Have you ever wanted to build your own personal Yahoo Messager or MSN Live network? A private and secure network that is only for your family, company, organization, friends, peers and etc. You want to stay connected with your friends and family online but you don’t want the whole world to be connected to your network. That way you can have the freedom to be personal to your contacts without sacrificing any of your privacy on the Internet. You will no longer have to worry about big companies hosting your private data, messages and pictures or using you as a promotion for their benefit. You are now able to build your own trusted social network just for your personal community. Imagine that you can have your own:

• Personal channel of real time communication.
• Share intimate pictures with family and friends.
• Share private and confidential videos or documents with each other.
• Discover for yourself your children’s friends, parent’s friends and etc within your own secure private network.
• Share your daily activities online with your friends and family and not loss your privacy or that of your community.
• And much more, the possibilities are endless!

If all these sounds exciting to you, then Hiitch is what you want! We at Hiitch have decided to take a three step approach to helping you achieve all that we have mentioned above. We want to thank all those who have written to us about your opinions on open sourcing Hiitch. After considering all your suggestions, we have decided to move Hiitch in these three stages:

Stage 1: Hiitch is close source and only the client is available for download. Join us to actively build the Hiitch community together.
Stage 2: Make both the server and client binaries available for you to use and build your own private desktop social networks.
Stage 3: If our community of users have a strong desire to open source Hiitch, then we will open source Hiitch!

All that we ask of you is to help build the Hiitch community with us. Get involve with us by telling us why you want a system like Hiitch. If you want to try Hiitch to see what you can do with it, then join our community today! You can download a completely free copy of Hiitch client from our website to try it out as a demo. Currently we have a very limited network bandwidth used for demo purposes only so you may experience a slight issue in terms of performance but it should give you a good feel of the product features and what you can use it for.

In the future, we hope to allow you (our community) to decide on the features that you would like to have on Hiitch or to contribute code to Hiitch if we do open source it depending on your demand. We can even collaborate and build decentralized desktop networks to help everyone on Hiitch to stay connected, if desired. Come join us and participate in a new era of personal desktop social networking. let us create social networking history together today!

Help us spread the word if what we have proposed interest you and become part of our community decision making process.

I have read an article about MySpace in a fairly recent news article a few weeks back and thought that I should highlight the importance of security in social networking. In the early days of the Internet, most websites were information sites. However, today our web content has gone far from just being informative. Net citizens are beginning to take up their own identities on the Internet through blogs and social networking sites. The concept of verifiable digital identity, its use/misuse, its privacy and its authenticity are becoming critical issues. On-line security becomes the only front-line protection mechanism against these budding problems.

Most average net citizens don’t even care about such issues thinking that it do not concern them. The common respond is, “I don’t really care or it is not important!” Worse of all, they naively believe that their on-line service providers have it all covered. A common respond for this is, “It is a very popular site, they should be safe.” In this article, I hope to discuss about some of the things that net citizens should look out for in any site or software that involves the use of their identity on-line.

The first step to security is to keep your information private and permission controlled. Allowing the whole world to view information about you is a huge security risk. Now, you may ask if that is important. The obvious answer is yes. What is it that they want to do with your information? These information can give them clues to the sites your visit, passwords, user Ids, places you hang out in the real world, your habits, your health, your private life, your bank or credit card information and etc. The information that is gathered about you can then be use to stalk you in the real world, steal and use your identity to do terrorist activities, extort you, blackmail you, bully you, spread rumours and gossip about you and etc. I am sure that if you are creative, you can come up with more horrible things that can happen. Do you know that your service providers are not required by law to protect your information and that you visit and use sites at your own risk? Security is basically your own responsibility. You should never post any information about yourself unless you know you can control how they are accessed. Always remember to take your time to read the security and privacy statements that are provided by most service providers, then decide for yourself if you want to use them. If any service provider that you are looking at do not have any such information, your alarms should start sounding off. If in doubt, you should always question them about how they intent to keep your information safe before signing up for their services. In addition, you can also search for news about the service provider that you are interested in before signing up with them. News articles can sometimes reveal a lot about how secure they are.

Other general things to worry about in regard to keeping your information private includes malicious web spiders and search engines that unknowingly compromise your information. Web servers are all programmed to respond in a specific way when queried. It is this standard protocol or behavior that makes the Internet so widely used. However, web servers also becomes more easily exploitable when configured inappropriately or when bugs are discovered through cleverly crafted probes. In short, web servers can unknowingly pass your private information to a malicious web spider or search engine and make your private information publicly available. In most cases your service provider should have a plan to deal with all these issues. If a service provider shows little concern about protecting your information, perhaps you should reconsider putting them there.

The second step is to ensure that you are connecting to the right services that you desire. Failure to ensure that may result in information leaks that can be used against you. Do you know that there are malicious software and people collecting information about you all the time on the Internet? Hacks such as man-in-the-middle attacks and phishing are on the rise. The goal of the hacks is to steal your private information either by hijacking your information half way to your service provider or by pretending to be your service provider. Being sure that your service provider has the capabilities to keep your information safe and access controlled is not enough. Your service provider needs to ensure that you can connect to them securely and without doubt. Hackers can easily use tools to harvest your information en-route to your service provider and hide their actions using techniques such as network address translation (NAT). Step one only makes sense when you are sure that your information is going to the correct service provider.

