvements over Firefox Send, notably its support for instant streaming, which allows file links to be shared even before the file is fully uploaded.

“Wormhole uses super fast P2P transfer when possible, which comes in extra handy when both devices are on the same network (since data transferred over the local network is much faster than going out and back to the internet),” explained Aboukhadijeh.

Wormhole is intended to provide a more secure alternative to cloud service providers where uploaded files are not encrypted end-to-end. But Aboukhadijeh said he and his co-founder, developer John Hiesey, believe speed needs to accompany security.

“The sad truth is that for most people, an app with better security or privacy alone isn’t enough to get them to switch from an insecure alternative,” he said. “So we wanted to make Wormhole fundamentally better in other ways too. That’s why we focused so much on making Wormhole faster than mainstream alternatives like Dropbox, Google Drive, and WeTransfer – all of which do not support end-to-end encryption and are slower than Wormhole.”

In that, Wormhole succeeds admirably: It loads quickly and scores well in Google’s Page Speed Insights test, which can be partially explained by the absence of ads and “creepy tracking” scripts, as the app documentation put it.

The app uses the same encryption scheme as Firefox Send – 128-bit AES-GCM encryption – to encrypt files before they leave the browser.

Managing the Layer Eight problem

The reason Mozilla cited for shutting down Firefox Send was abuse – Mozilla at the time said Send was used to distribute malware and conduct spear phishing attacks. Aboukhadijeh said he believes that will be manageable.

“We think it’s encouraging that other products that offer end-to-end encryption like Signal and WhatsApp have managed to handle abuse, malware, and other threats,” he said. “We plan to follow the same approach with Wormhole.”

“If it comes to it, we may need to introduce client-side virus scanning to protect downloaders from malware, without sending files to our servers. There are many promising approaches we can explore if this becomes an issue.”

As for demonstrating to potential users that Wormhole’s security claims can be trusted, Aboukhadijeh said Socket plans in the coming days to open source the app’s cryptography code for analysis by the security community and to launch a bug bounty program with rewards of up to $1,000. Longer term, he said, the plan is to hire security auditors to produce a formal report.

All that takes resources and perhaps unsurprisingly, there’s hope for revenue from what’s currently a free service.

“We’re planning to introduce a Pro plan which offers larger file limits, customizable link expiration times, and additional features,” he said. “Eventually, we may introduce other privacy-focused products which we may charge for as well.”

An enterprise version of Wormhole, catering to industry-specific security requirements is also under consideration. Law firms, accountants, and medical professionals, Aboukhadijeh suggested, are ill-served by mainstream cloud storage services and current secure file transfer apps fall short of what they could be.

Asked why Wormhole was built as a web app, Aboukhadijeh expressed enthusiasm for the web.

“Brendan Eich likes to say ‘Always bet on JavaScript,'” he said. “I’ll add to that ‘Always bet on the Web.’ I think there’s no better app runtime. The web is safe, accessible, easy to use. Web apps have wide reach and a low barrier-to-entry.”

In the past, he said, he’s worked on innovative projects like WebTorrent that push browsers to their limits and he sees Wormhole in the same way. “We want to be an example of what a modern fast web app can do,” he said. ®

Source link

Technology

‘I was just really scared’: Apple AirTags lead to stalking complaints | Technology

Voice Of EU

Published

on

In early January, Brooks Nader, a 26-year-old Sports Illustrated swimsuit model, was walking home alone from a night out in New York when she received a disturbing iPhone notification telling her she was carrying an “unknown accessory”.

“This item has been moving with you for a while,” the alert read. “The owner can see its location.”

That’s when she knew “something wasn’t right”, Nader told the NBC news program Today. Nader discovered that somebody had slipped an Apple AirTag into her coat pocket while she was sitting in a restaurant earlier. Unbeknown to her, the device tracked her location for four hours before Apple’s abuse prevention system triggered the notification to her phone.

AirTags are wireless, quarter-sized Bluetooth devices that retail for $29 each. Apple launched the product in April 2021 as tracking tools that users can pair with the company’s Find My app to help locate lost belongings, like backpacks or car keys.

Yet AirTags have proven easy to abuse – police in New York, Maryland, Idaho, Colorado, Georgia, Michigan, Texas and elsewhere both within the US and internationally, have reported instances of AirTags being used to stalk individuals, as well as to target cars for theft.

Last week, the New Jersey Regional Operations & Intelligence Center issued a warning to police that AirTags posed an “inherent threat to law enforcement, as criminals could use them to identify officers’ sensitive locations” and personal routines.

AirTags have abuse-mitigation features, including pop-ups like the one Nader received, and an alarm that beeps at 60 decibels (a conversational volume) after the AirTag has been away from its owner anywhere between eight to 24 hours.

Near the end of 2021, the company released a new Android app called Tracker Detect, which was designed to help people who own Androids discover suspicious AirTags near them – yet the app must be proactively downloaded and kept active to be effective, and is only compatible with Android 9 or higher.

