A new open source project called Crypton hopes to put a reusable cryptographic solution in the hands of cloud app developers, providing easy, built-in encryption of user data.
Crypton is an in-progress open source project from the developers of SpiderOak that seeks to solve a big privacy and security problem with cloud applications — how to protect the data you entrust to these various applications from the potential security failures of the service provider. While many vow they will never put their sensitive data in the cloud in the first place, there are many others who want to take advantage of the many conveniences that cloud services provide — from accessibility to collaboration.
The developers of Crypton describe their aims this way:
We love using and building cloud applications, and we'd prefer not to to wait another 5 years for awareness to increase and meaningful privacy to be a standard feature in cloud apps.
We're making this framework available to everyone, building our own next generation of apps on top of it, and looking forward to the rich ecosystem of privacy preserving cloud apps to come.
The idea is that developers would be able to build encryption into their apps that would effectively hide user data — even from the service provider. If this sounds kind of familiar, it's very similar to the security level offered by Kim Dotcom's new service, Mega.
A "generalized, reusable" package that would relieve developers of the additional difficulty of building a cryptographic solution of their own sounds great, but what is the downside? Well, the same downside as always: if Crypton were to be used as widely as they hope, then any security flaw in Crypton itself would compromise all apps that used it.
That being said, it's an interesting project that has the potential to improve the current state of user data privacy and security in the area of cloud applications. If you want to get in on the early stages of this project, the recently-released proof-of-core-concepts code (v.0.01) is available from GitHub with this warning: "It is not yet intended for production use until v0.1.0. There are known serious bugs and weaknesses."