America's original hacking supergroup creates a free framework to improve app security

Cult of the Dead Cow officially launched Veilid at DEF CON this week.

Cult of the Dead Cow

Cult of the Dead Cow (cDc), a hacking group known for its activist endeavors, has built an open source tool for developers to build secure apps. Veilid, launched at DEF CON on Friday, includes options like letting users opt out of data collection and online tracking as a part of the group’s mission to fight against the commercialization of the internet.

“We feel that at some point, the internet became less of a landscape of knowledge and idea sharing, and more of a monetized corporate machine,” cDc leader Katelyn “medus4” Bowden said. “Our idea of what the internet should be looks more like the open landscape it once was, before our data became a commodity.”

Similar to other privacy products like Tor, cDc said there’s no profit motive behind the product, which was created “to promote ideals without the compromise of capitalism.” The group emphasized the focus on building for good, not profit, by throwing slight shade at a competing conference for industry professionals, Black Hat, held in Las Vegas at the same time as DEF CON. “If you wanted to go make a bunch of money, you’d be over at Black Hat right now,” Bowden said to the audience of hackers.

The design standards behind Veilid are “like Tor and IPFS had sex and produced this thing,” cDc hacker Christien “DilDog” Rioux said at DEF CON. Tor is the privacy-focused web browser best known for its connections to the “dark web,” or unlisted websites. Run as a non-profit, the developers behind Tor run a system that routes web traffic through various “tunnels” to obscure who you are and what you’re browsing on the web. IPFS, or the InterPlanetary File System, is an open-source set of protocols behind the internet, mainly used for file sharing or publishing data on a decentralized network.

The bigger Veilid gets, the more secure it will be as well, according to Rioux. The strength doesn’t come from the number of apps made on the framework, but by how many people use the apps to further the routing of nodes that make up the network. “The network gains strength by a single popular app,” Rioux said. “The big Veilid network is supported by the entire ecosystem not just your app.” In the presentation, cDc likened the nodes to mutual aid in the sense that they work to strengthen and support each other to make the entire network more secure.

Rious explained that VLD0 will be the cryptography — the protocols that keep information secure — behind Veilid. It’s a mix of existing cryptography frameworks, like Ed25519 to support authentication efforts and xChaCha20-Poy1305 as its 192-bit encryption support. But, recognizing that advancing technology will change cryptography needs over time, cDc already has a plan to handle updates. “Every new version of our crypto system is supported alongside the old ones” so that there are no gaps in security, Rioux said. cDc also put other measures in place like anti-spoofing, end-to-end encryption even at rest and data protection even if you lose your device.

Veiled and cDc aim to build an approachable internet with fewer ads and more privacy, according to Bowden. Veilid Chat, a messaging app similar to Signal, will be the first app built on the framework. You’ll be able to sign up without using a phone number, to decrease personal identifiers, Bowden told Engadget in an email.

cDc is currently in the process of putting together a community and foundation to support the project. “There are a lot of folks who can’t see past web3 as far as privacy (we are more like the web2 we should have had), and really can’t process the idea that we’re doing this without a profit motive,” Bowden said.

Known as the “original hacking supergroup,” cDc’s most noted accomplishments include inventing hacktivism, helping to develop Tor and pushing top companies to take privacy seriously. Notable members include former US representative from Texas, Beto O'Rourke.