I don’t tend to think about file encryption much, aside from it being an interesting technical problem. Guarding my privacy has been a low priority. I figure since I’ve got nothing to hide, I don’t really care who is tracking what. It’s also a pain to encrypt messages, especially when the other end is not in IT. If it were made easier, it would probably be more common. Enter Minilock.
I’ve had what’s probably the typical encryption experience to date: wrestle with a big corporation to gain the correct certificates and public keys to facilitate PGP and go from there. It’s hardly a process I could describe to my friends or family if we wanted to share sensitive information. When I saw an article on The Verge yesterday about a new Chrome app called Minilock, it piqued my interest.
Minilock still relies on the sharing of public keys, but it makes the process a whole lot more friendly and straightforward. The first time you launch the Chrome app, you enter your e-mail address and a unique passphrase which will be used to generate your public key. After that you can start selecting (or drag/dropping) files to be encrypted or decrypted.
Once you select a file to encrypt you’re presented with a screen to enter the public keys of those allowed to decrypt the file. By default your own key is the only one permitted. You can also choose to randomly generate the filename for the resulting file. Upon successful decryption the original filename is restored.
It’s about as simple as shared encryption gets. I think it’s easy enough that anyone capable of finding and installing the Chrome application should be able to work through the process. This makes the likelihood of actually securing one’s files or messages a lot higher. And when it comes to securing the files, Minilock has gone to great lengths to make sure you’re safe.
Minilock has made their source code public and has undergone several rounds of peer review. It was also subjected to a cryptographic code audit. A full explanation of how their system works is available on the website.
With the ethics and practices of just about every major cloud provider and government agency being called into question, it might be time to think more seriously about what information is being stored out there in plain text. Now that the barrier is becoming so low for protecting your data, you’re probably better off safe than sorry.
Source: The Verge