Help Wanted To Build an Open Source 'Advanced Data Protection' For Everyone (github.com) 39
Apple's end-to-end iCloud encryption product ("Advanced Data Protection") was famously removed in the U.K. after a government order demanded backdoors for accessing user data.
So now a Google software engineer wants to build an open source version of Advanced Data Protection for everyone. "We need to take action now to protect users..." they write (as long-time Slashdot reader WaywardGeek). "The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service." "I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it and can have it done in spare time in a few weeks, at least server-side... This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI...
The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.
In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud... The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
"I've got the algorithms and server-side covered," according to their original submission. "However, I need help." Specifically...
So now a Google software engineer wants to build an open source version of Advanced Data Protection for everyone. "We need to take action now to protect users..." they write (as long-time Slashdot reader WaywardGeek). "The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service." "I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it and can have it done in spare time in a few weeks, at least server-side... This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI...
The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.
In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud... The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
"I've got the algorithms and server-side covered," according to their original submission. "However, I need help." Specifically...
- Running protection servers. "This is a T-of-N scheme, where users will need say 9 of 15 nodes to be available to recover their backups."
- Android client app. "And preferably tight integration with the platform as an alternate backup service."
- An iOS client app. (With the same tight integration with the platform as an alternate backup service.)
- Authentication. "Users should register and login before they can use any of their limited guesses to their phone-unlock secret."
"Are you up for this challenge? Are you ready to plunge into this with me?"
In the comments he says anyone interested can ask to join the "OpenADP" project on GitHub — which is promising "Open source Advanced Data Protection for everyone."
Good idea, but it has its limits: $5 hammer (Score:1)
The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys.
Meanwhile, proverbial mafia-types and mafia-type goverments can just send their operatives to where the secret is kept and use the not-so-proveribal 5-dollar hammer [xkcd.com] negotiation tactic.
Re: Good idea, but it has its limits: $5 hammer (Score:1)
Re: (Score:2)
Why bother with that when you can just suddenly and without warning kidnap and hold them hostage and threaten to charge them with every crime their product has ever been used for [wikipedia.org] until their product complies with your country's laws, even if the associated organization doesn't have any physical presence in your country?
At least, if you ever make any such software, either do so in a way that your identity can never be determined, or alternatively, never visit France again, maybe even the UK as well, though a
Re:Good idea, but it has its limits: $5 hammer (Score:5, Interesting)
I'm just going to say the usual thing I say whenever someone claims a $5 wrench undermines encryption:
You can't use a wrench on someone without them knowing you've done it. I can be intimidated, but I can't be intimidated without my knowledge!
So if you're a real mafia type, fine. You win, at least in a single attack. But you can't just monitor people for years with a $5 wrench. And even in a single attack, you've gotta commit to it and murder the target after torturing them for the key. If you fail to murder them, and if you're identifiable, then the victim gets to lawyer up and have laws and courts and stuff.
Wrenches can work, but they're overrated.
Re:Good idea, but it has its limits: $5 hammer (Score:4, Interesting)
OP argues about the government, and the government has many metaphoric wrenches to threaten us with. Say I opened an account on that encrypted backup thing. Officers can show up at my door saying they'll call me accessory to whatever felony if I don't hand over my fraction of your key. Maybe I opened an account to protect cat pictures, or maybe to run an illegal business, but in any case I won't want to go to prison, or have a work visa cancelled, for things I haven't done and you did.
Re: (Score:3)
Re: (Score:2)
As test321 pointed out, there are wrenches and then there are wrenches. But there are also gag orders. If your threats are sufficiently compelling, you can threaten someone without being held accountable for it, or you can even monitor them in an ongoing fashion.
Congrats, you are now a FBI confidential informant. If you want out, you will be charged for a crime that may not stick but will hamper your ability to get a computer job for the rest of your life.
Re: (Score:2)
Re: (Score:2)
The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys.
Meanwhile, proverbial mafia-types and mafia-type goverments can just send their operatives to where the secret is kept and use the not-so-proveribal 5-dollar hammer [xkcd.com] negotiation tactic.
Until we can see and average in some real-world statistics on this, we might be forced to assume the last time this happened was as old as this joke for the average citizen.
