The state of the pretty Easy privacy (p≡p) project and what to expect next: Easy to use automatic encryption for the masses

Presented at Still Hacking Anyway (SHA2017), Aug. 6, 2017, 9:30 p.m. (60 minutes)

The pretty Easy privacy (p≡p) project has the primary goal to make encryption accessible to the masses. By experience, the initiators know from CryptoPartys that regular users -- even after getting everything explained (e.g., basics of public key cryptography) -- continue to be unable to communicate in private on a regular basis in practice. That's where p≡p jumps in: instead of just providing good privacy, privacy must also be easy to achieve. p≡p automates all steps necessary to engage in end-to-end encryption without hassling the users involved or asking questions. The p≡p project started to provide easy to use OpenPGP-compatible encryption for as many platforms as possible, with the ultimate goal to transfer all written digital communications to the GNUnet, thus not just protecting contents, but also metadata. In this talk, the basic ideas and technologic foundations of p≡p are presented. Furtherly, it's shown in which cases p≡p is already operational and what's to be expected next. #NetworkSecurity #DeviceSecurity #Privacy p≡p has a broad cross-platform approach. Its core is written in C99, such as to run on a wide range of platforms, including microcontrollers. Still, application programmers don't need to interface with the engine using the unsafe C programming language. Instead, "adapters" are available, which provide bindings with an easy to use API hiding as many cryptographic details as possible. The adapters have the goal to feel as native as possible in the application programmer's programming and development environment. Such bindings are available e.g. for C#/COM, C++/Qt, Java, JavaScript, Objective-C/Swift and Python. End-user software already integrating p≡p exists for all major platforms (Android, *BSD, GNU/Linux distributions, iOS and Windows). In the beginning, p≡p focussed on OpenPGP-compliant email encryption using already existing technologies like GnuPG or a NetPGP fork, for platforms where GnuPG is not available. Work is undergoing, to add more transports to the p≡p engine, such as to support XMPP-based communication channels or finally GNUnet, a fully decentralized framework for spanning a secure peer-to-peer network, basically replacing the current Internet stack. That is, in the very end, p≡p users shall be able to engage in secure peer-to-peer communications with a zero-touch experience. An important trust anchor in the p≡p project is the Swiss-based, community-focussed and tax-free p≡p foundation, which holds all the rights on trademarks, the p≡p engine and adapters. The p≡p foundation ensures that all software, which is released under the name of "pretty Easy privacy" (be it commercial or not) gets code-audited, thus to avoid having backdoored implementations. The p≡p foundation is controlled by radical privacy advocates based in Germany and Switzerland. As a project in line with the Cypherpunk Manifesto, all software published by the p≡p project itself is available as Free Software (under the GNU GPLv3).

Presenters:

• vecirex
  The speaker is Computational Linguist, Sociologist and Neuroinformatician, board member and activist of the Chaos Computer Club Switzerland (CCC-CH) and council member of the p≡p foundation, helping in creating tools to restore privacy and engaged in fights for privacy, freedom of speech and information.

Links:

• https://program.sha2017.org/events/228.html

Similar Presentations:

• DEF CON 22 (2014) / Dark Mail
• The Eleventh HOPE (2016) / The Mathematical Mesh and the New Cryptography
• 31C3 (2014) / Now I sprinkle thee with crypto dust: Internet reengineering session