Connect with us

Technology

Wormhole encrypted file transfer app reboots Firefox Send after Mozilla fled • The Register

Voice Of EU

Published

on

Earlier this month, a startup called Socket, Inc., launched Wormhole, a web app for encrypting files and making them available to those who receive the URL-embedded encryption key, without exposing the files to the cloud-based intermediary handling the transfer.

That may sound a bit like what Mozilla tried to do with Firefox Send, launched in 2017 and shut down a year and a half later. And that’s intentional.

“Wormhole is a reboot of Firefox Send, but with many improvements,” explained Feross Aboukhadijeh, a widely known open source developer and co-founder of Socket, in an email to The Register. “We loved Firefox Send and were so disappointed when it was shut down that we decided to rebuild it, but with additional enhancements.”

Wormhole offers the same sort of free service: You load the app in your browser and select up to 10GB of local files. The files get encrypted locally and uploaded to Socket’s servers. You’re then presented with a URL that looks something like this:

https://wormhole.app/V0o7p#iyT9HT_3MXby3Y0VuurdLA

The link can then be texted, emailed, or otherwise sent, allowing recipients to download the protected files for 24 hours in unencrypted form before the link expires.

dropbox

Dropbox absorbs DocSend to add analytics, secure links to document sharing

READ MORE

But Wormhole has some improvements over Firefox Send, notably its support for instant streaming, which allows file links to be shared even before the file is fully uploaded.

“Wormhole uses super fast P2P transfer when possible, which comes in extra handy when both devices are on the same network (since data transferred over the local network is much faster than going out and back to the internet),” explained Aboukhadijeh.

Wormhole is intended to provide a more secure alternative to cloud service providers where uploaded files are not encrypted end-to-end. But Aboukhadijeh said he and his co-founder, developer John Hiesey, believe speed needs to accompany security.

“The sad truth is that for most people, an app with better security or privacy alone isn’t enough to get them to switch from an insecure alternative,” he said. “So we wanted to make Wormhole fundamentally better in other ways too. That’s why we focused so much on making Wormhole faster than mainstream alternatives like Dropbox, Google Drive, and WeTransfer – all of which do not support end-to-end encryption and are slower than Wormhole.”

In that, Wormhole succeeds admirably: It loads quickly and scores well in Google’s Page Speed Insights test, which can be partially explained by the absence of ads and “creepy tracking” scripts, as the app documentation put it.

The app uses the same encryption scheme as Firefox Send – 128-bit AES-GCM encryption – to encrypt files before they leave the browser.

Managing the Layer Eight problem

The reason Mozilla cited for shutting down Firefox Send was abuse – Mozilla at the time said Send was used to distribute malware and conduct spear phishing attacks. Aboukhadijeh said he believes that will be manageable.

“We think it’s encouraging that other products that offer end-to-end encryption like Signal and WhatsApp have managed to handle abuse, malware, and other threats,” he said. “We plan to follow the same approach with Wormhole.”

“If it comes to it, we may need to introduce client-side virus scanning to protect downloaders from malware, without sending files to our servers. There are many promising approaches we can explore if this becomes an issue.”

As for demonstrating to potential users that Wormhole’s security claims can be trusted, Aboukhadijeh said Socket plans in the coming days to open source the app’s cryptography code for analysis by the security community and to launch a bug bounty program with rewards of up to $1,000. Longer term, he said, the plan is to hire security auditors to produce a formal report.

All that takes resources and perhaps unsurprisingly, there’s hope for revenue from what’s currently a free service.

“We’re planning to introduce a Pro plan which offers larger file limits, customizable link expiration times, and additional features,” he said. “Eventually, we may introduce other privacy-focused products which we may charge for as well.”

An enterprise version of Wormhole, catering to industry-specific security requirements is also under consideration. Law firms, accountants, and medical professionals, Aboukhadijeh suggested, are ill-served by mainstream cloud storage services and current secure file transfer apps fall short of what they could be.

