For a surveillance-free world.
Click the turtle in your to "MITM-proof" your message.
For a surveillance-free world.
Click the turtle in your to "MITM-proof" your message.
Your communications are recorded and can be used against you. This happens routinely. Too many journalists, human rights activists, and ordinary folk are threatened by mass surveillance. "Congressional oversight of the NSA is a joke", and there appears to be no accountability for these programs. Policymakers appear threatened, and politicians won't act.
That is why we are making this surveillance simply irrelevant.
MITM-proof communication through almost any website, with zero intervention needed from the site operators. okTurtles is designed with the potential to work over almost any website. All it needs to create an encrypted message for someone is the identity of that person, specifically, their public key. Unlike the system that HTTPS uses today, okTurtles is able to securely obtain this information by using DNSChain.
Never pay for an SSL certificate again. Paying a company to generate an SSL certificate for you is madness, especially when you're asked to pay every year and are given a certificate that doesn't do what it's supposed to do: provide your visitors with security. Companies that sell SSL certificates mislead their customers into believing that these certificates protect browser-server communication from all eavesdropping and tampering. As elaborated in our paper, this simply isn’t true today.
Say good-bye to identity theft and "domain seizures". Thanks to DNSChain (Namecoin-powered DNS), your online identity actually belong to you. That is, when someone visits your website, they can be assured that it actually belongs to you, and won't be stolen from you.1 Protection from identity theft is provided because when someone uses okTurtles/DNSChain to communicate with you, they don't have to worry that they're communicating with an imposter, or that there's a "man in the middle" recording the entire conversation. Protection from domain seizures (government-sanctioned theft) is an inherent property of DNSChain and Namecoin.
These features are possible thanks to DNSChain (formerly DNSNMC).
DNSChain = DNS + HTTP(S) + Blockchain
Google's Certificate Transparency proposal wants certificate authorities (CAs) to "make a note" all of the certificates that they issue into a log. It does not protect against NSA spying and MITM attacks. Website owners are then asked to monitor these logs to see if their clients were hacked. The crazy thing is, is that these logs won't even work in the event of a genuine MITM attack! Everyone must continue to pay the Certificate Authorities money for insecurity. We think this proposal makes an excellent case against itself.
DNSSEC suggests a complicated mechanism to essentially re-create many of the same problems with X509 and CAs in DNS itself, by providing a chain of trust to untrustworthy entities. Its intended goal is to secure DNS and thereby assure clients that when they ask for apple.com, they are actually visiting apple.com. This proposal does not protect against MITM attacks. It suffers from extreme and unnecessary complexity, a systemic fault that's antithetical to secure systems. See also this list of resources on why DNSSEC is considered harmful.
Bitmessage belongs to the same family of software that okTurtles and DNSChain belong to, however it is also very different from them. Bitmessage focuses on providing anonymity to its users first and foremost. For reasons unknown to this author it was not designed to use the Namecoin blockchain, and instead uses its own (though there is nothing preventing integration between the two, and indeed work has been done in this area). Bitmessage, however, has a few problems that okTurtles does not have: (1) it does not work over existing websites or protocols (like email) and was not designed with this intention, (2) to quote the paper: "The difficulty of the proof‐of‐work should be proportional to the size of the message and should be set such that an average computer must expend an average of four minutes of work in order to send a typical message." (3) It requires constantly running a program in the background (and one that isn't feasible on most mobile devices), and (4) messages take a long time to get to their destination because: "Just like Bitcoin transactions and blocks, all users would receive all messages. They would be responsible for attempting to decode each message with each of their private keys to see whether the message is bound for them."
In their words, Convergence "is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication." In our words: Convergence is similar to having a known_hosts ssh key file for your browser, and comparing it against your friend’s file. It's not a terrible idea, however, the website claims that it’s simple to use, which we have to disagree with because users are asked to manage a list of notaries. It depends on group consensus, but the group might not be very bright. What happens then? It also does not provide MITM protection on first-visit, and all of the notary info appears to be stored locally to the computer, or even the browser. That is rather inconvenient for most users.
We know this is an incomplete list. Stay tuned for other comparisons.
Unfortunately, it's increasingly difficult to tell who the bad guys are. This is a very important question and that's why it's the first one. See our paper's "Motivation" section for the answer.
In addition to the reviewers mentioned in the paper's acknowledgement's, our paper was submitted to various lists and forums. To date, active discussions took place at links below (and our proposal appears to have withstood criticism2):
One significant problem facing Namecoin, Bitcoin, and virtually all other cryptocurrencies, is the so-called "51% problem". Solutions to the 51% problem exist, but they introduce other problems.
At present, blockchain-based solutions appear to be the best we have. We will keep our eye on new developments and update our website and blog accordingly.
We plan on submitting this proposal to even more lists and sites. Our sincere thanks go out to everyone who has helped spread the word about this project!
okTurtles and DNSChain are the brainchildren of Greg Slepak, but he did not invent every aspect of these concepts. He's grateful to Aaron Swartz for turning him on to the idea, and for answering some of his questions about it. Of course, none of this would be possible if it wasn't for Satoshi Nakamoto's historic paper on Bitcoin, and the entire Namecoin community.
Will Stanley is chiefly responsible for this website's design. He has a passion for clean, simple, beautiful design.
Olga Ivanova is the master illustrator behind the okTurtles logo.
When we state that okTurtles will "MITM-proof" your online communications, we mean that it will stop all of the publicly known methods by which the NSA can read your messages on these sites via a man-in-the-middle attack.
Specifically, okTurtles will provide true end-to-end encryption and authentication between you and the person you're communicating with that does not fall prey to any of the following:
Additionally, it is our intention to provide a modicum of plausible deniability features that might protect *you* from coercion (the gun-to-the-head scenario), but they do not guarantee such protection.
It should go without saying that okTurtles will not protect you from any of the following:
Absolutely not! We have a functioning (though incomplete) version of DNSChain already written. okTurtles is a tad more complicated, and requires a community effort to keep it running smoothly on third-party sites. Most of the design has been explained in our paper, all that remains is to implement it.
Of course not! Unless... are you using IE? I think Firefox looks especially good on you.
I'm not sure. It definitely made me less likely to add more once I got to that number. ;-)
Some of them. Had to anticipate what they might be. ^_^
Aaron Swartz was a humanitarian genius who did more for mankind in his brief 26 years on this planet than most accomplish in their entire lifetime. He was the principal source of inspiration for this project.