Private App Designs are Inherently More Secure

Posted on Jan 30, 2019 by Derek Zimmer

As a privacy activist, I spend a majority of my time talking about the dangers of the widespread loss of privacy in society. Today, we are going to sidestep a lot of the usual chat to talk about data security.

Private Services Have Huge Comparative Security Advantages

If we look at early Internet services that have somehow made it to 2019, we have designs like the Domain Name System (DNS) and Network Time Protocol (NTP) that have no inherent privacy or security. These services have no way to authenticate a client nor a server, so there’s no built-in way to protect clients from being redirected to malicious websites, they can’t prevent censorship, nor does it properly protect servers from being co-opted by malicious users to flood other servers with traffic and cause the target site or service to fail (Denial of Service).

These services aren’t solely to blame for the problems that they have. They were engineered in a time when the idea of everyone having a dozen devices in their home that need to utilize their protocols was science fiction. The idea that hardware would exist that could monitor all of these requests wasn’t even a plausible concept.

The main issue today is that the large standards bodies are dragging their feet on improving these systems. The idea of securing DNS, NTP, and dozens of other insecure services is not a new one.

There are better ideas out there for handling these problems. For managing domain names in particular, it is one of the few places where blockchain technology can be revolutionary. A blockchain based DNS system is trustless in that it relies on consensus between thousands of clients to determine what domain lies on which IP address, and it can update securely without giving away your browsing information to everyone who is listening between your device and the DNS server.

Big Data is Holding Us Back

The resistance to improve these systems is rooted in the surveillance industry that has grown out of the insecurity of the existing protocols. Internet providers, cell providers, governments, 3rd-party DNS providers, and many others have vested interests in keeping these systems as insecure as possible, in order to keep listening to what everyone is doing on the web.

Big data is the reason that domain names can’t be resolved securely and quickly without broadcasting what you’re doing to the world.

On a Fundamental Level, Secure Design Leads to Private Design and Vice-Versa

When you think about designing a secure system, you have to think about what is happening to every piece of data that is handled to your application. You need to consider in your design if any potentially damaging information is leaking, and if any of your structures are weakened by such a leak.

Private system design follows the same fundamental principles, but adds “trust issues” into the mentality of the team creating the app. You still have to make all of the same security considerations, but you have to layer additional thinking into how data is handled and by whom.

What is interesting about this, is that systems that are designed to be private gain security benefits from a private design philosophy. Proper erasure of data, decentralization, client-server trust, and chain of trust practices close all kinds of possible problems from ever occurring with these systems.

If DNS had originally been designed with privacy in mind, because the inventors of the protocol had the foresight to know that trillions of DNS requests would be made to live servers everyday, there’s some fundamental changes to the protocol that could have been made with the design philosophy. For example, they could have encrypted DNS requests so that a man in the middle can’t simply read the broadcasts. They also could have expanded the protocol so that everyone’s modem/device/router resolves its own DNS from a list that it stores locally most of the time, and to seek consensus when visiting a domain that their own device doesn’t know.

This eliminates entire classes of problems like listening in on DNS and injecting fake DNS responses to redirect users to malicious sites (also known as DNS poisoning).

There are efforts to tack-on security and privacy options onto old protocols like DNS (DNSSEC and DNS over TLS), but the world is hesitant to replace them with something safer because of the deep rooted interests that seek to preserve their data gathering schemes. NTP has no significant efforts to replace it, despite it having serious security implications in its default design.

These are human problems that need human solutions. The technology already exists to eliminate many of the fundamental issues of privacy and security in our devices.

We Need Real Replacements

Protocols need to be designed with fundamental privacy in mind to both prevent the expansion of the surveillance economy, but also to improve the security of all of our devices and services. There are some good ideas out there for replacing fundamentally insecure and privacy-breaking protocols like DNS.

The sooner we can build real replacements for these old protocols, the sooner that we can make real strides forward in privacy and security.

Here’s hoping that we have more Let’s Encrypt projects out there just waiting to be made, that will help secure more of the Internet’s fundamental functions.