I have an idea: Dcrypt

I have an idea: what if we make a simple and convenient extension for text encryption? In theory, it would work on all websites you need (twitter, facebook, email, etc.): you just select the text, enter the password and encrypt the text. Than you need just send the encrypted text to your interlocutor and give him the password (of course, you should use other communication channel). And it will work with shortcuts! Does anyone need this? What do you think? Are you ready to encrypt you messages?

I have an idea: Dcrypt,
a universal tool for text encryption

What service do you use to contact your friends and family? I’m pretty sure this is a messenger, but what messenger do you use? The answer is simple: the messenger your friends use. It mean that today you probably need to have WhatsApp, Telegram, Signal, Skype, Viber, Wire, Facebook Messenger and more, more and more… Not so convenient, right?

If you still use email as the main way of communication, the service does not matter: even if you use GMail, you can write to your friend who use Russian Mail.Ru or Chinese QQ. But if your mom uses WhatsApp, you have to use WhatsApp too. And for me this is a problem…

Why are messengers so popular? I want to believe this is because of encryption. I really want to use end-2-end encryption for my daily correspondence and all messengers give me this ability, but I still need to use several services: WhatsApp for my family, Telegram for my friends from Russia, WeChat for my friends from China, etc. What if I’m not ready to install all this apps? In theory I can still use email or Twitter, but Twitter does not have strong encryption and PGP is too difficult for casual users.

And I think I have a really cool idea! What if we make an universal extension for text encryption? It will work like an online translator: you select the text, enter the password and encrypt the text, than you need just send the encrypted text to your interlocutor and give him the password (of course you should use other communication channel). The service you use does not matter: you can use it with email, Twitter, Facebook or other websites. It mean that for you and your friends end-2-end encryption will be available on every website you need. What do you think? Does anyone need this? Are you ready to encrypt you messages? Will you use it if it will be done?

When I thought how it could work, I imagined something similar to Ddict, probably the best tool for text translation.. This is simple, but really convenient extension. Ddict is one of the main reasons why I still can not switch to Firefox (today the extension is available for Chromium-based browsers only). It’s perfect if you know the language, but sometime you still need to translate some words or phrases: with Ddict you can just select unknown word and press Shift to translate it. And our extension should work like Ddict, so we’ll just use Ddict as a basis for our tool.

This is Dcrypt, the first visual concept of our universal text encryption tool. It’s based on Ddict and that mean that we probably need to use the code from Ddict. And this is the first our problem: we need to contact the developer to be sure he agrees that we use his code. The second our problem: I’m not developer and I’ll likely need help. Honestly, I hoped that Ddo (Ddict developer) would be interested in this idea (I’m sure it would be really useful for many people around the world) and adapt his extension for encryption/decryption. That’s why I started with visual concepts.

But Ddo still hasn’t answered… Maybe he’s too busy with Ddict (Google recently updated the API and killed the extension; Ddict for Firefox isn’t available yet; some localizations have not been fixed yet), maybe he’s just not interested in the new extension. So we need plan B…

The second visual concept is based on Dictionary and like the original extension it could work with several encryption services. Just choose the service and enter the password to encrypt or decrypt the text. I talked about this idea to my friend and he drew several new concept. What do you think? Does it look better?

Dictionary is probably the best online translator for Maxthon, but unfortunately it does not work perfectly with other browsers. But I know the developer (once I helped him with localization and together we translated the extension into several popular languages) and he’s ready to help, but today he has no time for this because of his work. Fail again! And this is so sad, because we already thought about a mobile application with the same functionality…

Let’s try to enter from the other side: just try to find similar extensions. This is not so simple, because the developers try to use original name for their tools. But I still found some extensions with the similar features: Cryptable and Cryptr. As I know, these extension work with text field only and you need to enter or copy/paste text manually, but we need the extension to work with shortcuts. Maybe the developers can update their extensions and add some features from Ddict (for example, ability to encrypt/decrypt the text by Shift)? Maybe… But I still can not contact them: they don’t use Twitter or Facebook, I know only the university.

But we forgot the most important issue: a trust. I have two extensions I can use to encrypt my messages, but can I trust these extensions? If we want to create a tool that you can trust, we should use services you trust already. Can we use third-party online encryption service or we need to write own encryption algorithm? What services do you know, what services are open and what services could we trust?

