CHINA TOPIX

12/22/2024 01:29:57 pm

Make CT Your Homepage

How to Encrypt Messages on Any Website - Even Facebook, Twitter, Gmail

A new web browser extension allows users to exchange encrypted messages on any website, rendering once insecure sites like Facebook, Twitter and Gmail safe from prying eyes.

ShadowCrypt, created by a team of researchers from the University of California at Berkeley, and the University of Maryland, is designed to be secure against potentially malicious or compromised web applications.  It allows users to switch to encrypted input/output for text-based Internet applications.

Like Us on Facebook

"With ShadowCrypt, security conscious users are back in control of their data," the team wrote in a published a peer-reviewed conference paper. "They have the choice of sending encrypted data to web apps (e.g. Gmail, Facebook, Twitter, Reddit, etc.), while still being able to use much of the functionality of existing web apps."

Using this type of encryption would cause any users' intercepted messages would appear as nothing more than gibberish - a string of random letters and numbers.

The extension lies between the web application and the user, where it captures user input and provides encrypted data to the application, said the paper. When the application displays encrypted data to the user, "ShadowCrypt again transparently captures encrypted text in the page and renders decrypted text instead."

The team tested the browser extension on various sites, including Facebook, Twitter and Gmail, which privacy experts are not secure, and some, including Edward Snowden, have warned should not be used at all.

In Gmail, the team was able to successfully encrypt the subject and body of email messages, and as a result, Gmail was not able to serve relevant ads next to email threads.

On Twitter, the team used ShadowCrypt to tweet, and on Facebook they were able to post status updates on Facebook. "In both cases, ShadowCrypt successfully encrypted and decrypted the messages." Additionally, since the servers do not see the contents of the messages, they cannot detect the "mentions" of another user and send notifications.

But the key advantage of ShadowCrypt, according to the team's paper, is that it provides users with a choice of encrypting arbitrary fields so that "the user can enable/disable (random or deterministic) encryption" as desired.  

Real Time Analytics