Asked why Wormhole was built as a web app, Aboukhadijeh expressed enthusiasm for the web.

“Brendan Eich likes to say ‘Always bet on JavaScript,'” he said. “I’ll add to that ‘Always bet on the Web.’ I think there’s no better app runtime. The web is safe, accessible, easy to use. Web apps have wide reach and a low barrier-to-entry.”

In the past, he said, he’s worked on innovative projects like WebTorrent that push browsers to their limits and he sees Wormhole in the same way. “We want to be an example of what a modern fast web app can do,” he said. ®

Source link

Technology

Best podcasts of the week: Sam Smith charts 40 years of progress on HIV and Aids | Podcasts

Voice Of EU

Published

on

Picks of the week

A Positive Life: HIV from Terrence Higgins to Today
BBC Sounds, episodes weekly from 1 Jul
Sam Smith presents this series about the legacy of Terrence Higgins, one of the first people to die of Aids in the UK. The opening episodes tell the story of Terry, “the swashbuckler of life”, with London friends sharing their grief and confusion at his death. There’s optimism, too, as Smith hears from those who fought to make treatment available, and those living with HIV 40 years on. Hannah Verdier

The Last Bohemians
Widely available from 6 Jul

LA’s unsung heroines of rock’n’roll get their moment in the spotlight in the new series of Kate Hutchinson’s fierce female-applauding podcast. As always, the more offbeat characters are the best, starting with Angelyne, the “billboard queen” and hustler. Punk widow Linda Ramone and surrealist Penny Slinger are also coming up. HV

Dear Poetry
Audible, episodes weekly

Luisa Beck believes in the healing power of poetry and she’s spreading the love in a new podcast, with writers suggesting soothing texts to solve people’s problems. At one memorable point, author Luther Hughes gives a 21-year-old looking for love a poem with a powerful message: “You are that bitch – it’s gonna happen when it happens”. HV

Project Unabom
Apple Podcasts, episodes weekly

Notorious serial bomber Ted Kaczynski was the subject of an 18-year manhunt, and this podcast looks at what happened in that time. Host Eric Benson recalls Kacynski’s threats to stage more attacks if the Washington Post didn’t publish his manifesto, and shares interviews with a Dungeons and Dragons club that became the FBI’s initial suspects. HV

Algorithms
Audible, all episodes available

Comic Sadie Clark creates a podcast from her Edinburgh show – once called a “bisexual Bridget Jones for the online generation”. It opens with main character Brooke’s mum (Alison Steadman) spying explicit photos of her online. One breakup later and she’s using the dating app she writes the algorithm for, with pleasingly clumsy results. HV

There’s a podcast for that

Kristin Davis, Sarah Jessica Parker, Cynthia Nixon and Kim Cattrall filming Sex and the City: The Movie in 2007.
Kristin Davis, Sarah Jessica Parker, Cynthia Nixon and Kim Cattrall filming Sex and the City: The Movie in 2007. Photograph: James Devaney/WireImage

This week, Hannah Verdier chooses five of the best TV companion podcasts, from Dolly Alderton’s Sex and the City show to a Scrubs rewatch with stars Zach Braff and Donald Faison.

Obsessed With …
The BBC’s companion series to talked-about shows including Killing Eve, Peaky Blinders and Normal People is always high quality. Line of Duty brought out the big guns with Craig Parkinson, Vicky McClure and Martin Compston all giving their theories ahead of the big reveal, while Sophie Duker secured Michaela Coel for the finale of I May Destroy You. But watchalongs don’t always need high drama, as Evanna Lynch and Riyadh Khalaf proved as they bravely tackled the slowly shifting quadrangle of Conversations with Friends.

Sentimental and the City
If you initially had problems with And Just Like That’s faux-wokery but then grew to love it like a Botoxed old friend, Caroline O’Donoghue and Dolly Alderton hear you. These are women who know their stuff, with O’Donaghue uttering the words: “I don’t like the look of Big on that Peloton and I’m worried” after seeing just the trailer. Their Sentimental Garbage miniseries on the Sex and the City sequel is a place where debate about the divisive depiction of ageing, sexuality and diversity sits perfectly with lighter moments, like giggling over Charlotte’s robot lines.

