All you need to know to use PrismCipher like a pro:
Our rights to enjoy free speech and privacy have been continuously attacked by government, the same manner of government our forefathers fought a civil war with. A little over 200 hundred years later, we’re still fighting.
The issue is end-to-end encryption, or in the case of Apple, the lack thereof.
I created the PrismCipher cryptosystem in response to wholesale data collection by the NSA and the Five Eyes countries, and by companies offering “free” services where the account holder’s data itself is the price of admission.
Whether it’s from a global SaaS company or a nation-state actor, data collection is routinely performed 1) without a warrant, 2) with little judicial oversight, and 3) with no opportunity for redress.
In response, I wanted a solution for the problems of corporate espionage (Google reading my Gmails) and government internet surveillance (NSA PRISM program) while still being able to enjoy the use of popular mainstream services.
PrismCipher for Chrome is the initial implementation as a Chromium browser extension.
The software employs symmetric key (private key) encryption, similar to AES. This means the same passphrase is used to encrypt and decrypt the message.
The pre-shared key (PSK) must be distributed among all parties involved prior to encryption, and a secure channel must be used. When sharing your PSK, do not use any supported services as they are inherently insecure. The exception is ProtonMail: it may be used to convey your PSK.
Self-destruct-o is like One-Time Secret on steroids, while read-once doesn’t even try to protect the message or password it uses.
PrismCipher does not store protected data on servers like self-destruct-o or One-Time Secret, neither does it transmit passwords in the clear like read-once does. Services such as One-Time Secret are good for creating protected data shares and, once protected, allowing the user to choose how to send the secret link to the intended recipient.
On the other hand, PrismCipher is useful for seamlessly transmitting data through existing services like Yahoo! Mail or Gmail. Once you encrypt, you can see exactly what you’re sending prior to transmission.
With some malice, the name “PrismCipher” was created as a retort to the specific NSA surveillance program made known by Snowden.
In a perfect world, once citizens have determined their government is spying on them, necessary course corrections would be made via elected officials. By now, it’s naive to think that’s ever gonna happen. In June 2013, Snowden disclosed a program begun in 2007. From then to now, the only thing that has improved is our awareness of it. (And the only thing that has increased is our general ambivalence.)
Since the NSA can’t be prevented from using PRISM to analyze and archive our data, we might choose to use software like PrismCipher to render the NSA’s ill-gotten gains unintelligible.
Unlike most services, the PrismCipher for Chrome browser extension does not monitor where you are, what you do or even how long it took you to do it. Neither Google Analytics nor any other tracking service is used to surveil you. No cookies, no hidden files, no local storage, no web databases and no BS.
And as a handy reference, your browser’s Do Not Track (DNT) setting is always displayed.
Porting this over to a non-Chromium browser environment such as FireFox or Safari does not appear to be trivial. It’s planned, but won’t happen soon.
PrismCipher is compatible with this list of products and services.
Gmail’s “confidential mode” is neither encrypted, protected, anonymous nor private. Calling it “confidential” is therefore little more than an intentionally misleading marketing strategy.
Consider the following when using confidential mode:
• messages are not end-to-end encrypted (and thus are not secure)
• messages are not private (because Google can always read them)
• expired messages aren’t permanently erased (because they remain in the sender’s sent folder)
How does any of this smack of confidentiality?
PrismCipher gives you data security and protection. It provides endpoint encryption for supported services because the point at which you create the data you send is the point at which PrismCipher encrypts it (before it’s sent). Protection & security don’t occur in the background. Instead of transmitting plaintext, you send encrypted text to your recipient.
It doesn’t matter how long data hangs around in your sent folder or in the destination inbox. It also doesn’t matter whether Google peeks at the contents or some government compels its disclosure. Since the message is encrypted, and since only you and the recipient can decrypt it, nobody else can get anything out of it.
Not really, because the whole thing is misleading from the start.
The sender gets to unilaterally decide if the recipient’s data is shared with Google. The recipient is neither asked for permission up front nor offered the opportunity after the fact to have their associated data removed from Google’s servers. Now, stop and read that again.
For example, when you send a passcode-protected email to a non-Google user, you’ve just allowed the company to link that phone number to that email address, as well as whatever sensitive information is in your message. There is no mechanism whereby the recipient may decline having their phone number associated with their email, neither is there a restriction permitting this feature to be used only for recipients already registered with Gmail.
