Web applications are very convenient. You can edit documents, store files, send messages and accomplish many other tasks right from the browser. Keeping your data in the cloud is just great. But what about privacy, security and ultimately freedom? It’s still your data! You should still have exclusive ownership and control! Unfortunately today you have no choice, but trust web application providers and hope they act properly. This fact combined with cloud infrastructures gradually shifting toward monopolies poses a real risk.
The browser plays a key role in shaping the future of a new world where web apps are becoming responsible for handling an huge amount of user data. The browser is the most important interface.
Clipperz was founded on the firm belief that security and privacy are just other forms of intelligence which needs to be built on the edge of the Internet, that is in your browser, without relying on centralized authorities.
Why web cryptography does matter
Clipperz goal is to satisfy the need for confidentiality which is innately present in most human activities. Our recipe is based on running strong cryptographic algorithms right in the browser, the most ubiquitous and standard computing platform ever existed. Browser can effectively (and already are) bringing cryptography to the masses. A proper use of web cryptography could allow developers to build web applications that users can wholeheartedly adopt to manage their private data.
We dubbed this new breed of online services “zero-knowledge web applications”, a concept also known as “host-proof”.
The online password manager
We decided to test this approach on a very common and critical problem: managing and storing passwords! In 2006 we started evangelizing the crazy idea of considering what is now called “the cloud” as the safest place for storing personal information.
Clipperz online password manager launched on April 2007 and most of this website is dedicated to this successful service. As scary as this may sound, we think we have managed to achieve and interesting trade-off between security and convenience.
We believe that web cryptography could revolutionize the whole online ecosystem and be applied to many different fields other than password management (off-the-record web chats, electronic medical record web services, …).
The still open security issues (mostly related to code delivery) are more an opportunity than a risk. And the future looks bright: all browser manufacturers are building basic crypto functionalities directly in the browser and the W3C working group on web cryptography is slowly but steadily making progress.
We realize that the web stack is never perfect, but it always catches up, and it has the broadest reach. (VentureBeat, Sep. 7th 2012)
That approach, combined with building standards, moved the web far along during the last years and we hope it will continue and it will expand to include browser cryptography as well. Also because when we talk security the “broadest reach” is actually a crucial factor!