p≡p – pretty Easy privacy

Remove total surveillance from the Internet: European project “p≡p – pretty Easy privacy” is going to restore privacy for everyone.

pEp – pretty Easy privacy – is a bundle of solutions anyone can add to his or her communication tools. Instead of providing another crypto app it encrypts messages in those tools where people are creating them: SMS, Email, WhatsApp, Facebook, Jabber (and more). It will run on the devices people own, including Windows, MacOS X, Apple iOS, Android and GNU/Linux based devices. And it is all 100% Free Software and Open Source.

p≡p is peer-to-peer communication with end-to-end encryption and an unmatched meta-data level of privacy. It will synchronize keys and contacts between all devices and hence provides a back-up of your key chain and contacts. It also features integration with all Mail and Messaging services into one single mobile App and removes the complicated user driven key management through a zero-touch user experience. p≡p works on any communication channel like e-mail, Jabber, WhatsApp, Twitter,… and can integrate with any E-mail platform providing an API (Kolab, Gmail, ….). It implements OpenPGP, S/MIME, CMS among others and offers an automated key management solution for various key systems combined. The service avoids all central infrastructure - like servers, portals, directories - and the vulnerabilities related to such centralized setups. p≡p provides secure communication as-good-as-it-gets by  eliminating  the man-in-the-middle with a simple 'handshake' based on safe words in your own language. Interoperability at its best as it encrypts even without the same client on both sides. Finally, p≡p does not slow down your computer.

Surprising for a free software solution but fully aligned with this strategy, the first platform pEp is supporting is Microsoft Outlook. “We offer today what enterprises need to secure their communication without the users bailing out: a configuration free, zero touch application which just does the job. And it does it right.” The enterprise version has features like key escrow and is supporting fully automated software rollout tools.

As the team states in their blog post: “In these times we need a real privacy solution for all people. And the solution can't be that everyone has to drop what is connecting us to all of our friends.” says privacy evangelist Volker Birk. The German software architect, a known activist in the hacker community, wants to break with some dogma of the crypto community. “What we need is that technical stuff like picking keys, understanding cryptography algorithms and handling has to be the function of our computers, and the user just presses «send».”

In the first place, this just sounds like the dream of the Cypherpunk movement. In the cypherpunk manifesto they claim: “The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.”

“What good is having a private communication with your friend only after-hours? Companies have a need for privacy and security that at least equals – and probably exceeds - that of the private person” says Leon Schumacher, former Group CIO of two Fortune 100 companies, Co-Founder and CEO of the commercial arm of pEp, the pEp Security SA in Luxembourg. “It is essential for any successful solution to bring privacy and security in a simple way to both the consumer and the corporate world.”

Volker and Leon are convinced that pEp will spread globally. “We're working with one single goal: to help people and companies regain their privacy. And we implement all that as an invisible layer to accommodate how people are communicating already. It is not the task of us technicians to teach people what to do, how to do it or to force them to move to a software or platform they don't like. It is our task to secure and make private what they want to use – and actually are using already.”

Regarding the technology inside, the solution really is something new. “This is not a cryptography software at all.”, the activist explains. “Instead of inventing cryptography again, we integrate what is pretty good already: GnuPG as the most trustworthy crypto-solution, and NetPGP as an amazing project and perfect replacement for all platforms where GnuPG is not available, like for Apple iOS. We let these professional solutions do the encryption job correctly.

How could that work? “pEp is doing everything. You just press SEND, and pEp ensures that your message leaves your device in the most secure way. It is compatible to all established crypto standards, including OpenPGP, S/MIME and CMS. If you receive an encrypted message from anywhere, pEp can handle it and will answer it in the same encrypted way. You don't even notice that all is encrypted in between. If both sides are using pEp, it is getting even better: then we're using an anonymous transport called GnuNet. With that technology, meta data is no longer readable for an attacker. pEp is fully peer to peer itself. And only you have the keys.”

It takes an existing hard-to-use technology and makes it simple and easy for everyone to enjoy the benefits. Hard to believe? The proof of concept already exists: The implementation of the very first version of pEp engine, was tested and runs successfully on GNU/Linux, MacOS X and Microsoft Windows already and it is implemented in an Outlook plugin, where anyone can see show how it all comes together seamlessly. That is the prerelease we have today, and which is being tested by 3 Fortune 500 enterprises right now. Additionally, Georg Greve, founder of Free Software Foundation Europe is a member of the project. Georg also guarantees that pEp will be part of the standard deployment of the Free Software Kolab, a groupware solution for SMBs.” So on the business side, adoption is already growing. But what is with the consumers?

If you want support them take a look at their crowdfunding campaign on Indiegogo.