28
submitted 1 year ago* (last edited 1 year ago) by touzovitch@lemmy.ml to c/privacy@lemmy.ml

Hey everyone, so for the past few month I have been working on this project and I'd love to have your feedback on it.

As we all know any time we publish something public online (on Reddit, Twitter or even this forum), our posts, comments or messages are scrapped and read by thousands of bots for various legitimate or illegitimate reasons.

With the rise of LLMs like ChatGPT we know that the "understanding" of textual content at scale is more efficient than ever.

So I created Redakt, an open source zero-click decryption tool to encrypt any text you publish online to make it only understandable to other users that have the browser extension installed.

Try it! Feel free to install the extension (Chrome/Brave/Firefox ): https://redakt.org/browser/

EDIT: For example, here’s a Medium article with encrypted content: https://redakt.org/demo/

Before you ask: What if the bots adapt and also use Redakt's extension or encryption key?

Well first they don't at the moment (they're too busy gathering billions of data points "in clear"). If they do use the extension then any changes we'll add to the extension (captcha, encryption method) will force them to readapt and prevent them to scale their data collection.

Let me know what you guys think!

top 50 comments
sorted by: hot top controversial new old
[-] leraje@lemmy.blahaj.zone 19 points 1 year ago

I totally applaud your efforts to find a solution to this issue but I don't think this is practicable, at least in it's current form. I get the underlying idea that changes to the extension will have to be continually adapted to by the scrapers but that'll slow them down for a negligible amount of time.

I don't mean to sound negative and I really do thank you for your efforts but I can't see how this could be effective.

[-] touzovitch@lemmy.ml 2 points 1 year ago

Slow them down and prevent them to scale is actually not that bad. We are in the context of public content accessible to anyone, so by definition it can not be bulletproof.

Online Privacy becomes less binary (public vs private) when the internet contains content encrypted using various encryption methods, making it challenging to collect data efficiently and at scale.

Thank you so much for your comment though <3

[-] random65837@lemmy.world 17 points 1 year ago

So people without the extension would only see gibberish?

[-] hakunawazo@lemmy.world 12 points 1 year ago

That explains so many subs/comments. But maybe I'm out of touch like Skinner.

But on topic: I see the same problem as with link shorteners. One single service or extension disappears and all good content or links are gone.

[-] Tippon@lemmy.dbzer0.com 6 points 1 year ago* (last edited 1 year ago)

That's the biggest problem. I used to use a suspension service for Chrome that would change your open links to its own format when a tab was suspended. I bookmarked hundreds of links in their format over the years.

The service was bought out by a third party, then sold to a scammer, leading to it getting banned by Google.

I've now got hundreds of links that are obfuscated, and the only way to get them back is to manually edit them and see which ones are important.

[-] touzovitch@lemmy.ml 1 points 1 year ago

But on topic: I see the same problem as with link shorteners. One single service or extension disappears and all good content or links are gone.

Not exactly. The extension is open source so even if the official extension is gone, you would still be able to decrypt previously "redakted" content.

[-] touzovitch@lemmy.ml 3 points 1 year ago* (last edited 1 year ago)

Exactly!

For example, here's a Medium article with encrypted content: https://redakt.org/demo/

[-] otp@sh.itjust.works 2 points 1 year ago* (last edited 1 year ago)

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Wow, I couldn't read a thing without the extension! Works perfectly!

Haha

[-] touzovitch@lemmy.ml 3 points 1 year ago

😂😂😂

[-] ares35@kbin.social 14 points 1 year ago

concept is 'workable' in an open, but small, tight-knit community.

but in general, if google can't read it--few eyeballs will ever see it.

[-] touzovitch@lemmy.ml 8 points 1 year ago

but in general, if google can’t read it–few eyeballs will ever see it.

You bring up a good point. The Internet is full of spider bots that crawl the web to index it and improve search results (ex: Google). In my case, I don't want that any comment I post here or on big platforms like Reddit, Twitter or LinkedIn to be indexed. But I still want to be part of the conversation. At least I would like to have the choice wether or not any text I publish online is indexed.

[-] Linus_Torvalds@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

Not sure. Couldn't the bots just decrypt it the same way?