Squirrel Friends: The Official RuPaul’s Drag Race Podcast
There’s not exactly a shortage of RuPaul-related pods out there, but this one comes from inside the Drag Race community, with hosts Loni Love and Alec Mapa who’ve been there and done the guest judging. Cackling and spilling of the hottest tea comes as standard as they recap All Stars season seven, dissecting all the entrance looks, performances and personalities. Their love for RuPaul never waivers, as they dish out compliments, one-liners and behind-the-scenes gossip after every episode of the hit show.

The Stranger Things Podcast
All-American father-daughter duo Addi Darnell and Darrell Darnell gently mock each other while going into the intricacies of the disturbingly lovable drama in podcast episodes that are even longer than the latest instalments. Is “whet your appetite” a thing? What’s the difference between hellfire and heckfire? And why is Eddie still languishing in high school when his teachers must be so desperate to see the back of him? No fan question is left unanswered in the deepest dive out there.

Fake Doctors, Real Friends with Zach and Donald
With nine seasons of the US medical comedy-drama Scrubs settling into its new home on Disney+, it’s the ideal time to rewatch your favourite episodes – along with its two main stars . JD and Turk (Zach Braff and Donald Faison) are now six seasons into their recaps, screeching with laughter at on-set moments and fondly remembering the times they broke down and cried. Their friendship and unmistakable chemistry is as tight off-screen as on, but occasionally they stop nattering for long enough to welcome guests such as Heather Locklear and Seth Green.

Why not try …

  • The stranger than fiction story of “Ohio’s bear king”, complete with music from Grandaddy’s Jason Lytle in Beast Master.

  • A special dose of summer spookiness, with a trio of new episodes from Danny Robins’s Uncanny.

If you want to read the complete version of the newsletter please subscribe to receive Hear Here in your inbox every Thursday

Source link

Continue Reading

Technology

W3C overrules Google, Mozilla’s objections to identifiers • The Register

Voice Of EU

Published

on

The World Wide Web Consortium (W3C) has rejected Google’s and Mozilla’s objections to the Decentralized Identifiers (DID) proposal, clearing the way for the DID specification to be published a W3C Recommendation next month.

The two tech companies worry that the open-ended nature of the spec will promote chaos through a namespace land rush that encourages a proliferation of non-interoperable method specifications. They also have concerns about the ethics of relying on proof-of-work blockchains to handle DIDs.

The DID specification describes a way to deploy a globally unique identifier without a centralized authority (eg, Apple for Sign in with Apple) as a verifying entity.

“They are designed to enable individuals and organizations to generate their own identifiers using systems they trust,” the specification explains. “These new identifiers enable entities to prove control over them by authenticating using cryptographic proofs such as digital signatures.”

The goal for DIDs is to have: no central issuing agency; an identifier that persists independent of any specific organization; the ability to cryptographically prove control of an identifier; and the ability to fetch metadata about the identifier.

These identifiers can refer to people, organizations, documents, or other data.

DIDs conform to the URI schema: did:example:123456789abcdefghi. Here “did” represents the scheme, “example” represents the DID method, and “123456789abcdefghi” represents the DID method-specific identifier.

“DID methods are the mechanism by which a particular type of DID and its associated DID document are created, resolved, updated, and deactivated,” the documentation explains.

This would be expressed in a DID document, which is just a JSON Object that contains other key-value data describing things like how to verify the DID controller (the entity able to change the DID document, typically through control of cryptographic keys) in order to have a trusted, pseudonymous interaction.

What Google and Mozilla object to is that the DID method is left undefined, so there’s no way to evaluate how DIDs will function nor determine how interoperation will be handled.

“DID-core is only useful with the use of ‘DID methods’, which need their own specifications,” Google argued. “… It’s impossible to review the impact of the core DID specification on the web without concurrently reviewing the methods it’s going to be used with.”

