John McAfee takes on the NSA with secure anonymity device
After eluding the police in Belize and being arrested in neighboring Guatemala in late 2012, McAfee antivirus founder John McAfee is ready for his next adventure. This time around, McAfee is taking on a far more difficult adversary than Central American law enforcement: the U.S. National Security Agency.
During the recent C2SV conference in San Jose, McAfee teased plans for a new device he is working on—called D-Central—that promises to bring better security and privacy to our online lives. McAfee hasn’t released many technical details about the gadget, but from the sounds of it, D-Central will be a mashup between a personal mobile Wi-Fi hotspot like the MiFi and a Pirate Box.
If you haven’t heard of the latter, a Pirate Box is a mobile device capable of creating a local wireless network that nearby users connect to via Wi-Fi. The beauty of the Pirate Box is that it doesn’t connect directly to the Internet. Instead, a Pirate Box is only accessible to computers within range of the signal. Users can then use a Pirate Box network for secure online messaging and file sharing. The Pirate Box was originally designed by David Darts, Associate Professor and Chair of the New York University Art Department.
McAfee’s product wants to take the best aspects of both the hotspot and the Pirate Box to let you share files publicly and anonymously with users nearby, as well as chat privately with people you know.
D-Central will be a small device you carry with you, McAfee says, that can connect to your PC, tablet, or smartphone. When connected, you join a small, dynamic local network where you can connect to other users nearby in a private or public mode.
In public mode, users connect to share files with each other. McAfee says the public mode connection happens over an encrypted channel and is completely anonymous with no personal user information exchanged between users. McAfee also says D-Central can set up a VPN-like encrypted tunnel over the Internet to connect to other users across the country or, presumably, around the world.
In private mode, D-Central provides a method for encrypted instant communication, such as instant messaging, with friends you know.
D-Central is supposed to have a range of three blocks in the city and about a quarter mile in rural areas.
To maintain privacy, D-Central devices will also have dynamic unique identification numbers (UIDs) that change every so often. UIDs are usually static and can be used to track or identify a user based on the activity of their device.
D-Central is currently in the early stages of development, but McAfee expects to have a working prototype within six months. The company behind the product, Future Tense, has also set-up a teaser site featuring a countdown clock to March 23, 2014. We can only assume that’s when we’ll get our first look at D-Central. You can sign-up for email updates about D-Central on the site.
Secrecy is the new security
McAfee’s new concept sounds like an interesting idea and it’s easy to imagine a device like this being popular with people who want to share files or chat anonymously.
“I cannot imagine any college student in the world not standing in line to buy one of these,” McAfee said during C2SV.
McAfee claims the NSA, America’s top code breaking agency, will be stymied by the new device. “The NSA won't get into it,” McAfee said. “The encryption that we have developed is unique, and the NSA nor any other governmental agency has been involved.”
And this is where D-Central may turn out to have some rough spots. It’s too early to say what kind of encryption D-Central will have, but it certainly sounds like McAfee isn’t willing to trust standard encryption algorithms that most security professionals rely on. If that’s the case, McAfee and co. have probably developed a closed-source solution.
A well-known axiom in the security world is that your best bet for strong encryption is to use open code that has been placed under scrutiny by security experts over the course of many years. Closed-source solutions, on the other hand, are a bit more risky; if a hacker discovers a previously undiscovered vulnerability D-Central devices could be left wide open to attack.
Perhaps even more concerning, with closed-source solutions there’s really no way to truly know whether the government has pressured a company to install a backdoor into their crypto.
As I said earlier, it’s too early to know what McAfee means by a “unique” encryption solution and whether or not D-Central will be open to attack. Nevertheless, it’s something to keep an eye on as the product develops—assuming of course we ever see an actual device.
Despite any potential shortcomings, however, D-Central sounds like it could be a handy tool in a world where the NSA and other world governments seem to be spying on our every online move. Now let’s see if McAfee can deliver on his claims by combining ease of use with solid anonymity and security.