Between NSA surveillance and giant corporations that sniff our messages for ad money, it sometimes feels as if there’s no such thing as a private online conversation. An intriguing group of techno-types and lawyers are trying to change that with a secure new messaging service called TunnelX.
TunnelX, which is free, offers online “tunnels” where two people can meet and share messages and media in a space no one else can see. While TunnelX isn’t the only company trying to restore privacy in the post-Snowden era, its tool is worth a look because it is aimed at everyday people — and not just the usual crowd of crypto-heads and paranoiacs.
Here’s a look at how TunnelX works, and why people like Harvard’s Lawrence Tribe and the lawyer for Lavabit, a secure email service crushed by the FBI last year, are getting behind it.
A conversation no one can intrude on
The simplest way to describe TunnelX’s service is as a webpage where two people can leave each other messages or photos or videos. The service’s appeal lies in its clean design, and in the fact that you don’t need an email address or any other form of personal identification to use it.
Here’s a screenshot of what it looks like. The conversation is between me (Jeff) and a friend (Mutt) who invited me to join him for a talk in the “tunnel”:
As you can see, TunnelX is similar in appearance to other online messaging tools like AOL or Twitter. One big difference, though, is that TunnelX doesn’t sniff your messages (à la Google or Facebook) in order to serve you ads.
It does, however, have a rather elaborate sign-on process: in lieu of a name or email, a user must upload a jpeg picture (it can be a picture of a cat or a fractal or whatever) that serves as an identification key. The user must then choose a numeric pin which, along with the photo, must be supplied every time she wants to enter a tunnel — the process is similar to what some online banking services use, but with the difference that you must upload the image rather than just confirm it is the right one.
Once the tunnel is open, the user can invite one friend to join them there by sending a special message, supplied by TunnelX, that consists of a random sentence plus a numeric passcode. Once the second user enters this information, they are in turn prompted to create their own key (once again in the form of a picture plus a pin number) to enter the tunnel too.
Any messages placed in the tunnel will stay there. Either user, however, can destroy any message at any time, and also destroy the tunnel itself.
The messages themselves are secure from outside eyes because TunnelX wraps them in successive layers of encryption technology (AES, TwoFish, and Serpent). The service also uses something called “perfect forward secrecy” (PFS), which means that the potential compromise of a private key for a conversation (held by the user) wouldn’t expose other communications to scrutiny. This last bit is significant because the FBI was able to monitor messages on Lavabit, the defunct email service used by Snowden, once the agency forced its owner to turn over the key to its servers.
Finally, TunnelX also says it does not use tracking cookies or other “persistent identifiers” to identify users with a given computer or machine.
Law, encryption and the elusive goal of true privacy
At the formal launch of TunnelX last week in New York, co-founder Eric Liftin, hosted a chat with lawyers and writers in an effort to remind people that the right to speak privately, be it on the internet or in your house, is a fundamental freedom.
“The government has to understand that to forbid private channels of conversation violates all sorts of Constitutional rights — not just the Fourth Amendment, but the First Amendment right to have a conversation,” declared Laurence Tribe, a Harvard law professor who is on TunnelX’s board of advisers.
That doesn’t mean, however, that the government won’t try to compromise TunnelX all the same.
According to Ian Samuel, a lawyer who also spoke at the launch, legal barriers are not always enough to protect privacy. Samuel found this out firsthand last year when the FBI came calling for his client, the secure email-service Lavabit, which was used by Edward Snowden and other privacy advocates.
Despite Samuel’s protest that the FBI demands were unconstitutional, the agency prevailed in court and Lavabit had to turn over the key to decrypt its servers and hand over its clients’ emails (Lavabit’s owner ultimately shut down the service in protest).
So would TunnelX fare any better? In response to a direct about what the company will do if the government demands access to its “tunnels” Liftin demurred, saying “I”m not going to reveal those cards.”
The response suggests that the cause for private communications might be no further along than it was a year ago — but for two things. The first is that tech and encryption systems are becoming more advanced: as noted above, TunnelX uses PFS, which Lavabit did not, meaning that the government will have a harder time monitoring for messages. (Meanwhile, companies like Silent Circle and Blackphone are making similar advances are in relation to voice calls.)
The second reason for hope is that privacy law is rapidly evolving as well. In June, for instance, the U.S. Supreme Court ruled unanimously that police must always get a warrant to search a cell phone — a decision that legal scholars interpreted as a marked shift towards increased privacy rights. As a result of the this ruling, new pro-privacy communication tools might enjoy stronger legal protections than Lavabit did.