One of the more interesting presentations on the schedule at next month’s Black Hat conference is a talk by renowned Web security researcher Billy Hoffman of HP on a new method for implementing a darknet in browsers using just PHP and JavaScript. The approach, which Hoffman and his co-presenter Matt Wood call Veiled, is a low-overhead method for giving users the ability to evade Web monitoring and censorship.
In a story on Dark Reading, Hoffman, who is well-known for his research on JavaScript and AJAX security issues, discusses the implementation of Veiled and the reasons it could be needed.
Unlike its predecessors, Veiled doesn’t require much technical know-how to join, either. “The coolest thing about this is it lowers the barrier to entry to a darknet,” Hoffman says. “You could put some very interesting applications on top of it. It could be a way to do secure whistle-blowing, [for example]. When you have something decentralized like this, no one can control or stop it.” No one can take it down, either, he adds, all of which makes it more approachable for a wider community of legitimate users.
“The point of our research is not to give bad guys a tool for nefarious use, but to get security researchers discussing and talking about the new concept of browser-based darknets,” he says.
The best-known darknet is Tor, an extensive network of nodes designed to enable users to hide their IP addresses and locations. Such networks are popular in countries where Internet usage is restricted by the government, but also are used by students, law enforcement authorities and others with a need for online anonymity.
But networks such as Tor rely on relays and proxies and bounce traffic from one to another to disguise the origin and route. Hoffman and Wood take a different tack with Veiled, distributing a small file to each user.