Priv.ly Project Mega Update
Hello Priv.ly backers! This is a huge update whose most important announcement is: Privly Chrome is in public Alpha! This means anyone can install the Chrome extension and use it in webmail, web chat, and status updates. Please remember that "Alpha" does not mean "finished." As we continue to develop the platform, we want your input!
We have more in-depth updates below that we broke into non-technical and technical sections. Starting with the non-technical:
- The Chrome extension now has “seamless posting!” Download it and give it a try! Make sure you read the privacy Safety Page before you post anything private.
- Firefox is breaking many browser extensions as they change their browser extensions to work the same way as Google Chrome. Depending on how the browser updates go, there might be a few months where we wait for the new version of Firefox. For now, the current version still works.
- You can use Privly with the website privlyalpha.org, but it is more secure to use the browser extensions.
- Numerous other behind the scenes software projects are in progress.
- We participated in the 2015/2016 Google Code-In and had a great time collaborating with high school aged children on the Priv.ly Project.
- We participated in the Google Summer of Code again. See the wrapup.
- Thanks to ongoing donations and our low operating expenses, we are still financially sound. Special thanks to Rackspace in reducing our monthly operating expenses.
- We opened account creation on privlyalpha.org. We can only guarantee backers, developers, and their invited guests will have permanent access to these servers.
The collective group of volunteers developing the Priv.ly Project would like to thank Google for supporting development through the Google Summer of Code, Rackspace and the OSU Open Source Lab for supporting our server infrastructure, and especially our donors/backers!
Longer (more technical) Update
In our Kickstarter campaign, we identified a lofty set of development goals. In fulfillment of those goals we have created many software projects:
- 1 Chrome and 1 Opera Extension
- 2 Firefox extensions
- Android and iOS mobile apps
- 2 Complete Privly Applications and 2 more proofs of concept
- 2 content servers
- Several different testing solutions for all this software
In the following sections we summarize the status of these components. The "short version" of this update is that all the software is available, but unless you are a software developer you should limit yourself to the the Chrome extension and the privlyalpha.org website. In the coming months we will release new or updated versions of the other software projects as our team of volunteers are able to give sufficient support to users. Each of the sections below have details of what this means for their respective platforms.
Privly without a Browser Extension
Short Update: Anyone can use Privly without a browser extension by visiting privlyalpha.org. We don't recommend people use the content server directly because our browser extensions don't use remotely served code -- which makes them more secure. However, hosting the application is a necessary step to mass adoption because we cannot expect everyone to immediately download a browser extension.
Long Update: Privly is built to work on every web browser regardless of whether you have the extension installed. The difference between using the browser extensions and just clicking on one of the Privly links is that the browser extensions allows you to (1) read and post Privly content without leaving social media, and (2) protect your content from the server hosting your encrypted content.
We recommend everyone use Privly with the browser extensions.
Long Update: Our Google Chrome extension is feature rich and hugely flexible. We have spent an immense amount of effort to ensure it can (1) seamlessly view protected content across most of the web -- even as the web becomes a more complex system to build on, (2) seamlessly post content without needing to leave the website you are viewing, (3) support additional functionality as the web and cryptography improve over time, and (4) automatically test for problems.
You can download the Chrome extension and start sending messages with it today. Privly developers have been using it to send emails, chat messages, and tweets. Please let us know (email@example.com) if you have any issues and we will add a test case to our system to cover the problem.
Short Update: Once Mozilla releases WebExtensions, Firefox should have the same functionality as our Chrome extension. There may be a ~3 month gap where the newly released version of Firefox may not support Privly.
Long Update: The systems we build the Priv.ly Project on continually change. In the first quarter of 2016, Mozilla may break parts of how the extension is currently implemented. This means we will need to soon develop a third version of the Mozilla Firefox extension. This is great news for the Priv.ly project. The planned changes from Mozilla are standardizing browser extensions to the technology we use for our Chrome extension! On the downside, it also means the extension we currently have for Firefox may have a ~3 month gap as Mozilla finalizes the new system.
Short Update: Apple approved Privly for their extension gallery, but there are a few bugs with Safari that prevent Privly from working with all websites.
Long Update: We submitted several bugs to Apple regarding their extension framework. In particular, some websites currently block our Safari extension from working because Apple doesn't recognize addresses starting with "safari-extension" as being trusted. This is not consistent with other browser vendors and contradicts web standards. If you know someone on the Apple Safari team, please contact us (firstname.lastname@example.org)!
Short Update: It exists, we won't distribute it yet.
Long Update: We distributed a version for Opera in the past, but they adopted the same architecture as Chrome. This is great news from the Privly Perspective, but we won't be distributing for Opera until we have more resources to chase 1 percent of browser market share :(.
Microsoft Edge Extension
Delayed until Microsoft releases their Chrome-like extension system in 2016.
Android and iOS Mobile App
Long Update: The mobile applications crawl social media and email accounts found on your phone to find protected content and display it in a newsfeed style display. The primary security benefit of the application is that you don't need to run the code hosted by the Privly Foundation every time you click a link. This makes it more difficult for the Foundation to actively attack your data and will support the local storage of keys for current and future Privly applications.
Sharing Media with Privly
We have built a proof of concept for sharing encrypted images using Privly, but we won't introduce media sharing until we are confident in the user experience of sharing text.
Privly Cryptography and Safety
Short Update: When using the "Message" application within Privly, anyone with the hyperlink will be able to request the encrypted content from our servers and decrypt the content. This means the social network and anyone the social network gives your links to will be able to see your content. You have legal privacy since major web companies are not legally allowed to store your content, but you are not protected from governments or malicious websites. If you think a website might actively attack you, don't use the website with Privly.
Long Update: Read more about safety with the Priv.ly Project.
Non-Privly Foundation Hosting
Short Update: You can host your own server, but unless your friends trust your server the content will not be injected into the websites containing your links.
Long Update: We have put research time into making the hosting of Privly content truly distributed and thus robust to DDoS attacks and user request tracking. At present we cannot support any of the potential methods because we don't have the development time or peering network to make this approach viable. If and when we have a large user base, it becomes possible for us to push a distributed hosting network out to users.
We currently support a weaker form of distributed hosting, which is that people may setup their own content servers and point their browser extension away from Privly servers. At present we don't automatically integrate every domain with Privly for privacy reasons (content hosts are capable of logging requests), but we are evaluating ways of mitigating this concern that should make it more usable for additional hosts within the Privly ecosystem.
Priv.ly Project's Future
During our Kickstarter we found that most people would not use Privly if it did not work with every website on every platform even as web browsers change. To ensure we could meet this threshold we needed to figure out how all these different platforms could plug together to provide a more private web. We now know the boundaries of possibility across the complete web and mobile stack, so it is time to start an incremental rollout.