[owncloud-devel] Hi ! planning to implement client-side encryption, read if you're interested

Mathieu Bourrier mathieu.bourrier at startmail.com
Sat Nov 22 18:02:10 GMT 2014


Hello everyone,

I wanted to introduce myself quickly, and let everyone know that I plan 
to work on client-side encryption for ownCloud.
If you feel that this information would be more appropriate somewhere 
else (forums maybe ?) please say so.
Sorry if this is a little long-winded, feel free to skip the boring parts :)

I checked one month ago where things stood with ownCloud and discovered 
that although the feature would be welcomed, it is no high priority for 
now: https://github.com/ownCloud/core/issues/106

_Philosophy behind this__project_

The end goal is to help provide a free, open-source solution for 
cloud-storage client-side encryption so that its usage spreads as far as 
possible ; there is a growing need as the recent iCloud and SnapChat 
leaks proved again recently.
Between online attackers, personal data-hungry companies and government 
mass-surveillance, protecting personal data will soon become critical 
IMHO, if it hasn't already.
While SpiderOak and the likes are doing a great job at this already, 
these are not free (nor, for most, open-source) so this is a big barrier 
to adoption.
Plus, having a free solution under GPL license will also allow more 
businesses to build on it, which should results in a more dynamic and 
innovative market and provide people with better options overall.

__Who am I ?

__I have been working as a storage/virtualization/backup consultant in 
Paris for 9 years now.
I wanted for a while to become more involved, in my free time, in 
something that helped people.
I also follow closely the privacy and security topics, even more so 
since Snowden happened.
Finally, coding has been a passion since I was a teenager.
So this is really me trying to fulfil all of the above, and I hope that 
I will be able to help some people in the process.
_
What's the plan ?

_For now the overall plan is to :
1- produce the threat model and design goals (in progress)
2- design the security model and how it will integrate with ownCloud, 
define a tentative roadmap
3- code
4- test and QA, audit if possible
5- release and maintain.
6- adding features once initial code stabilize

*_Looking _**_for _*_*group*
_
Disclaimer : I have no previous experience in ownCloud development, 
professional web development, nor security design. I know, scary right ?_

_Security software is best produced by a team, the lonely genius that 
produces perfect, secure code on his own does not exist, and even if he 
does, it's not me :)
In order for this feature to be secure and good enough for a public 
release, I expect I will need some help :

1- at the beginning, for the design phase, in order to produce a really 
secure system the design will be "open-sourced". Anyone that wishes to 
contribute to/discuss/correct the design is more than welcome. The more 
the better, this will only strengthen the final product.

2- experienced ownCloud contributors input will also be invaluable at 
this point, as they could identify very early any design points that 
won't work well (or at all) with ownCloud current OR future implementations.
I am also very aware that client-side encryption will prevent a lot of 
existing ownClouds apps from working, which impacts the overall value of 
ownCloud in a significant way.
The intent is to make the integration of client-side encryption the 
smoothest it can be, without compromising the security/privacy goals of 
course.

3- for the coding phase, having at least one co-contributor would speed 
up the process, and helps to produce better code as we can review each 
other code along the way.
This would also prevent this project from being a "one-man" thing which 
will also allow for better supportability and maintenance in the long run.

Now this might look like asking a lot.
First, please note that as I have a regular job on weekdays, most of the 
work would be done during weekends so this will be spread over several 
months.

Second, point #1 and #2 can totally be "on and off" contributions, just 
an exchange of emails/ideas, I will be the one driving this and putting 
things together.

For #3 a regular contributor is preferred, someone who is like me ready 
to invest some time over several months to help this thing be released, 
but one-shot helpers are welcome too.
One important thing : in the long-run I expect the feature to be 
available for all platforms, including the mobile ones (thanks for 
opening the IOS app by the way !).
This is needed IMHO if we want to drive the adoption up. These apps 
require specific skills and it will be either difficult or a lot longer 
to handle all of the work by myself.

_Conclusion_

So if you're interested in some kind of involvement, or knows someone 
who might, feel free to contact me or spread the word !
Either by email or GitHub, my pseudo is orion1024.


Cheers,
Mathieu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.owncloud.org/pipermail/devel/attachments/20141122/2e0829f6/attachment.html>


More information about the Devel mailing list