Re: (Score:3)
It's been in the news recently, but in the form of organized crime going after cryptocurrency high rollers: https://www.npr.org/2025/05/28... [npr.org]
A few governments will use wrench attacks readily. More will use it in what they think is an emergency. Using cryptography is basically never going to trigger it, though: the government will have already decided the target deserves that kind of treatment regardless of cryptography use.
On the other hand, using a cryptography back door leaves almost no evidence and may
Re: Good idea, but it has its limits: $5 hammer (Score:2)
Re: (Score:2)
It's been in the news recently, but in the form of organized crime going after cryptocurrency high rollers: https://www.npr.org/2025/05/28... [npr.org]
I'd put that in the same idiot class as the moron who got millions stolen off his damn forehead. [youtube.com]
The unspoken rule of the high target club, is you don't fucking brag about how you're part of the high target club. (Naturally an addiction to narcissism prevents this. Every damn time.)
A few governments will use wrench attacks readily. More will use it in what they think is an emergency. Using cryptography is basically never going to trigger it, though: the government will have already decided the target deserves that kind of treatment regardless of cryptography use.
Let's get back to reality again. As in average citizen. That means the 99.999% of us who aren't on any already decided list and never will be. And if cryptography is null and void, so is the grandparents argument. Any moron
Re: Good idea, but it has its limits: $5 hammer (Score:3)
You gonna start beating up servers? In different countries?
Re: (Score:1)
You [meaning the mafia-type] gonna start beating up servers? In different countries?
The server operators, yes, that's what I was getting at.
Real mafiosos don't always respect national borders.
Re: (Score:2)
No. The Mob won't beat this system. Far to expensive and impractical to game it that
Sounds interesting (Score:4)
Re:Sounds interesting (Score:5, Informative)
Data can eventually add up. It isn't like a block chain, but we might have say 1KiB per device, and 8 billion devices globally, so maybe 10 TiB? That's assuming we don't ever shard into different quorums, and 15-ish nodes run the world, which is probably unrealistic. With say 150 nodes by then, it could add up to 1TiB per node.
Queries per second would always be low. Using a public key for incremental backups and only rotating the private key every month or two, 8 billion devices registering once a month is only 3,000 QPS globally, and again dividing by 10, that's only 300, which a Raspberry PI can probably handle.
So... it's dumb, but I will find it entertaining to run my node on a Raspberry PI until I start having security concerns. That would be roughly when enough devices are enrolled to make the system a juicy target, probably at least 2 years out. We'll need improved security at that point, e.g. running nodes in data centers with multi party with for any changes, and maybe Tor routing.
Re: (Score:1)
For data sovereignty I'll run a node on my pi-cluster, or my cloud instance.
Re: (Score:2)
Talk about letting perfect be the enemy of good. You jump straight to "what is 8 billion devices tried to use it" when realistically it's unlikely to scale beyond 8 thousands devices in the foreseeable future, and if it ever does become a problem that will be extremely good news and well worth investing the effort in solving.
Do this now please (Score:2)
Re:Do this now please (Score:4, Informative)
Check out the github repo I just created. [github.com] Simply ask to become a contributor.
Why has adoption of CMS been so poor? (Score:2)
Sorry, who did you say has the keys? (Score:3, Interesting)
If there are keys to be handed over by anyone other than the original user it's not an open source version of Apple's Advanced Data Protection.
> "I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area."
If he's typical of Google's engineers it would make me question the integrity of their encrypted services.
Re: (Score:2)
The user would also need to hand over their key. Essentially the encryption key is itself encrypted with a hash of a password before being distributed among the network nodes.
That's how most encryption works. The encryption key is generated using a secure random number generator, and then that key is encrypted using the user's password hash as a key.
I'm not sure how resilient this is to UK law though. Legally if the police request you decrypt data, you must or you are guilty of a crime that carries up to 2
The UK Gov will just mandate a backdoor on phones (Score:1)
To get around secure communications the UK Government can simply mandate that all phones they want to monitor are pushed a backdoor that allows 'lawful access' to data before it is encrypted and after replies are decrypted. This is of course a very stupid thing to do that will cause massive security problems but it is likely to happen. The legislation is already in place in the UK, and possibly in other countries too.
