Despite growing concerns over government snooping and malicious hackers, the complexity of data encryption has left that privacy tool inaccessible to all but the most tech-savvy of users. However, the new Chrome app miniLock is attempting to change that.
The app applies the basic logic of a padlock to simplify standard encryption protocols, which often rely on a complicated series of passwords and key exchanges. Instead, users can exchange encrypted documents using a single, relatively short ID.
Upon signing in to miniLock with an email and passphrase, users are given a 44-character miniLock ID which serves as a public key used to decrypt files sent by other miniLock users. The user can then drop a file into the app, fill in the intended recipient’s miniLock ID, and then produce an encrypted .miniLock file that can only be accessed by the file creator and the specified recipients.
Out of all possible platforms, miniLock developer Nadim Kobeissi chose Chrome for its numerous built-in security features.
“My belief is that Chrome is one of the most secure ecosystems out there,” Kobeissi told The Verge.
However, the app is not without its vulnerabilities, according to an audit report issued by a team of security analysts known as Cure53, supported by the Open Technology Fund.
The audit found that the app would approve weak passphrases if they contained certain characters, such as umlauts or Unicode. The analysts also noted that users may be vulnerable to malicious file types sent through the service. To address the latter problem, Kobeissi added a blacklist of dangerous file types, supplementing the one already provided by Chrome, that would alert users before downloading a risky file.
Despite these vulnerabilities, the audit reported that miniLock is a relatively secure and simple service.
“The code is soundly and neatly written, well structured, minimal and therefore offers no sinks for exploitations,” the report said.
The app was released Monday on the Chrome Web Store for free.