The outcome of more anti-stalking mechanisms is that more people are realizing they are being stalked. On 14 January, police in Montgomery county, Maryland, responded to a call from a person who was stalked home from a movie theater after an AirTag was planted on their car. Around the same time, two California women called 911 after receiving a notification that their whereabouts were being tracked while out shopping. A 30 December report from the New York Times cites seven women who believe AirTags were used to surveil them. On social media, posts from mainly women sharing their own experiences of being tracked by AirTags have drawn attention to the issue, with one TikTok video from November 2021 receiving more than 31m views.

If you suspect you’re being tracked, the conventional wisdom is not to head home, but rather call – or go to – the police. However, law enforcement responses to incidences of AirTag stalking have thus far been inconsistent, and help is not always guaranteed.

When Arizona’s Kimberly Scroop went to local police after receiving an iPhone notification that she was being tracked in September last year, “they were not interested in taking a report, they didn’t take my name or phone number,” she says. “They said if I noticed someone following me, to call the police then.”

Scroop went home and made a TikTok video about her experience being tracked, thinking she should “make as much noise as possible, so there was some public record of it” online in case anything bad happened to her. “I was having a mini panic attack, just really scared,” she says in the post that has now been viewed more than 5.5m times.

In New York, Jackie’s Law – passed in 2014 to allow police to charge people using GPS tracking devices to stalk victims even if the victims have not pressed charges – contributed to police in West Seneca’s decision to subpoena Apple for information about a case involving an AirTag attached to a victim’s car bumper. Nonetheless, Nader claims she was unable to file a report after being tracked in Tribeca, New York City, as police told her no crime had been committed.

In an official statement, Apple says it will cooperate with police “to provide any available information” about unknown AirTags people discover on their person or property. “We take customer safety very seriously and are committed to AirTags’ privacy and security,” says a spokesperson.

Ultimately, their built-in anti-stalking mechanisms and the fact that they can be easily disabled when discovered render AirTags less dangerous than other forms of stalkerware. “If you really are nefarious and evil and you really want to find someone, there are things that are much better than an AirTag,” in the $100 to $300 range, says Jon Callas, director of technology projects at the Electronic Frontier Foundation.

Indeed, stalking affects an estimated 7.5 million people in the United States each year, and one in four victims report being stalked through some form of technology, according to the Stalking Prevention Awareness & Resource Center. And it’s on the rise: a 2021 international study by the security company Norton found the number of devices reporting stalkerware daily “increased markedly by 63% between September 2020 and May 2021” with the 30-day average increasing from 48,000 to 78,000 detections. There are thousands of different stalkerware variants, such as Cerberus, GPS tracking devices and Tile, a Bluetooth-enabled AirTag competitor that announced a partnership with Amazon last spring.

To Callas, the conversation around AirTags is drawing much-needed attention to the potential for technology to be misused; he hopes more people will consider the safety risks of tracking devices, regardless of how innocent they seem. “If you make a generalized technology that helps you find your lost keys, it can help you find anything,” he says, “and that includes people”.

Source link

Continue Reading

Technology

UK mulls making MSPs subject to mandatory security standards • The Register

Voice Of EU

Published

on

Small and medium-sized managed service providers (MSPs) could find themselves subject to the Network and Information Systems Regulations under government plans to tighten cybersecurity laws – and have got three months to object to the tax hikes that will follow.

Plans to amend the EU-derived Network and Information Systems Regulations (NIS) are more likely than ever to see SMEs brought into scope, as The Register reported last year when these plans were first floated.

NIS is the main law controlling security practices in the UK today. Currently a straight copy of the EU NIS Directive, one of the benefits of Brexit leapt upon by the Department for Digital, Culture, Media and Sport (DCMS) is the new ability to amend NIS’s reporting thresholds.

Bringing MSPs under NIS “would provide a baseline for expected cybersecurity provision and better protect the UK economy and critical national infrastructure from cyber security threats,” as UK.gov said in a consultation document issued on Wednesday. Its plans are for MSPs, currently not subject to NIS, to be brought into the fold. This includes defining what an MSP does, legally, and possibly ending NIS’ existing exemption on SMEs.

“The government recognises the strong need to minimise regulatory burden on small and micro-businesses particularly in a rapidly evolving industry such as this. However, recent incidents have highlighted the scale of risk that can be associated with managed service providers – regardless of their size,” said the consultation document.

In essence, if an “operator of essential services” or a critical national infrastructure business outsources something to your MSP, prepare for NIS compliance.

And the flip side: money

Enforcement of NIS is carried out by the ICO, which is getting a funding bonus if Parliament nods through the NIS amendments. Initially coming from general taxation, in time DCMS wants to “extend the existing cost recovery provisions to allow regulators (for example, Ofcom, Ofgem, and the ICO) to recover the entirety of reasonable implementation costs from the companies that they regulate.”

