Signet: Simple Online Privacy Cards
Signet: Simple Online Privacy Cards
OpenPGP in your pocket. Encrypt your emails, documents and photos. Kickstart a community of people building better privacy online.
OpenPGP in your pocket. Encrypt your emails, documents and photos. Kickstart a community of people building better privacy online. Read more
We live in an age where more and more of our personal lives are stored online — but even on the most popular social networks and platforms, privacy is treated as an afterthought. The consequences of our blasé attitude towards privacy online are obvious, and examples are everywhere: hackers stealing photos from the cloud, jealous exes snooping through emails, and catastrophic data breaches that leak anything stored unencrypted.
Signet’s goal is to protect our online information from exploitation and theft. It's an open-source, credit card-sized device that's based on open standards for cryptography, and a set of guidelines for how to use it. Signet operates with GnuPG, an open-source implementation of strong cryptographic software. GnuPG is the same tech used by people such as Edward Snowden and Laura Poitras to encrypt their messages. It's what lawyers at the EFF use to communicate with their clients. It's what corporations like Symantec sell to enterprises, to secure their sensitive data.
By pairing desktop encryption software with a crypto card, Signet is simultaneously easier to use and more secure than desktop software alone.
Why it’s more secure: Signet puts your keys on a card that is capable of completing cryptographic tasks without ever sending keys back to your computer. What this means is that even if someone had unfettered access to your computer, they would never be able to access the sensitive keys that protect your data.
Why it’s easier: Since the strength of the protection comes from the inviolability of the information on the card, and not the complexity of a passphrase, you can use a simple PIN to unlock the card, rather than a strong passphrase. Chip and PIN is easy to understand; millions of people use cards and PINs in their everyday lives.
Whether you're a journalist protecting your sources, a lawyer protecting your clients, or just about anyone with sensitive personal photos and information to protect, Signet can help. Right now, today, you can use Signet with GnuPG to encrypt your emails and your files — from plain text to photographs, spreadsheets and PDFs.
For a list of compatible software, check out the "What works with it?" section below. And here's a quick demo video showing email and file encryption on a Mac:
The goal of this Kickstarter is simple: develop a community of everyday people that use OpenPGP. In order to secure both sides of a conversation, it's not enough for one person to use it: both people have to use it. Building a community of OpenPGP users is essential to building the more secure internet that we all want to see.
Our fundamental goal is to make people more aware of privacy, and of the cryptographic tools we can use to defend against increasingly advanced threats to our data. For $5,000, we can put this system into the hands of 100 people. These first 100 people represent a community, a group of pioneers exploring a better model for privacy and security online — and to be clear, I believe we can exceed this goal, building an even bigger community behind this idea.
What do I get?
Backers will receive a kit consisting of the following items:
- One Signet-branded OpenPGP-compatible Smart Card
- One folding USB smart card reader
- One red USB stick, preloaded with GnuPG and a simple app for making your key
- One instructional booklet that explains both the Signet system, and the cryptographic foundations that it builds upon.
Here's how it works: you use the app on the red USB stick to make your key and copy it to your card. Once you're done, you unplug the stick and seal it in a small envelope (included). This is your backup, in case you lose your card. The smart card then becomes your primary cryptographic device, and you can store it with the rest of your cards in a wallet or purse.
If you lose your card, you can buy another card (naked cards will cost about $20) which allows you to restore the key from your red USB stick. If you are in a more sensitive security situation, you can also create a new key for the new card.
What works with it?
Mac users can use Signet with the GPGTools Suite, which includes a plugin for Apple Mail, as well as tools for encrypting and decrypting files on your hard drive using the Finder.
Similarly, Windows users can use Signet with Gpg4win for secure email in Outlook or the included Claws mail client. Gpg4win also includes a plugin for encrypting files in Windows Explorer.
If you use the Tails live operating system, your email client is preconfigured for OpenPGP-secured email, and works out of the box with the Signet card and included card reader.
Is That All?
At the moment, Signet is a system for encrypting emails to other people who use OpenPGP, as well as files on your computer, but this is just the beginning. The card can perform three basic cryptographic operations: signing, encryption and authentication. With just those cryptographic basics, developers can build more comprehensive systems, such as like full-disk encryption, or passwordless authentication to websites. This card is a stepping stone to building a more secure Internet, the first of many.
The target of $5,000 represents 100 people who are willing to give this system a shot. Every person above the $5,000 goal is one more member of the network — one more pioneer in building a better Internet. Let's do this.
Risks and challenges
The smart cards and USB sticks are commodity hardware; they are easy to procure and there aren’t any supply constraints. But in the unlikely event that there is a bottleneck in the supply, it could slow down shipments.
At this time, the NFC function only works with NFC-equipped Android phones. The software isn't 100% there yet, but there are projects like OpenKeychain that are working on it. It does not work with the iPhone, and there is no guarantee it will; Apple hasn’t released information to indicate whether the iPhone's NFC system will talk to cards like Signet.Learn about accountability on Kickstarter
- (30 days)