Hack the planet! :)
In an era where our every move is tracked and monetized by corporations, privacy has become a precious commodity. In a move to empower users and restore their digital autonomy, the Cult of the Dead Cow, an Infosec super-band, has unveiled Veilid (pronounced vay-lid), a groundbreaking open-source project that promises to revolutionize the way applications communicate. Veilid enables apps to connect and exchange information in a secure and private peer-to-peer manner, free from the grasp of centralized, corporate-owned systems. In this blog post, we'll dive into the details of Veilid and how it could be a game-changer in the fight against surveillance capitalism.
The Birth of Veilid
Katelyn “medus4” Bowden and Christien “DilDog” Rioux recently presented Veilid at DEF CON, shedding light on the technical marvel that took three years to develop. This innovative system, primarily coded in Rust with contributions from Dart and Python, draws inspiration from both the Tor anonymizing service and the peer-to-peer InterPlanetary File System (IPFS). The fundamental idea behind Veilid is to enable applications on various platforms, including mobile, desktop, web, and headless, to communicate privately and securely over the internet, without revealing their users' IP addresses or locations.
Unlike traditional networking systems, Veilid ensures that even the app makers themselves cannot access this sensitive information. The project's design is well-documented and open-source, released under the Mozilla Public License Version 2.0, emphasizing transparency and community-driven development.
A Hybrid of Privacy and Performance
Veilid's uniqueness lies in its fusion of the best elements from Tor and IPFS. While Tor focuses on privacy but may suffer from performance issues, and IPFS leans towards decentralization without prioritizing privacy, Veilid strikes a delicate balance. Notably, unlike Tor, Veilid doesn't rely on exit nodes, making each node in the network equal. This makes it exponentially harder for any entity, including intelligence agencies like the NSA, to monitor Veilid users, as they would need to surveil the entire network.
As Rioux aptly puts it, Veilid is “like Tor and IPFS had sex and produced this thing.” The possibilities it opens up are limitless, with Bowden emphasizing the equality of all nodes and the strength of the network being as robust as its weakest link.
Key Features and Security Measures
Veilid operates by having each copy of an app that integrates the core Veilid library act as a network node. These nodes communicate with each other using 256-bit public keys as identifiers, ensuring that there are no special nodes or single points of failure. Veilid supports a wide range of platforms, including Linux, macOS, Windows, Android, iOS, and web apps, making it highly versatile.
Security is paramount in Veilid's design. It employs both UDP and TCP for communication, with connections authenticated, timestamped, end-to-end encrypted, and digitally signed to thwart eavesdropping, tampering, and impersonation. The cryptographic mechanisms, collectively referred to as VLD0, rely on well-established algorithms to avoid introducing vulnerabilities. These include XChaCha20-Poly1305 for encryption, Elliptic curve25519 for public-private-key authentication and signing, x25519 for DH key exchange, BLAKE3 for cryptographic hashing, and Argon2 for password hash generation. The system even ensures that files written to local storage are fully encrypted.
Flipping Off Surveillance Capitalism
In a world where IP addresses are sold, data is tracked relentlessly, and surveillance capitalism thrives, Veilid is a beacon of hope. It erases the need for IP addresses, prevents tracking, data collection, and monetization of user information. This is a significant stride toward dismantling the surveillance capitalism economy that profits from exploiting users' online activities.
As Bowden passionately states, “Billionaires are trying to monetize those connections, and a lot of people are falling for that. We have to make sure this is available.” The goal is for applications to seamlessly incorporate Veilid, allowing users to benefit from the network without needing to understand the technical intricacies. One notable example is VeilidChat, a secure instant-messaging app built using the Veilid framework, akin to Signal.
Conclusion
Veilid's release marks a significant step towards reclaiming digital privacy and autonomy. While previous attempts to challenge the surveillance capitalism economy have met with mixed results, the Cult of the Dead Cow's reputation for getting things right suggests that Veilid could be the catalyst for real change. With its commitment to security, privacy, and decentralization, Veilid has the potential to empower users and reshape the future of digital communication. As it gains momentum, it may well flip off the surveillance economy for good, putting the power back in the hands of the people where it belongs.
https://veilid.com/
https://gitlab.com/veilid/veilid
https://cultdeadcow.com/tools/