A DID method specification represents a novel URI scheme, like the http scheme [RFC7230] but each being different. For example, there’s the trx DID method specification, the web DID method specification, and the meme DID method specification.

These get documented somewhere, such as GitHub, and recorded in a verifiable data registry, which in case you haven’t guessed by now is likely to be a blockchain – a distributed, decentralized public ledger.

However, there is a point of centralization: the W3C DID Working Group, which has been assigned to handle dispute resolution over DID method specs that violate any of the eight registration process policies.

Mozilla argues the specification is fundamentally broken and should not be advanced to a W3C Recommendation.

“The DID architectural approach appears to encourage divergence rather than convergence & interoperability,” wrote Tantek Çelik, web standards lead at Mozilla, in a mailing list post last year. “The presence of 50+ entries in the registry, without any actual interoperability, seems to imply that there are greater incentives to introduce a new method, than to attempt to interoperate with any one of a number of growing existing methods.”

Mozilla significantly undercounted. There are currently 135 entities listed by the W3C’s DID Working Group, up from 105 in June 2021 and 86 in February 2021 as the spec was being developed. If significant interest develops in creating DID methods, the W3C – which this week said it is pursuing public-interest non-profit status – may find itself unprepared to oversee things.

Google and Mozilla also raised other objections during debates about the spec last year. As recounted in a mailing list discussion by Manu Sporny, co-founder and CEO of Digital Bazaar, Google representatives felt the spec needed to address DID methods that violate ethical or privacy norms by, for example, allowing pervasive tracking.

Both companies also objected to the environmental harm of blockchains.

“We (W3C) can no longer take a wait-and-see or neutral position on technologies with egregious energy use,” Çelik said. “We must instead firmly oppose such proof-of-work technologies including to the best of our ability blocking them from being incorporated or enabled (even optionally) by any specifications we develop.”

Despite these concerns, as well as resistance from Apple and Microsoft, the W3C overruled the objections in a published decision, a requirement for advancing the spec’s status. ®

Source link

Continue Reading

Technology

Irish student wins $40,000 at global entrepreneurship competition

Voice Of EU

Published

on

Nick Cotter co-founded Cotter Agritech with his brother Jack. The Limerick-based start-up has been picking up prizes at home and abroad.

University College Cork student Nick Cotter has scooped the top prize at this year’s Global Student Entrepreneur Awards.

Cotter is the CEO and co-founder of Cotter Agritech, a Limerick-based business that specialises in targeted tech and treatment systems for sheep.

The Global Student Entrepreneur Awards are an annual competition for students around the world who own and operate a business while attending college or university.

The 22-year-old law and business student saw off competition from more than 1,000 applicants in 40 countries following a year-long nomination, application and pitch process.

His prize is $40,000 courtesy of the competition’s organisers, Entrepreneurs’ Organization, to invest in his business.

“It’s much more than I ever thought was possible, becoming global champion,” said Cotter, commenting on his win.

“Each stage of the competition is quite intense, and you hope. It’s an incredible achievement and pure joy for me,” he added, thanking his mentors and the judges.

This is not Cotter’s first time to be recognised for the business he started with his brother Jack.

The pair won the Engineers Ireland Student Innovator of The Year Award in 2019 and best agri-engineering start-up at the 2019 Enterprise Ireland Innovation Arena Awards.

More recently, Cotter placed third in this year’s Ideate Ireland business competition, which rewards entrepreneurial skills and new ideas from undergraduate and postgraduate students. He shared his third-place prize of €5,000 with Dr Fiona McGillicuddy and Dr Rachel Byrne of MetHealth.

Earlier in the year, Cotter Agritech participated in the inaugural AgTechUCD Agccelerator Programme, which was dedicated to early-stage agritech and food-tech start-ups. At the end of the 12-week programme, Cotter Agritech was named the winner of the AIB and Yield Lab AgTech Start-up 2022 Award, winning €10,000.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!