Re: (Score:2)
I worry about that. In my threat model, I assume the attacker wants to keep the backdoor secret, and is unwilling to push a secret mass surveillance backdoor to all phones. Even if no one noticed the backdoor, someone is likely to notice all that encrypted surveillance traffic. So, there may be occasionally used back doors in our phones already, but secret mass surveillance is done server-side. That's the main threat I'm worried about.
Re: The UK Gov will just mandate a backdoor on pho (Score:2)
What's wrong with... (Score:2)
...just using client-side encryption with post-quantum encryption algorithms?
Re: (Score:3)
Nothing. That should always be used when possible. Read about Advanced Data Protection. It is designed to pass the Mud Puddle Test, where your old device is not available to encrypt anything, while the user has not yet bought their new device.
Some questions/critiques (Score:4, Interesting)
2. But lots of people do, so an app might make sense. What's the plan when the app stores refuse to carry it?
3. This scheme is highly susceptible to DoS attacks at every point. E.g. "[...] where users will need say 9 of 15 nodes to be available [...]" means that if someone can DoS or cut off access to 7 of 15 then nobody can do anything. (This is a general problem with T of N algorithms.) E.g. "Users should register and login before they can use any of their limited guesses to their phone-unlock secret." means if someone can login, then can exhaust the limited guesses, leaving none for the actual user.
4. This won't work without end-to-end connectivity, and likely won't work without sufficiently robust/fast connectivity - i.e., no queueing/batching.
5. What's the plan when something awful happens, it turns out that it was in part facilitated by this service, and multiple governments decide that it's time to legislate it out of existence? They don't need a $5 hammer if they have the weight of the criminal justice system.
6. Speaking of $5 hammers: suppose this service is built. Suppose it's wonderful. Suppose it works beautifully. Suppose it's adopted by huge numbers of people because it's wonderful and works beautifully. That means that an ever-increasing amount of valuable data will stored by its users. Eventually, someone is going to notice that, decide that they'd like to get their hands on it, and go after the node operators.
7. "I helped build [thing at Google]" is not nearly the qualification that $GoogleGuy thinks it is. Google built one good product: search. Everything else has been mediocre at best. (And now, of course, they're doing everything possible to make search absolute garbage.)
Re: Some questions/critiques (Score:2)
How to join the effort (Score:5, Informative)
Anyone interested can ask to join my Github project [github.com].
Good thing (Score:2)
Note that Europe is drafting the new orwellian laws as well. They are planning all kind of requirements to identify with some real ID documents. Laws that will finally be removed as unconstitutional (at least that happened with the last few attempts) but may be in effect for quite some time. I've read this may even affect explicit privacy providers like VPN services, which would need to do the logging they are paid for not to do. So good technical solutions are currently requried for all countries, UK, US,
Re: Good thing (Score:2)
My impression of the proposed
European legislation was that larger companies had new reporting requirements... 50m active monthly users comes to mind.
The chilling thing is that LEO's always want a key to your encrypted data... I suggest a private vpn server is required.
Trying to understand... (Score:3)
So I encrypt my data with a strong key, distribute the key to a number of locations, and use a login credential to access the pieces of key.
Presumably I would do this rather than encrypting the data with my login credentials because there's more entropy in the key than in my credential (and things like being able to change my password without reencrypting the data)
ok. But the effective entropy is still that of the credential because if someone has it then they have my data, so I still need a strong credential. How do I store a strong credential? Probably a password manager. So why not just store the key in my password manager and encrypt my data with it? I don't see how distributing the key helps.
Solid: Your data, your choice. (Score:2)
Random secret distribution isn't enough (Score:2)
(AI haters alert) A bit of discussion with ChatGPT crystallized some ideas and questions I had, supplementing my miniscule knowledge of cryptographic principles:
Threshold cryptography offers powerful protection - but only if distribution is engineered with the same care as the cryptographic math itself. Random distribution isn't just insufficient - it’s often actively dangerous in adversarial settings.
The key issue is the concept of threat pools vs distribution of the necessary T shares in a T of N se