America’s Pioneering Hacking Group Releases Free Tool to Enhance App Security
The hacking group Cult of the Dead Cow (cDc), famous for its activist activities, has developed an open source tool called Veilid. This tool, unveiled at DEF CON on Friday, provides developers with the ability to create secure applications. Veilid offers various features, including the option for users to decline data collection and online tracking. This aligns with the group’s objective of combating the commercialization of the internet.
“We feel that at some point the Internet became less of a landscape for sharing information and ideas and more of a money-making business machine,” cDc CEO Katelyn “medus4” Bowden said. “Our idea of what the internet should be looks more like the open landscape it used to be, before our data became a commodity.”
Like other privacy products like Tor, cDc said the product has a non-profit motive, having been created “to promote ideals without the compromises of capitalism.” The group emphasized the focus on building good, not profit, throwing some shade at the rival Black Hat conference for industry professionals, which was held in Las Vegas at the same time as DEF CON. “If you wanted to go make money, you’d be at Black Hat right now,” Bowden told the crowd of hackers.
The design standards behind Veilid are “like Tor and IPFS had sex and produced this,” cDc hacker Christie “DilDog” Rioux said at DEF CON. Tor is a privacy-focused browser best known for its connections to the “dark web” or unlisted websites. The developers behind Tor are a non-profit and run a system that routes web traffic through various “tunnels” to obfuscate who you are and what you’re browsing online. IPFS or InterPlanetary File System is a set of open source protocols behind the Internet, mainly used to share files or publish data on a decentralized network.
The bigger the Veilid gets, the safer it is, according to Rioux. The strength does not come from the number of applications made in the framework, but from how many use the applications to route the nodes that make up the network. “The network gets stronger from one popular app,” Rioux said. “The big Veilid network is supported by the entire ecosystem, not just your application.” In the presentation, cDc compared nodes to mutual aid in the sense that they strengthen and support each other to improve the security of the entire network.
Rious explained that VLD0 is encryption – the protocols that keep data secure – behind the Veil. It is a mix of existing cryptographic frameworks such as Ed25519 to support authentication efforts and xChaCha20-Poy1305 to support its 192-bit encryption. But as technology advances change encryption needs over time, cDc already has a plan in place to handle updates. “Each new version of our cryptosystem is supported alongside the old ones” so that there are no gaps in security, Rioux said. cDc also introduced other measures such as anti-spoofing, end-to-end encryption even at rest and data protection even if you lose your device.
Veiled and cDc aim to build an accessible internet with less ads and more privacy, according to Bowden. Veilid Chat, a messaging app similar to Signal, is the first app built on the framework. You can sign up without a phone number and reduce personal identifiers, Bowden told ReturnByte in an email.
cDc is currently gathering the community and the foundation to support the project. “There are a lot of people who can’t see past web3 in terms of privacy (we’re more like web2 than we should have been) and can’t really handle the idea that we’re doing this without profit,” Bowden said.
Known as the “original hacking supergroup,” cDc’s most notable accomplishments include inventing hacktivism, developing Tor, and encouraging top companies to take privacy seriously. Notable members include former US Representative from Texas, Beto O’Rourke.