Service concept
Cinema Curtains

Behind the scenes

AnoniCloud want to provide to it’s users a different approach from other clouds. But what are the parameters that drove our choices? What’s on the other side of the wire? This post is our first “open house” to better know AnoniCloud.

Cloud services like Google Drive, Microsoft OneDrive and Dropbox care about user’s privacy.

Yeah, of course.

Google is the major search engine on the planet: 70% of the searches on the web are carried on by Google Search; many of us (not me) use google.com as welcome page of their browser. (quite) Everything is free. How Google makes money? Selling your data. Data about you are collected studing your behaviour on the net and inspecting your email and your documents on Google Drive. That’s it.

Microsoft OneDrive scans every document, every picture you store on your space with PhotoDNA. PhotoDNA is a technology that check if the stored image comply with Microsoft’s Term’s of Service: They remove any document that doesn’t comply without any further warrant and they can revoke the service at any time in case of an infringement. That’s means: Your documents are definitevely lost.
Microsoft declare that PhotoDNA is used to fight child pornography and terrorism.
Unfortunately PhotoDNA have false-positives that can put you in throuble. And data collected with PhotoDNA can be aggregated for “statistical purposes”.

Dropbox is one of the first cloud service; through it’s history it collected a Wikipedia page full of criticism, starting from user’s privacy violations to service malfunctioning. Have a good read.
Is Dropbox the right place to store your confidential documents? It’s up to you. Consider that everything you store on these three services can be read by service employees.

All these services lacks of one feature that is called “zero-knowledge encryption”.

What is zero-knowledge encryption?

Usually when you send a “message” (that can be a document) to a cloud service, the message is encrypted with a shared key, shared between you and the cloud provider, that allows both parties (you and the cloud provider) to read the content of the message: This is a “trust” between you and the cloud provider.

Zero-knowledge encryption enstabilishes a key that only the user (you) knows and is not owned by the cloud provider. Well, the key is stored on the cloud provider’s side but is encrypted with a secret (a password) that only the user knows, usually encrypted with a strong encryption algorithm (i.e. AES-256 or ChaCha20 – Both algorithms are quantum computers safe).

This means: Nobody but you can read your data.

We at AnoniCloud, we use zero-knowledge encryption: When you open an account, the client application produce a 256-bit random key that is used to encrypt your files before leaving your device; this key is then stored on our servers encrypted with your password.

What a 256-bit random key looks like?
Here it is…

111110100111011101111101 001010010101110110011110 000101000101010110001100 101110101100101111011000 011001111001100110000101 101111101001101010101001 000000011000110001101111 110001111100011000000001 110100111111000100101110 111000000011111100111000 0111111101111000

A 256-bit random key – Really nice! 🙂

Well, not so simple… by the way when a user create it’s profile, several keys are generated: A User’s Master Key, a Private Sharing Key – used to negociate a shared key with a sharing peer (another user you want to share your file) and a Public Sharing Key a key that another user use to share file with you… looks complicated? Maybe, but everything is transparent to the user: You don’t have to bother yourself with such technical stuffs… oh well! There is also a file key: Each time you upload a new document, the client application that runs on your phone or on your computer, produce a different key that is used to encrypt each file; this key is then encrypted with the User’s Master Key or with the negociated public-private key in case you’re sharing your file’s with others…

As you argued, several things happens behind a simple touch of the “Send” key on your mobile, things that has to be correctly handled by a dedicated server-side application that pick up your data and keep track of users, access rights, shares, available user’s space, anonymization of the data, data transfer recovery in case of communication error.

Ok, stop just a moment and let’s think about the frustration to send a 4Gb file and see your internet breaking down at 3.5Gb! With Dropbox and other platforms like NextCloud you have to restart from zero! This doesn’t happens with AnoniCloud!

We studied all the existing platforms on the market and we found: None. None that can fullfill our requirements, so we decided to create a new platform from scratch.
A software platform that can run on open source operating systems, with no dead code, a platform that we can really own.

Obviously when AnoniCloud is well stable and validated we will release client and server side source codes as open source: Peoples that doesn’t trust can touch with their hands.

Why Switzerland?

If you think about the safest place in the world to store your money, what country do you think about? 🙂

Yeah, Switzerland.

This is no longer true due to the modifications of the currency laws of the last decade, but personal data protection laws are still intact.
If you want to dig deeper on Swiss federal data protection laws, you can have a study on Federal Act on Data Protection (FADP) and on Ordinance to the Federal Act on Data Protection.

Enjoy.

One more thing: Unfortunately not everybody lives in free countries. If you want to have an idea about the freedom of the peoples on some countries, look at the Reporters Without Borders “World Press Freedom Index”: Only few countries in the world can be considerated really free.
For the peoples that live in countries ranging from orange to black, we’re implementing an hidden service; what is it?

Peoples living in countries with high censorship of informations and an high communications surveillance policy can access AnoniCloud services from an .onion address, scrambling traffic on three layers of communications servers and that cannot be blocked.
Again: To know more about .onion and TOR, Wikipedia is a good starting point.

In 1982, when I was 11, for the first time I’ve seen live a computer. It was an IBM/360; in 1983, for the first time in my life, I’ve turned on my own computer. In 1985 on my desk appeared a mouse and a box with some 5” 1/4 floppy disk. Now I’m about 50; every morning I open the lid of my MacBook Pro, that is n times powerful, faster and smaller than the IBM/360, the VIC-20 and the Apple //c together. But nothing can overcome the emotion I felt entering that noisy machine room, of writing on such ridicolous, small screen and of smelling the plastic of my earlier, outdated, mass memory supports.