Click to Skip Ad
Closing in...

‘Prism-proof’ tech allows websites to encrypt all your data

Published Mar 27th, 2014 12:30AM EDT
Mylar Website Encryption Technology

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

MIT researchers are working together with the Meteor Development Group on a Mylar project that would allow companies to offer customers fully encrypted Internet services, MIT Technology Review reports. Mylar would extend data security to servers, adding a new layer of encryption to complement the encrypted connection between a personal computer and server. Mylar would actually encrypt the user’s data on a server, requiring the related decryption password in order to access the data. As a result, the data would be safe from prying eyes and various Prism-like spying operations.

“You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” researcher Raluca Popa said. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.”

The software also includes some interesting “cryptographic tricks,” that allow a server to “do useful things with user data without having to descramble it.” Users would be able to search through documents in a cloud protected by Mylar, but also share them with friends via a system that can distribute necessary decryption keys safely, without third-parties having access to them.

Mylar is apparently in testing at the Newton-Wellesley hospital in Boston for a website that collects patient medical data. Using the software, only the doctor and the patient have access to a user’s data. “All they had to change is 28 lines of code out of 3,659 to secure their application,” Popa says.

University of Pennsylvania researcher Ariel Feldman believes the service can offer added protection, but says that Internet companies may not necessarily deploy such systems. “It would be a watershed moment if any of these types of systems actually got deployed to millions of users,” he said. “The real obstacles to adoption are usability and the business case for deploying them.”

One potential problem with a Mylar-protected system is that users who forget their passwords would be forever locked out. Some business challenges include the fact that some online services providers actually make money by harvesting user data. However, Mylar may prove to be a welcomed security solutions to enterprises and governments.

Recently, an Internet service that offered encrypted email to customers was forced to shut down, after refusing to provide the government access to those protected emails. This may be another obstacle preventing certain companies from offering truly Prism-proof websites.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.