Qredo Launches Zero-Knowledge Encryption Beta Program in the Cloud
London-based software development firm Qredo has announced the beta program launch of an encryption platform consisting of an SDK and set of distributed cloud services to help developers create applications with private data and encrypted conversations.
The implementation of the cloud-based Qredo Vault makes it impossible for anyone in the network except the user to read the content. By encrypting every item stored on a Qredo app before it leaves the device, Qredo’s encryption method also prevents even the administrators of the platform from surveilling or accessing data.
The beta version of the Qredo platform offers developers cross-platform APIs to offer a variety of encryption methods to enable them to encrypt data without providing their own storage infrastructure.
“If you want to embed end-to-end features in your app currently it’s quite difficult and there is no toolkit in particular to do it. The problem is compounded when you want to use cloud services,” Qredo lead developer Justin Megawarne said.
“The cloud infrastructure in the middle that relays the message has absolutely no idea who is communicating or what they are talking about. Of all the security measures out there, cryptography is the champion. The net result is that if someone breaches our infrastructure they see nothing but encrypted data.”
The idea of Qredo is, to kickstart the deployment of applications and platforms which demand a significantly high level of security, such as private data storage, wallets and password managers, and social platforms.
“The Qredo SDK lets you build apps with secure, encrypted cloud based storage and communications. There’s no way that anyone, apart from the user, can read the data stored or sent by a Qredo app, or tie this back to an individual user.”
According to Megawarne, the majority of data storage platforms and social media applications like Dropbox utilize a secure encryption method. However, these platforms manage their encryption keys on central servers, which allow them to decrypt messages, files, and data at the behest of government agencies.
Dropbox’s government data request principal for example, emphasizes that they sometimes receive requests from governments seeking information about their users.
According to the Dropbox website, “Online services should be allowed to report the exact number of government data requests received, the number of accounts affected by those requests, and the laws used to justify the requests. We’ll continue to advocate for the right to provide this important information.”
If the government requires information from users, Dropbox explains that they may grant access to user data to government agencies.
The difference between existing security-based platforms and Qredo is that government agencies can demand information from platforms like Dropbox because those platforms have the necessary authority over user data to reveal confidential and sensitive information. The Qredo platform however, cannot interfere with its cloud-based encryption processes, neither can it store an alternative encryption key to allow anyone else but the owner of the data to access information on the platform.
In the upcoming months, Qredo aims to keep its software open source, and hold security hackathons to educate developers about the importance of implementing high level security and encryption.
Besides Qredo Vault, the company also offers Qredo Conversation, a secure messaging platform, and Qredo Rendezvous, a way of connecting two devices using just an anonymous tag, without IP addresses and without email addresses.