Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
clipperz @ JSE2011
1. clipperz
zero-knowledge
web application
how JavaScript may help in
turning cloud privacy upside-down
Giulio Cesare SOLAROLI
giulio.cesare@clipperz.com
jse2011 - Paris, January 20 2011
Thursday, January 20, 2011
10. secure
“host proof hosting”
Thursday, January 20, 2011
11. secure
“host proof hosting”
concept defined around 2005
to merge the reliability of cloud
based storage and the
security achievable using
cryptography
Thursday, January 20, 2011
23. clipperz challenges
achieve convenience
keeping the system secure
Thursday, January 20, 2011
24. clipperz challenges
achieve convenience
keeping the system secure
• never trade security for
convenience
Thursday, January 20, 2011
25. clipperz challenges
achieve convenience
keeping the system secure
• never trade security for
convenience
• “only the paranoid survive”
being paranoid
Thursday, January 20, 2011
26. cryptography
very short compendium
Thursday, January 20, 2011
48. verifiable codebase
• all source code available for
inspection https://github.com/clipperz
Thursday, January 20, 2011
49. verifiable codebase
• all source code available for
inspection https://github.com/clipperz
• app served as a single,
static, HTML file
Thursday, January 20, 2011
50. verifiable codebase
• all source code available for
inspection https://github.com/clipperz
• app served as a single,
static, HTML file
• browsers do not support
checksum verification #fail
Thursday, January 20, 2011
52. no tampering
application code should not
be modifiable by any data
returned by the server
Thursday, January 20, 2011
53. no tampering
application code should not
be modifiable by any data
returned by the server
• javascript is very dynamic
Thursday, January 20, 2011
54. no tampering
application code should not
be modifiable by any data
returned by the server
• javascript is very dynamic
• eval(…) is your enemy here
Thursday, January 20, 2011
65. being paranoid
clipperz does not store
neither the password,
Thursday, January 20, 2011
66. being paranoid
clipperz does not store
neither the password,
nor the username
Thursday, January 20, 2011
67. being paranoid
clipperz does not store
neither the password,
nor the username
• users can still login! #ftw
Thursday, January 20, 2011
68. being paranoid
clipperz does not store
neither the password,
nor the username
• users can still login! #ftw
• multiple accounts can share
the same username! #wtf
Thursday, January 20, 2011
70. features?!
password manager
Thursday, January 20, 2011
71. features?!
password manager
playground to test how far this
architecture could go
Thursday, January 20, 2011
72. features?!
password manager
playground to test how far this
architecture could go
• features
Thursday, January 20, 2011
73. features?!
password manager
playground to test how far this
architecture could go
• features
• convenience
Thursday, January 20, 2011
74. features?!
password manager
playground to test how far this
architecture could go
• features
• convenience
• reliability
Thursday, January 20, 2011
80. features!!
one time password
Thursday, January 20, 2011
81. features!!
one time password
access your data without
typing your password
Thursday, January 20, 2011
82. features!!
one time password
access your data without
typing your password
great for using clipperz from
an internet caffè
Thursday, January 20, 2011
84. features!!
offline copy
Thursday, January 20, 2011
85. features!!
offline copy
full application (including your
own data) packed into a single
html file
Thursday, January 20, 2011
86. features!!
offline copy
full application (including your
own data) packed into a single
html file
no external resources used
Thursday, January 20, 2011
96. odd side effects!!
no fancy web-2.0 mash-ups
difficult to integrate into other
products without relaxing
security concerns
Thursday, January 20, 2011
97. odd side effects!!
no fancy web-2.0 mash-ups
difficult to integrate into other
products without relaxing
security concerns
and we are paranoid!
Thursday, January 20, 2011