I’m meticulous and very annoying. Sometimes I write about security tools and I just ask some developers I can trust to check Dcrypt if it will be done. Some of them have already agreed. It’s too early to talk about it, but third-party auditing is very good for our reputation.

By the way, I’m pretty sure that a built-in tool like Dcrypt could become a killer-feature for any privacy-focused browser (for example, for Vivaldi, Brave or Cliqz). Also Ghostery could release something like this Dcrypt as stand-alone extension: now Ghostery is not the only their protection tool and maybe some of their users will be interested it Dcryypt too, who knows?

P.S.

Now this is just an idea, but I really want to realize it… I want to have a simple and convenient text encryption tool in the browser, but my knowledge is not enough. All what I can do now is visual concepts of UI and UX.

I’ve never done this before. Usually I start from the other side: I find a promising extension, contacting its developer and trying to help make it better. Thanks to this strategy, SaveTube, ViewTube and LinkTube has become extensions and the former Turkish Dictionary has become an international Dictionary. It worked because design and translation is much easier than developing. But I hope someone will be interested in this idea and someday we will be able to implement it.

And if we talk about Ddict, this is a really cool extension (maybe this is the best tool for online translation ever), but it has a very simple pop-up panel. What if we add some new features? Will you need a toolbar panel if you can translate the text using a pop-up panel on the page? It’s just a concept…

Join the Conversation

  1. Nice idea!
    But it is not as easy as to just exchange a password with your contact if you want strong encryption that cannot be cracked on the fly.

    Encryption algorithms in general are really problematic, one tiny mistake in the implementation and the encryption is basically as good as if you don’t encrypt if the the sniffers work with ISP or state level resources. It it needs really good programmers to make sure such mistakes don’t happen and at best an additional independent security audit (which is probably not going to happen for an extension because it costs a fair amount of money)

    I could imagine a solution similar to mailvelope which adds PGP encryption to many web-mail services and is all contained in an extension:
    https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke
    https://www.mailvelope.com/en/help
    It would «only» need to integrate into the web-based messengers too.
    I wonder how much effort it would be for the developers to do that …

    Possible Disadvantage:
    Needs a server connection to the key server to verify that the key belongs to you and that might be blocked in some countries …

    1. I could use PGP, but this is too difficult for most of my friends. They see no reason to use something so complex to just protect their privacy. They have «nothing to hide».

  2. I love the idea of this extension! I would suggest that, for the reasons of credibility/trustworthiness/reliability, the following conditions are met:

    1) All encryption/decryption happens on the local machine, not «in the cloud». This way, the extension may be fully audited (see 3), doesn’t rely on a stable connection to the «home» server, and there is no single point of attack (decentralised). Additionally, the decrypted text would still need to be sent encrypted back to the extension (e.g. via HTTPS), so «cloud-based» encryption would be a daft idea anyway.
    2) Use a well-known, peer-reviewed, existing algorithm, as it will have already had some amount of scrutiny and pressure-testing. Perhaps consider one of the algorithms adopted by Truecrypt or Veracrypt.
    3) Produce the extension open-source, or at least make the source code available to individuals such as security auditors and academics on request, so that it may be audited properly, and vulnerabilities patched quickly by interested parties.

    One downside I can see is that local processing by an extension on the user’s computer leaves it open to several weaknesses and exploits — but I think if the local user’s computer has been compromised in this way already, then they have bigger issues to worry about.

    If I had any significant skills in developing modern browser extensions, or any time, I would most-certainly be willing to help out or make a start on this.

  3. About ten years ago I got a product from Sophos, Sophos Free Encryption, (No Longer Supported, I believe). It did everything you want. Any plain text message, word document, spreadsheet could be encrypted into a new file and sent off whatever way would accept that file.
    I used it for a few clients I had back then. They’d already have the password to open the encrypted file(s).
    It even had a Secure Delete feature, which sends today’s AV programs into a fit, but the encrypt/decrypt part still works well (though now dated).
    Now I have little use for it and it is just used to encrypt and archive PII information/files.

  4. I remember there was something like this a few years ago. It may possibly already be available in some form.

    Many common IM networks can be used with clients like Pidgin and Miranda so you can use extra encryption plugins.
    You can usually stay on the same network if you are prepared to change client.

Comment

Добавить комментарий для dr-flay Отменить ответ