Tuesday, January 7, 2014

Why I created Hello Wifi.

It was a subtle moment, and since we are creatures of habit it could have easily been missed. We were having board game night that was probably only interesting to adults. A friend's teenage sister was with us and she preferred to watch a movie on her tablet instead. But she couldn't watch anything without the wifi password, and we were in the middle of a game, so she had to wait for someone to give her the password, and in teenage style, suffer.

I thought "there's got to be a better way." I could immediately see clearly all the awkwardness (sometimes social) as we fumble though trying to get access to someone's home wifi. "How do you spell that?" "Wait, which word was capitalized?" And it gets much worse when a 2nd-level social connection is involved.

So the idea to create an app that can help with this small yet common experience was born. I thought surely that if such an app already existed we would all be using it already, but no one had heard of such a thing.

I started out creating Hello Wifi in concept and in prototype, and in a few weeks I discovered there were some apps out there that tried to solve this problem. Taking a look at the 1-star reviews that were posted about them, I came to the same conclusion as the critics: such an app depending solely on Facebook was, essentially, useless. (Why would an app want to limit itself to only the subset of users that are also on Facebook? And yet they brag about it!)

The really cool feature, NFC bumping (Android Beam), certainly can't work in a Facebook-only world and is a huge win for wifi sharing to user's that most likely offline without wifi.

From the outset, I intended to build a service that, if compromised, would be essentially a dead-end for hackers; I was not comfortable with the idea this service might be holding on to peoples' passwords, or any other potentially identifying information. And with the recent revelations about the NSA, Target and Snapchat, how appropriate that I should want to build a service that takes user privacy seriously.

Here's how to take privacy seriously:
  1. If possible, don't store the information at all.
  2. If it has to be retained, but only serves to identify a user or device to the service, apply a one-way cryptographic hash so that only a derivative of the data is stored. A good example of this is a hotspot BSSID or device MAC address
  3. If it has to be stored, but is intended to be viewed by the end user, then encrypt the data specifically for that end user via asymmetric encryption using the recipient's public key, with device-side encryption. This applies to shared wifi passwords, logged IP addresses
  4. Otherwise, as a last resort, if the service requires some user identifying information, that should be encrypted in the database
  5. Disallow API access but to trusted clients
  6. Use very strong hosting service passwords

No comments:

Post a Comment