Ahhh, didn't read to the end. Hm. Still not convinced. I don't want captchas etc to use the internet

[-] touzovitch@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

Captcha was just an example :-)

What I'm trying to say is that any small changes that we add to the extension will have very few (or none) effect on the real users, but will force the srappers to adapt. That might require important human and machine ressources to collect data at a massive scale.

EDIT: And thank you for your feedback <3

[-] LWD@lemm.ee 3 points 1 year ago* (last edited 11 months ago)
[-] touzovitch@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

You are absolutely right! Using a single public encryption key can not be considered as secured. But it is still more than having your content in clear.

I intend to add more encryption options (sharable custom key, PGP), that way users can choose the level of encryption they want for their public content. Of course, the next versions will still be able to decrypt legacy encrypted content.

In a way, it makes online Privacy less binary:

Instead of having an Internet where we choose to have our content either "public" (in clear) or "private" (E2E encrypted), we have an Internet full of content encrypted with heterogeneous methods of encryption (single key, custom key, key pairs). It would be impossible to scale data collection at this rate!

[-] LWD@lemm.ee 2 points 1 year ago* (last edited 11 months ago)
[-] touzovitch@lemmy.ml 1 points 1 year ago

You have a point. Or even malicious links!

We have to be careful with the decrypted output. Redakt is an open source and collaborative project, just saying........ 😜

[-] LWD@lemm.ee -4 points 1 year ago* (last edited 11 months ago)
[-] touzovitch@lemmy.ml 1 points 1 year ago

Image injection is something I will need to stress out.

[-] Lemongrab@lemmy.one 2 points 1 year ago

Maybe if this was condesed to a userscript, or instead of encryption use base 64 encoding. Its really just about obfuscating/transforming text to automated systems, not securing it.

[-] touzovitch@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

You're right. "Securing" is bad word. "Obfuscating" might be more appropriate. Actually had the same feedback from Jonah of Privacy Guides.

I use AES encryption with a single public key at the moment. That way, if I want to give the option to the user to create encrypt with a custom key, I don't have to change the encryption method.

EDIT: Editing the title of this thread ̶P̶r̶o̶t̶e̶c̶t̶

[-] andruid@lemmy.ml 2 points 1 year ago

Can you create custom decryption keys? I like the idea of an easy to use encryption mechanism for non private platforms.

[-] touzovitch@lemmy.ml 2 points 1 year ago

What do you mean by non private platforms?

In this POC, you can only encrypt content using Redakt’s public key. That way you are guaranteed to see the content since the key is already installed in the extension.

I intend to add the option to encrypt with a custom sharable key in the v.2.

[-] andruid@lemmy.ml 2 points 1 year ago

Honestly even this platform, but any public platform without e2e and the direct choice of who to share it with.

[-] touzovitch@lemmy.ml 1 points 1 year ago

r3d4kt-U2FsdGVkX1/lGJZ5fHhIJPQ8w7fdKIrvJKGa4C6hVzgxa99BNXMr7LQFL9Rur05EFVITe2pREZaianyq1F5k4dQEovbUKXWwjoj7R2ZXmu3z836vItVgTHh/Wen4p0pp&&&

[-] umami_wasbi@lemmy.ml 4 points 1 year ago

I'm browsing via the Jerboa app, which I can't read anything except some non sense strings.

You got the idea but the execution is subpar TBH. Browsers are not the only method to view contents nowadays.

[-] touzovitch@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

You're right, App traffic is something we'll need to crack. But as a first step, anything traffic going through a web browser is already significant.

[-] wowwoweowza@lemmy.ml 2 points 1 year ago

I see what you did there.

[-] PowerCrazy@lemmy.ml -3 points 1 year ago

This is a cool proof of concept and pretty easy to adapt for almost any purpose not just text. I don't think it's "useful" but then again "usefulness" isn't exactly well defined in the first place.

[-] touzovitch@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Thank you 😊

I actually thought about this. Adapting the same approach with other kind of content like image, audio or video would be game breaker!!

Imagine uploading videos to Youtube that only viewers with a key would be able to understand!

But it is a challenge as it might require advanced knowledge in image and audio.

this post was submitted on 16 Nov 2023
28 points (74.1% liked)

Privacy

32177 readers
638 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS