 So our next speaker will speak about privacy. It's Adani Marcus and it will explain you Privacy pretty easy. Let's upload him It's more like pretty easy privacy, but it's fine So I am a council member of pep foundation a non-commercial entity First of all who knows pep here And not so many people so that's a right talk because it's not very technical if you want to to have more technical information We have a stand with a new taller In the K building I Am also not developing at the engine level of stuff like that So don't come up with C questions and why these crashes and stuff like that for also for at me So first of all, yeah, that's pep Pretty easy privacy with an emphasis on the E because we have already good privacy, you know But it's not really easy at least it's our experience with doing crypto parties and and stuff So people in the end are not really able to use it at least not the regular users First of all what what pep is not so pep is not yet another crypto tool with a closed user base Like encrypted mail services, which are around or certain apps which have a clear identifiers like phone numbers and stuff So pep doesn't impose impose you a certain identifier You can freely choose depending on the communication channel use for email, of course It's your email address that usually can choose freely. So we are also not a platform provider So we don't have any metadata. So it's just about tools on the end user devices We are also not a crypto project. We are just using crypto already there We are also not replacing the tools already there we're just using them and making them easier to use And we just start with email, but that's that's not the end. It's it's it's just the beginning. So And then probably a positive list what are we doing actually? first of all It's can we kind of abstract already existing crypto tools like new PG or for iOS of light because of licensing We have to use the net PGP because it's a little bit broken or it was a little bit broken We have we forked it and continued a little bit development on it and For other protocol for other crypto standards, of course, you will need other libraries, but yeah, they are already there It's designed As said For for starting with email, but then we will add more crypto standards later on It's also built with the idea that you have an unified mailbox the idea is that you if you use signal Or WhatsApp or whatever you usually have the user base you have there But other users just have email addresses or use completely something different like three more or whatever And the ideal of pep is to bring this all together in one place by supporting all the involved crypto standards So you have one box with all your contacts and that the most secure way to communicate with them will be used by default And these encryption stuff will be done automatically So keys are generated automatically for every address you have if you have several mail addresses For each mail address a key pair is created and yeah And then you can just start to encrypt without that user has to do anything so it's zero touch and hassle-free no dialogues Talking about revocation certificates about private key stuff like that So we also avoid these terms For the end user, but of course if you're a power user what most of you will be you can also go into advanced settings and use The things already there and if you already use open pgp, I don't have to tell you how to use it So it's already fine. I can communicate already with you, but we also have to think about that the normal people Which are really not able to To use this kind of stuff. So why are we doing this a little bit of motivation? I think we have a global problem first of all So there is an essay surveillance complex if if you look at if you look at it globally So we have really big issues that is also China Russia whatever doing mass surveillance And if you are a little bit more narrow in your thinking like the Swiss tend to be We also have mass surveillance this kind of thing series onyx mass surveillance interception system for satellite-based communications It was passed in parliament as a multi-propose building for 20 or 40 million francs so without any legal basis and Afterwards they created the legal basis so that so the Swiss are Switzerland is a nice democracy, but there are also strange things going on by the way They started to build this after echelon was revealed So yeah interesting interesting approach. So instead of of stopping this kind of stuff. They just said oh, let's build our own stuff Yeah, if you look at an email context, let's say you have your Original NSA slides as leaked by Edward Snowden showing how mass surveillance on let's say linguistic basis is done So you if you if you are I mean ACVs advanced Conventional weapons or VM days weapons of mass destruction Gov torques this that's a tag for government organizations. So you can you can you can search In emails with topics. There are lots of methods of text mining machine learning to do that kind of stuff And we should just encrypt everything so this stuff cannot be done anymore Also, if you look at a little bit more general so for written digital communications what we are doing I mean pep is about encrypting text not not voice yet So if you look at it in this more general sense, yeah, you see that they just scan everything like HTTP requests calendar bodies archive document bodies chat bodies email bodies So this stuff we just have to encrypt everything so this stops How does pep I said we started with email so how does we differ from open PGP because there is already open PGP or Implementations around RFC 4880 So pep doesn't use Doesn't use key servers by default because a social graph is disclosed either by queries Or if you sign around and upload your your public key signed Everyone can see with whom you communicate Of course, you can do key signing parties and and try to to dissipate a little bit stuff But still it's a little bit of problem Also, you have a key re-encryption problem a problem by the way, which all this platform centric solutions have like WhatsApp So you don't really know with whom you are