Plausible deniability is a wonderful characteristic to have. It would be nice to never have to choose between freedom and Freedom even when under a deluge of subpeonas and warrants. Most developers believe they can never achieve this lofty goal, choosing instead to leave themselves and their users vulnerable and exposed. I believe this is both wrong and unnecessary. To prove my point I created blowfish.js, a simple and secure client-side encryption library. Building on blowfish.js, I developed ByteHaven, an example of zero-knowledge file storage.
While blowfish.js is nice, “once you kill a cow, you got to make a burger.” The burger in this case is ByteHaven. ByteHaven is a file sharing similar to MegaUpload, 4shared, and FileSmelt. Unlike these tantalizing RIAA and MPAA targets, ByteHaven never stores illegal information of any kind. Before the file is transmitted to the server, it is put through blowfish.js with a user-provided key, turning it into a generic blob of bytes. The blobs stored server-side are nothing but random information. If a user provides a key which transforms a certain blob to a certain trove of confidential government documents, it is entirely out of my hands. As the server administrator, all I have access to is a series of encrypted files. If the NSA wants my data, they can have it; it is meaningless without the users’ keys.
I hope that I have shown with blowfish.js and ByteHaven that we are no longer at the mercy of our browsers, our ISP’s, or our web services. With good enough crypto we can reclaim our privacy and breathe easy once more.