Welcome to the demo sandbox for the open-source Black Highlighter project! It promotes Transparency, Security and Accountability through a server component and a browser widget that make cryptographically verifiable redaction available to everyone. Read on for more background, or jump in and try it now...
The system is different from other commenting and email you've seen on the web. Prior to publishing, you're given a redaction pen. Everything you mark out is cryptographically signed by client JavaScript code; there is no server communication until the protections have been made. Your browser generates a certificate for the missing portions—given only to you—which you may share subsets of with whomever you wish.
Both client and server are secured against anyone seeing forged information in the missing parts. The checks can be done without sending the sensitive data to a server to make a verificiation. It's then possible for anyone with the certificate to choose to reveal information to the server if that becomes necessary. But that can be done on a per-redaction basis without publishing everything.
Currently there is some support for making it possible for your browser to look for patterns in text, and automatically suggest things that may be sensitive. These suggestions can easily be taken with a one-click protection. Of course there are infinite features one can imagine, and feel free to submit yours to the project's issue tracker on GitHub!
It's easy to use and has wide cross-browser compatibility, although the redaction pen doesn't work on touch interfaces (yet). The server component is written in Node.JS, and the only dependency for the browser widget is jQuery. (Read the full credits for the technologies used; both in the components themselves...as well as in this sample sandbox "app".)
The applications might not be immediately obvious. But let's imagine a few sample scenarios:
There's a pattern in all of these scenarios. Some piece of a puzzle where information was "totally private" is reshaped to become "somewhat public". One person summarized it as "flipping the inbox", to where instead of your messages disappearing into someone else's inbox...they effectively stay in your outbox and have some amount of searchability. That transition brings the potential for more parties to see what's going on, and act on better data.
And opening data opens doors. Google already assists the CDC by taking all the trends in "anonymized" data (that is still geo-tagged) to track disease epidemics based on searches for symptoms. But should Google and the NSA be the only people with the ability to measure, mine, and oversee the big picture? And should the inbox of strangers you invest in outreaching to—who aren't necessarily trustworthy to read or execute on what you're sending—be where the buck stops?
Right now, that is where the buck stops, all too often. But as Bjork says in verse: "Don't let them do that to you."
That's a reasonable question; and we don't really know. The empirical evidence suggests that those who enjoy a position of power aren't eager to give it up. So what is almost certainly true is that systems will not change to be more transparent or accountable unless those who are being marginalized stick to their guns, and demand changes to the process. Black Highlighter isn't the only idea, but it's a new one that deserves a fair shot.
So if you like the concept, then share this demonstration with others. And if you are a JavaScript developer, web developer, or cryptographer...then please don't hesitate to get in touch about helping develop it. A good first goal is to get it adopted in government scenarios where the law requires transparency, though any application would be a fine start. Don't hesitate to make contact, and feel free to send your message body as a Black Highlighter certificate. :-)
But most of all: demand Transparency, Security, and Accountability —however it is achieved.
[æ]
Running on Node.js v22.9.0 and Render : (project page, source, credits)