communicating as long as you didn't Check the identity with fingerprints or whatever The sender's public is attached by default to add to an email You can also switch it out this often certain contacts or in companies organizations if it's if it doesn't make any sense But yeah for the for regular users It's like this the subject field gets put into the into the body and then map by the by the main user agent into The real body so graphically it looks like the real subject, but But it's it's in the body in fact Instead of fingerprints we use trust words are just mappings to natural language words like English German whatever and This is this we do because we don't believe that people are able to to compare hex finger fingerprints very efficiently Especially if you've taken the consideration that you can do that You should do that why a side channel like phone or something so we just use your trust words I think they are from LibreOffice With swir words removed by native language speakers Pepe's also rating system so we rate how secure Communication is on a user basis or on a message level basis and this is shown with traffic light semantics That that means with colors so I will show an example afterwards So for example as mine with commercial CAs we consider as not secure So we won't show that encrypted Plain text message of course also not secure what PGP would say is secure And author status of course too. So here is a outlook example. That's pep for outlook that the source code exists So you can also compile it yourself and check if you want there. There are also author projects for iOS for Android for any domain So if you if you write your your first email Or usually You don't have the public key of the contact. So down here. It's shown unsecure Then you just write your your plain text message your pop public key is attached and then receive an answer from your From your from your body then probably you can report also his public key and as of then The communication shown secure But then of course you still have to mitigate for the man in the middle tech for that you can do this trust words comparison There you see you can just call him and then ask if if the same trust words are shown on both devices For that for that to work with common trust words. You of course you need to put the fingerprints together and and map them to words I can Afterwards I can I can bring details at the stand for example because I think time is running away When you when you did that so when your contact was verified it shown secure entrusted So you can be quite sure there is no man in the middle attack possible and more if something happens If someone is tampering around with you with your communication channel Then it will turn red and then it's written on their attack. So you can you can you can still communicate? That's the most important thing in pep people are never never Stopped from from communicating, but you at least should know that something is possibly wrong So what is coming next we are we are working on fixing kissing kissing kiss is is a is a is a protocol to to transfer Private key material through your different devices where the common identifier is for example your email address for that to be Secure you need of course or trusted at least you Trusted insecure sorry you need you need to make your channel green So you need to check again your trust words on both of your devices And then you need to agree on a key to use for the future. So we add that's a cloud less platform independent Key synchronization protocol we will also add more transports here with other crypto and the GNU net in in with will also be added in two point Oh, no net is completely radical. They want to just your replace the whole internet stack It's an official new project And yeah synchronization of fourth data can be done like calendar and contact data and we of course We are community focused here. We want us to make this an internet standard. So we are drafting internet drafts for ITF and Yeah, politically. We also want to fight mass surveillance. So we also we are really political. So we are not just Doing techniques here for Some notes on the foundation which I'm representing here the foundation is Swiss based tax-free non-commercial and controlled by by By by radicals in the area of digital rights. So there's no compromising here So we have to replace us if you want to change our what we are doing what we're doing here The foundation holds ownership on the core technology on the GNU GP alpha 3 and also the trademarks This is to make sure that no one that people Don't really software called pretty easy privacy, which is backdoored Also to avoid backdoors We require everyone who calls their stuff pep pretty easy privacy to to to run a code out it But we don't force them to open the source code. So it's just someone has to independently look if there are no backdoors I mean what's that for example, it's not so clear what this tool is doing in the end And we also do political work. We supported the referendums in Switzerland against mass surveillance We failed a little bit around but we will continue on other ways there We also collaborate with certain projects already like any male. So any male pep will come out. I think Thunderbird 52 That's March April this year if we managed to do everything We also collaborate with canoe net and with isoq Switzerland is probably interesting for interest standards And we are open for more collaboration. So it's not about competitions about collaboration here I think that's all and we don't have time anymore probably, but you can come to the stand otherwise Or do we have time? I mean Yes He asked for HTML males with pep what is done in pep is in the engine There is something which converts the HTML to text and then you have a text file in the in the attachment and the HTML file and the subject line which we encrypt this in the text so we can map it back again Any male had issues with that kind of stuff where I was involved in these discussions there So it actually works, but of course there will always be some box and some you as and stuff But you will fix all of this Yeah, welcome