In one of the first talks at this year’s Black Hat USA, Billy Hoffman and Matt Wood, both security researchers at HP, plan to demonstrate a darknet designed to run entirely within a browser. Darknets, which allow decentralized, private peer-to-peer communications between clients, are not new; they are currently used in academic environments to share data among researchers. WASTE are two examples of desktop darknets. But Hoffman and Wood said both require configuration beyond the average user. For the last six months, they have been simplifying the process. What Hoffman and Wood are showing at Black Hat is Veiled, a proof of concept browser. Using newer browsers–Internet Explorer 8, FireFox 3.5, Opera, Chrome, Safari, even the PS3 browser–all of which support javascript and HTML 5–Wood was able to build what previously existed only in a desktop application. Darknets afford distinct advantages such as distributing content among all participants. Because of built-in redundancy, publishing to the darknet is resilient. Wood said if any client drops off and comes back, they’ll be able to recreate lost content. When you close your browser you are removed from the darknet. When the last member leaves, the darknet, and all its content, disappears except for a few encrypted bits in the browser. Among the cool features of the Veiled browser is Web-in-Web, which allows darknet users to create their own private Web pages with links to content only available within the darknet itself. Darknets enjoy zero footprints and can’t be viewed by the greater Internet. For example, they would be perfect for protesters documenting an oppressive government, or students forbidden to post about teachers on FaceBook or MySpace. “We want to lower the barriers so that people can use technology in ways never intended,” said Hoffman, who sees darkents as a freedom of expression issue as well as a creative issue. Hoffman noted how Web hosting started around 2001 with sites like GeoCities, but that it took social networks, like FaceBook, before the average person could a Web page quickly, and upload pictures relatively easy. Given the chance, who knows how people will use darknets, said Hoffman. But don’t look for cool applications from the talk. “Matt and I aren’t smart enough to come up with cool applications.” In fact, the two aren’t releasing Veiled or any code at Black Hat. Hoffman said they only want to share details and show what can be done. “There is some secret sauce,” Hoffman admitted, but by the end of the talk anyone with passing knowledge of Web technology should be able to walk out and create one. Hoffman said mainstream security people are only now understanding that Web security is not a toy. “There are some serious things they should be paying attention to,” such as the fact the Chrome browser has its own task manager. “They just don’t understand how powerful browsers are today.”
Robert Vamosi is a freelance computer security writer specializing in covering criminal hackers and malware threats.