This is a clever way for Google to gather information on people who’ve likely refused to use their service to avoid just such data collection—all under the ruse of 2FA. Offering “protection” like this at the expense of another’s privacy isn’t really about protection at all. This is an invasion of privacy for the sake of data mining.
PrismCipher can’t be used to abuse privacy. It doesn’t link any metadata in order to encrypt a message. It seamlessly uses what you already possess—a destination email address—and requires nothing further.
The use of encryption is growing and its benefits are obvious, but that doesn’t mean you’ll fly under the radar according to a document signed by U.S. Attorney General Eric Holder and published by the Guardian.
If the NSA determines the data collected on you involves “communications that are enciphered or reasonably believed to contain secret meaning,” then you can bet they’ll keep that data indefinitely. “Such communications can be retained for a period sufficient to allow thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a future foreign intelligence requirement.”
That encryption exception is just one of many outlined in the document, which also allows the NSA to give the FBI and other law enforcement any data from an American if it contains “significant foreign intelligence” information or information about a crime that has been or is about to be committed. Americans’ data can also be held if it’s “involved in the unauthorized disclosure of national security information” or necessary to “assess a communications security vulnerability.” Other “inadvertently acquired” data on Americans can be retained up to five years before being deleted.
So when the NSA figures out you’re asserting your right to privacy using online encryption such as PrismCipher, go ahead and figure they’ll keep your message until they can crack it. Further, since you may have just participated in a communication the NSA can’t readily interpret, it’s likely you and your message recipients may become “persons of interest” in the interim.
Soon it may not be.
To explore this question you and I must differentiate between the legality of something and the ethics of it (or what is inherently “right”).
For example, in your state it may be perfectly legal to stand your ground during a home invasion. In Texas, you can stand and fight and even use deadly force to protect yourself, your family and your property. In New York, you must flee if you can. These are legal issues, not ethical ones. It’s not right to abandon your family and property during an attack. It’s unethical for the law to demand you acquiesce to an aggressor. For New Yorkers this is perfectly legal and totally unethical. For those who slavishly adhere to the law, this may be a hot button. Let’s look at a few more.
Consider the ethics of protecting the defenseless, such as unborn children.
The issue is neither about “pro-life” nor “pro-choice”—it’s about due process. Under The Constitution, vile citizens—rapists, murderers and those who prey on children and the elderly—are granted due process of law (trial by jury, appeals, etc.). In contrast, the most innocent (babies in the womb) may have their lives taken on a whim without so much as a court hearing. There’s legal, and then there’s ethical. It’s legal to terminate an unborn person’s life, but it’s ethical to protect them as they are defenseless. It’s the right thing to do, even to the point of disregarding the law.
How about self-protection and gun control?
When we criminalize gun ownership we can be sure criminals will possess much more guns than those who follow the law. The law will never deter lawbreakers, but it can easily make victims of those who confuse ethics for legality. The weapon of the law can be used to deprive law-abiding citizens of rights they never should have considered surrendering in the first place. Rights like self-protection. And privacy.
Nothing protects online digital privacy like encryption.
When we make it illegal, only criminals will use it and benefit from it. By definition. The issue isn’t about having something to hide. It’s about not being compelled to reveal something you don’t want anyone to see. It’s about privacy. Legislation cannot secure privacy, it can only be guaranteed by encryption. While it may be momentarily legal to design and use encryption, there are plenty of rumblings to make it illegal. Or at least to make it so weak it’s not worth using.
So, is it legal to use PrismCipher? This is the wrong question. (When you ask the wrong question you always get the wrong answer, even if it’s correct.) Better to ask: is it ethical to use PrismCipher? Is it right to assert your right to privacy, and to use encryption to do so?
Governments can outlaw encryption as they please, but they can only change the legality of using it—not the ethics of it.
Obviously I’m having some fun with this one.
Of course, it’s legal. If you’re able to retrieve the plaintext from any cipher text I give you, naturally I’d like to know about it.
I use this cryptosystem myself, but make no claims as to its fitness for any of your purposes. Use it or not. And if PrismCipher suits you, I’d be pleased to hear it.
Compared to ProtonMail, Gmail or Yahoo! Mail, the same message encrypted via Outlook on the web will contain more ciphertext.
This happens because Outlook includes extra HTML formatting in it’s message editor which the others do not. This is a function of how Outlook works, not PrismCipher. PrismCipher isn’t adding extra data to the messages in Outlook.
It was not a design goal to ensure each mail handler encrypts the same message at the same length. The idea is to simply provide encrypted email through existing mail handlers.
