Security is the top most priority in Hiitch. A lot of effort have been put into designing safety mechanisms to help protect our users from malicious threats on the Internet. In this article I will discuss a few of these mechanisms that we have developed and designed to help our users better appreciate the true value of Hiitch. We do not see our security features as a full proof system but we do know that anyone trying to break our system will have their hands full.

Let us start from a few of the protection mechanisms that we have put in place for our users:

Encryption: All the user’s registration information are encrypted both on the local computer and on the remote server. If anyone who is not suppose to access these information manages to get a hold of them, they will still not be able to decipher the details. We do not use static global keys to encrypt these information. Hence, each user has a different set of encryption keys which will provide the most optimal protection in most cases. Coupled with the OS system’s multi-user login protection, the two layer security is good enough to deter even the most advanced crackers. All communication on the Internet uses SSL. SSL basically encrypts the connection so that all data going in and out are undecipherable. So if someone manages to compromise your system or any other computer in your network or along the path that your network packets travel. They can easily setup a snooping software to gather your network data, however, they will not be able to make sense of it.

Password Retrieval: We have added a long list of good security questions that our users can use. Our security questions are very personal and sensitive questions that our users will not easily give out to any other people that they do not trust. We do not allow our users to enter their own security questions because we worry that they may unknowingly breach the whole purpose of having a security question. One good example of a bad security question would be, “What is my pet’s name?”. Your neighbor next door who hates you hears you playing with your pet “dodadi” every evening. Your neighbor goes online to Hiitch and tries your pet name and amazingly gets access to your password, that is provided that your neighbor knows your user Id. We also do not use the email system to send our users their password. This is because we do not have control over other email providers who may breach our security by sending your private password in plain text over the Internet. While the email is traveling to your mail box, it may be routed over several other computers that have been compromised and is snooping for information on the network. In order to break your security question, the cracker must know which question you have selected as your security question and what the answer to that question is. This alone should deter them somewhat as long as the answer to the question has not been compromised.

Privacy Filters: Hiitch has a good set of privacy features that allow our users to customize for themselves who and what they want to allow as public and viewable. No one can view your information if you have set them to private. Privacy features are enforced by our servers and no one can alter them except the owner of the resource. Hackers who wants to alter your settings will need to know the randomly generated access control key before they can even attempt to access your resources. The difficult part for the hacker in regard to the generated access control keys is that it changes every time you login to our network.

Spam Protection: Hiitch has a unique system that allows our users to send email to their contact list people without having to know the email address of the person that they are sending the email to. This provides a great amount of privacy for our users and also avoids spamming issues. If your mail box have spam control then mails sent from our server will be placed there until you agree to accept them. Neither the sender nor the receiver will have access to each others email during the entire mailing process. Except for the people who are in your contact list, no one else can send you emails through our mail system.

Digital Signature Verification: In addition to encryption and SSL, we also use digital signature verification to resolve the identity of the server that our client software is connecting to. In most of the client and server type services, the key worry that users will have is whether the data is going to the correct target destination (server). Our clients request for a digitally signed identification information from the connecting target (server) before sending any sensitive information to it. If the signature can be verified by the clients then we are sure the host server is ours and trusted. If the signature cannot be verified then the clients will refuse any further communication with that server, hence no information has been send to that server. That means that if our client software allow you to connect to any server, then that server must belong to us. This protects our users from hackers using phishing scams and man in the middle attacks.

Access Control Keys: Hiitch uses randomly generated access control keys for every new session to prevent anonymous clients, search engines or web spiders to harvest your personal information on our servers whether directly or indirectly. Making your private data truly private while online. Therefore there is no need to worry about your private information being leaked out into the public Internet from an anonymous client, search engine or web spider pretending to be a web browser.

I hope that this article will help our users to better appreciate the hard work that we have put into our software design and development to ensure their security and privacy. We welcome your participation in helping us improve our security features so that we can better protect you and your information while social networking with us online on Hiitch. So relax and start to get to know people on our network and leave the difficult part to us.