Wednesday, June 6, 2012

CHAT ROOMS!

Deadrop.us now supports chat rooms! Be careful to keep your password safe since anyone with the password can read messages posted in the chat room.

Notes and Features:

  • Tab title will change when new messages arrive so that you will be notified even when on another tab.
  • Just press 'enter' while typing a message to send.
Posted by at No comments:

Tuesday, May 29, 2012

Open JavaScript

Javascript is now uncompressed and easy to read so that you can confirm what is happening to your data. If you are using Chrome, just right click on the screen and click "inspect data" to see the JavaScript.
Posted by at No comments:

Friday, May 25, 2012

Show HN

I would like to thank the Hacker News community for their great feedback! In case you missed it, here's the Show HN post.
Posted by at No comments:

Saturday, May 19, 2012

Hiding Location

Even if your message is secure, it is possible to track what IP address posted or viewed a deadrop. To protect against this, a user could simply use Tor to hide their location.  
Posted by at No comments:

Hijacking Javascript

It is possible for the JavaScript that encrypts your message to be hijacked by a hacker on delivery. The hacker can then inject code into the JavaScript do whatever he wants. Although this is unlikely, you shoudn’t post sensitive information on deadrop.us without using “SSL”. You can do this by visiting https://deadrop.us and accepting the warning or by visiting https://deadrop.herokuapp.com. You will not receive a warning on the latter because the key is signed for this domain (*.herokuapp.com) even though they are the exact same website. This will ensure that the JavaScript originated from the proper server and that it has been encrypted to prevent manipulation on delivery.
Posted by at No comments:

Thursday, April 19, 2012

Concerns of JavaScript encryption

This post by Matasano Security sums up a lot of the problems that are inherent with javascript cryptology tools.  In the next few posts, we will highlight the main points and provide counter techniques to address all of these concerns.  Although these problems in all likelihood will not affect the average user, in extreme security sensitive scenarios these counters should be implemented.  
Posted by at No comments:

Can I trust that Deadrop.us will not see my information?

Short answer: YES!!!
The Rationale:
All information on Deadrop.us is completely encrypted before it even reaches our servers. There is no opportunity for us to read any part of the encrypted message. This can easily be confirmed by the community because Deadrop.us Javascript is open-source. All of the source code is completely open and encouraged to be scrutinized by the community. Only by doing this can we ensure the user of exactly what is happening to their data.
Posted by at No comments:
Subscribe to: Posts (Atom)