Software Message Output
This error message indicates the page does not work with PrismCipher.
This status message means you are using a supported product, but the chrome extension is not in sync with the web page itself. (This can happen when the web page is loaded before the extension.)
The easiest way to remedy this is to refresh the page by clicking the link that says “(Click here to fix it.)”
You could also manually refresh the web page by using the F5 key or clicking the browser’s Reload icon.
This status message tells you this is a supported product, but there isn’t any message content able to be encrypted or decrypted yet. (This can happen when you haven’t Composed a new message, or haven’t Forwarded an existing message, etc.)
When PrismCipher encrypts or decrypts, it actually overwrites the existing message, but it can’t do that unless the contents can be changed.
The easiest way to use PrismCipher is to Compose a new message and then encrypt it. You could also Forward an existing message and encrypt it before you hit send. Both of these options create editable content.
Optionally, you can Reply to a message, but you must “show trimmed content” by making the message visible in the edit window. If you can’t see the message, PrismCipher won’t be able to edit it.
This error message indicates the product is supported, the page is in sync and the contents seem to be editable, but no data could be found to encrypt. (This can happen when you Reply to a message, but the contents are hidden.)
If you are replying to a message, you’ll want to “show trimmed content” for things to work. This means making sure the message contents are visible in the edit window, not hidden from view.
This error message indicates the product is supported, the page is in sync and the contents appear to be editable, but no encrypted data was found.
This can happen when you Reply to a message, but the contents are hidden. It can also occur when you try to decrypt a message that doesn’t have any encrypted data in it.
If you are replying to a message, ensure you “show trimmed content” to proceed. This means making sure the message contents are visible in the edit window, not hidden. You’ll also want to be certain the message has encrypted data in it before decrypting it.
This error message means you’ve forgotten to enter a passphrase (or password) when you chose to encrypt or decrypt the message.
When you see this error it means PrismCipher tried to use the passphrase you supplied to decrypt the message, but no ciphertext could be detected. (This can happen when the message is all plaintext and contains no encrypted data.)
This success message indicates the data is now encrypted and the entire message has been converted to ciphertext.
Now it’s safe to send your message through the service (Yahoo! Mail, ProtonMail, etc.)
This success message tells you PrismCipher has just encrypted the text you selected (not necessarily the entire message).
Note: HTML content can be quite complex. The internal markup can contain much more than just the text and images you may see. When PrismCipher cannot successfully encrypt just your selection, it will encrypt the entire message. It may also start with your selection and encrypt all the way to the end of the message. It does this to ensure the integrity of the encrypted contents and to ensure the message can be successfully decrypted.
This success message indicates the encrypted data is now decrypted and the entire message has been returned to its original state.
This success message means PrismCipher has decrypted the portion of the message you had just previously encrypted.
Unlike some encryption products that constrain password length or character set, passwords in PrismCipher are virtually unbounded.
This means your password can have as many as 4,000 characters. You can use regular ASCII as well as full Unicode—that’s over 277,000 symbols including foreign glyphs, alphabets and emoji.
PrismCipher resembles a synchronous stream cipher where the keystream depends only on the key, not the ciphertext or plaintext. However, it is designed to encrypt discrete messages, not streams or blocks. It’s also designed to withstand differential cryptanalysis. If a single digit is corrupted (via transmission or tampering), the entire message is lost and unrecoverable.
It is polyalphabetic. A rotating substitution array is applied to the plaintext to expand its dynamic range. This means the relationship between a character in the plaintext and the characters in the ciphertext is one‑to‑many.
Prior to encryption, the plaintext message is diffused, compressed and randomly padded. Internally, confusion is introduced to the ciphertext during the main encryption cycle.
PrismCipher supports very long, user-selectable keys (up to 4,000 characters in length). Encryption keys are hashed using algorithms that exhibit a very high avalanche effect.
Messages and keys support full UTF-8 encoding allowing the cryptosystem to process language scripts from Arabic to Katakana to Yi. Visible and invisible graphemes can be used.
No two ciphertexts will be identical, even if the same keys were to be used to encrypt the same plaintext at the same time on the same machine. The cryptosystem randomly adjusts each ciphertext for uniqueness.
Of course not.
I wouldn’t use a cryptosystem that had special access built-in just for law enforcement, and I wouldn’t expect you to use garbage like that either. There will never be a backdoor here, no matter what governments decide.
Anyone who wants to decipher your messages without your encryption key will have to brute force their way through.