SMEs across the whole British economy are already familiar with this kind of “cost recovery” activity through stealth taxes such as the ICO’s data protection registration fee.

Andy Kays, chief exec of a managed detection and response firm in London called Socura, agreed that “further market intervention is required to help raise the bar to protect the UK economy.”

“However,” he added, “I do believe that interventions like Cyber Essentials, GDPR and NIS have raised the profile of cyber and data security in the UK, and have improved understanding and investment where they are applicable among businesses.”

Jake Moore, global cybersecurity advisor with Slovakian infosec firm ESET, also agreed, saying in a statement: “Essential services are desperately in need of better protection so these new laws will help direct businesses into a more secure offering with the help and direction required. Laws often may seem like they do not go far enough but digital crime is fast paced and the goal posts constantly move making such plans difficult to project or even become out of date by the time they land.”

The consultation closes on 22 April. As well as questions about money, DCMS is also asking about whether the regs should be extended to SMEs and how detailed they ought to be. Have your say via theses 66 pre-formatted questions. ®

Source link

Continue Reading

Technology

7 early-stage start-ups NDRC is accelerating in 2022

Voice Of EU

Published

on

The first cohort of the NDRC accelerator by Dogpatch Labs has four female co-founded start-ups and two international ones.

After taking over the NDRC accelerator from the Government in 2020, Dogpatch Labs gave it a makeover and launched its first cohort of 11 early-stage start-ups last year.

This year, they are running two accelerators with two separate cohorts and increasing the total number of participating start-ups from 11 to 14. The first cohort, H1, has a total of seven start-ups – four of which have female co-founders.

Announced yesterday (19 January), the first cohort also has two regional start-ups and two international start-ups co-founded by Irish CEOs who graduated from top international talent accelerators Antler and Entrepreneur First.

Here we list NDRC’s first cohort of seven early-stage start-ups in 2022 representing the next generation of Ireland’s start-up ecosystem who are gearing up for Demo Day on 7 April.

Image: Dogpatch Labs

Filter

This start-up helps patients with breathing difficulties such as asthma or chronic obstructive pulmonary disease (COPD) to monitor their health. A device called Filter can be used by patients in conjunction with an AI-powered digital health coach called Kos to track their respiratory health and get alerts when something’s wrong.

Filter was founded in 2020 by Andrew Gallagher and Stephen Keenan, both University College Dublin alums. Gallagher, who is the chief technology officer, is an engineer by profession, while Keenan has a background in both law and computer science.

GreyScout

GreyScout offers a business tool for companies that want to protect their brand against intellectual property (IP) infringements and counterfeits. The start-up’s product scans across online domains including marketplaces, search engines, websites, social media channels and web forums to identify and remove policy violations and unauthorised content, alerting clients in real time.

On a mission to ‘democratise IP protection’, GreyScout was founded in 2019 by chief executive John Killian and chief technology officer Chris McCauley.

Herd

This start-up has built a novel social platform for sports fans to discuss live matches with friends and make predictions on the outcome. In a game-like interface, users have to compete against each other in guessing next moves of sports payers and the winning side – enriching the virtual live entertainment experience.

Herd was co-founded by Jack Cantillon, who is the chief executive, and Robert Minford, who is the chief technology officer. A qualified lawyer in New York, Ireland and the UK, Cantillon was featured in Sports for Business 30 Under 30 in 2020.

Jama AI

Jama is a start-up that uses natural language processing to help B2B sales reps with communication intelligence and analytics. The platform is a one-stop-shop for all the messaging channels used by sales reps, such as WhatsApp, WeChat and Line, to make customer relationship management simpler and win more deals.

It was co-founded by Kerry-based Aisling Hayes, who is the chief executive of Jama with prior experience in founding and running start-ups in Ireland. Jama graduated from the global accelerator by Antler, an early-stage VC firm based in Singapore.

Öogo

This Dublin-founded start-up connects people who need childcare with those who are looking to provide it. Childcare providers called Minders who can be booked to offer a wide range of services including online tutoring, baby-sitting and maternity nursing.

With changes in the nature of work for many parents because of remote and hybrid work, Öogo hopes to act as a Tinder for childcare, making it simple. It was founded in 2019 by Kate Clark, who worked in sales in New York for five years before starting the business.

Squid

Squid aims to promote customer loyalty towards businesses by incentivising buy from them through loyalty cards. By partnering with Squid, brands can ask their customers to download the Squid app and get rewards for purchases. And additional business portal helps brands get customer insights and track customer loyalty.

The start-up also helps businesses get discovered on their app through a marketplace where they can advertise special offer and sell vouchers to their community. Squid was co-founded by Katie Farrell and Matthew Coffey

Upskill Marketplace

This online platform helps the HR and learning & development teams of businesses to connect with soft skills trainers and professional coaches. It aims to make the process of finding trainers simpler through its online portal that has all details, including pricing, listed upfront. Trainers with Upskill go through a selection process before listing, and user reviews help businesses determine who to book.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!