Crypton open source project to thwart online surveillance

Online (Dropbox-style) storage company Spideroak has detailed news of its Crypton open source data security project.


Crypton’s “unique” approach comes from its ability to allow web application developers to exert and apply encryption controls in the browser itself i.e. before the application data is sent to perform storage or related processing at a remote server location where the wider spread of malware could potentially occur on unencrypted data.

With these controls, Spideroak is suggesting that web developers will also be able to circumvent and thwart online surveillance channels.

Crypton’s ABOUT pages describe it as a framework for building cryptographically secure cloud applications: such applications offer meaningful privacy assurance to end users because the servers running the application cannot read the data created and stored by the applications says its development team.

According to the team, “To our knowledge there is no existing framework that handles all the encryption, database storage, and private user to user communication needed to build a zero knowledge cloud application.”

Its developer say that other cloud applications have been created that involve cryptography, but not in a “generalised & reusable form” that everyday developers could easily use to build a wide range of new apps.

NOTE: The name Crypton is a derivative of ‘cryptography’ and ‘photon’. Cryptography is defined as the elements necessary to create a cypher. Photon is an elementary particle of light.

“We can now start a true dialogue around privacy online as Crypton makes it possible for anyone to build ‘zero-knowledge’ cloud-based applications,” said Ethan Oberman, CEO and Co-Founder of SpiderOak. “Most companies out there aren’t making money by mining through your uploaded content; rather, they are providing a service and charging a monthly or yearly fee. Through Crypton, these companies can now give privacy back to their user base and further protect themselves against potential liabilities and/or outside attacks.”