The third step is to ensure that your service provider has the capabilities to protect you from third party components that reside on their website or software. Giving users the permission to add custom components on top of their services can and will introduce new security issues. All the other threats we have discussed so far comes from outside your service provider, embedded components on the other hand comes from internal and is viewed as part of the system. Most users have the wrong perception that anything from a secure site or software is safe but this is not true when it comes to third party add-on. Most service provider disclaimer will include a sentence that protects them from such issues. These add-on can sometimes become the security loop hole to the unbreakable fortress. A simple example would be a widget that broadcast your information in plain text residing in a secure website. Add-on includes media players, nice innocent looking widgets, unseen script code and etc. Seeing custom components and widgets on a website should also raise your alert level while browsing because the security risk is higher. Shutting down the browser’s capabilities on third party components can also be a good solution to protect yourself against such threats. Third party components are becoming a greater threat now that almost all social networking sites uses or allows some form of add-on.

Web browser based technologies are more widely published and hence more widely exploited than custom clients. It does not mean that therefore web browser based technologies are less safe, it just means that more people tries to break your system through it than through custom clients.

I hope that the discussion has helped you become better aware of the need for security while social networking on-line and how poor security will result in you paying the price and not your service provider.

Security is the top most priority in Hiitch. A lot of effort have been put into designing safety mechanisms to help protect our users from malicious threats on the Internet. In this article I will discuss a few of these mechanisms that we have developed and designed to help our users better appreciate the true value of Hiitch. We do not see our security features as a full proof system but we do know that anyone trying to break our system will have their hands full.

Let us start from a few of the protection mechanisms that we have put in place for our users:

Encryption: All the user’s registration information are encrypted both on the local computer and on the remote server. If anyone who is not suppose to access these information manages to get a hold of them, they will still not be able to decipher the details. We do not use static global keys to encrypt these information. Hence, each user has a different set of encryption keys which will provide the most optimal protection in most cases. Coupled with the OS system’s multi-user login protection, the two layer security is good enough to deter even the most advanced crackers. All communication on the Internet uses SSL. SSL basically encrypts the connection so that all data going in and out are undecipherable. So if someone manages to compromise your system or any other computer in your network or along the path that your network packets travel. They can easily setup a snooping software to gather your network data, however, they will not be able to make sense of it.

Password Retrieval: We have added a long list of good security questions that our users can use. Our security questions are very personal and sensitive questions that our users will not easily give out to any other people that they do not trust. We do not allow our users to enter their own security questions because we worry that they may unknowingly breach the whole purpose of having a security question. One good example of a bad security question would be, “What is my pet’s name?”. Your neighbor next door who hates you hears you playing with your pet “dodadi” every evening. Your neighbor goes online to Hiitch and tries your pet name and amazingly gets access to your password, that is provided that your neighbor knows your user Id. We also do not use the email system to send our users their password. This is because we do not have control over other email providers who may breach our security by sending your private password in plain text over the Internet. While the email is traveling to your mail box, it may be routed over several other computers that have been compromised and is snooping for information on the network. In order to break your security question, the cracker must know which question you have selected as your security question and what the answer to that question is. This alone should deter them somewhat as long as the answer to the question has not been compromised.

Privacy Filters: Hiitch has a good set of privacy features that allow our users to customize for themselves who and what they want to allow as public and viewable. No one can view your information if you have set them to private. Privacy features are enforced by our servers and no one can alter them except the owner of the resource. Hackers who wants to alter your settings will need to know the randomly generated access control key before they can even attempt to access your resources. The difficult part for the hacker in regard to the generated access control keys is that it changes every time you login to our network.

Spam Protection: Hiitch has a unique system that allows our users to send email to their contact list people without having to know the email address of the person that they are sending the email to. This provides a great amount of privacy for our users and also avoids spamming issues. If your mail box have spam control then mails sent from our server will be placed there until you agree to accept them. Neither the sender nor the receiver will have access to each others email during the entire mailing process. Except for the people who are in your contact list, no one else can send you emails through our mail system.

Digital Signature Verification: In addition to encryption and SSL, we also use digital signature verification to resolve the identity of the server that our client software is connecting to. In most of the client and server type services, the key worry that users will have is whether the data is going to the correct target destination (server). Our clients request for a digitally signed identification information from the connecting target (server) before sending any sensitive information to it. If the signature can be verified by the clients then we are sure the host server is ours and trusted. If the signature cannot be verified then the clients will refuse any further communication with that server, hence no information has been send to that server. That means that if our client software allow you to connect to any server, then that server must belong to us. This protects our users from hackers using phishing scams and man in the middle attacks.

Access Control Keys: Hiitch uses randomly generated access control keys for every new session to prevent anonymous clients, search engines or web spiders to harvest your personal information on our servers whether directly or indirectly. Making your private data truly private while online. Therefore there is no need to worry about your private information being leaked out into the public Internet from an anonymous client, search engine or web spider pretending to be a web browser.

I hope that this article will help our users to better appreciate the hard work that we have put into our software design and development to ensure their security and privacy. We welcome your participation in helping us improve our security features so that we can better protect you and your information while social networking with us online on Hiitch. So relax and start to get to know people on our network and leave the difficult part to us.