The Cocoon Blog
The Internet as it should be: private, secure and virus free

About two months ago, we launched the Cocoon service in what could be called its alpha phase. We invited only 20 users to test what it would be like to browse the web privately and securely. Would browsing be slowed down? Would people understand the interface? How would people like the features we were introducing?

The feedback was terrific. We learned much about the controls and features – and most importantly how to communicate these features to users. People loved the idea of not giving up their identity and IP address, but they wondered how to be sure it was really working? This was answered by a quick visit to www.whatsmyip.org showing the IP address of Cocoon servers as the browsing source. Demonstrating the safety of Cocoon browsing is more difficult. Sure you could go to a malware laden site and browse away unscathed, but to be really sure you’d then have to go back without Cocoon and end up infected, and who wants to do that? (You don’t want to crash the car to prove the airbags work.) We’re still working on a way to demonstrate Cocoon anti-malware protection so people really get it.

Even as testing was going on, we knew that Cocoon browsing would soon be taking another form. Yes, the Cocoon browser has some great features, but what about people that don’t want to switch from their current browser of choice? Our engineering team was already at work on a plug-in offering all the features, security and privacy of the Cocoon service but accessed using leading browsers: Firefox, IE, and Safari.

This meant the development on the Cocoon browser would stop, while the focus was full speed ahead on a plug-in. While it is hard to take a step sideways in development, we know the end result will be a better solution for our users.

So where are we now? We have a functioning Firefox plug-in that allows us to browse safely and privately through Cocoon servers. We are now adding features that we tested with our alpha browser — anonymous email addresses and enhanced favorites and history — along with new features for password and profile management.

It’s difficult to wait. We want to introduce our new way of using the web now and hear what users have to say. But, each day we get a bit closer to a full beta launch. Go to www.GetCoccon.com if you’d like to be notified when the plug-in becomes available. Until then, surf with care.

A friend and colleague recently wrote a great piece on Internet security and privacy best practices, which will eventually be posted on the Cocoon website. Reading it, got me thinking about just how strong are various passwords?

Hopefully most people know not to use passwords that are associated with something that can be traced directly back to them with just a bit of research. Birthdates, names of pets, spouse’s name, etc. can all be figured out with a bit of social engineering or access to your Facebook page.

But how effective are words themselves? What about mixed upper and lower case? What if you toss in some numbers? How long would a password-cracking program take to figure them out?

Let’s take a look from info gathered here:

Obviously, the quality of the password cracking code and the amount of computing power will affect the speed of cracking the password. This website breaks it down into six different classes, “A” through “F” with “F” being the best. For my purpose I’m going to use “C”. Good, but not the best.

If your password is 5 characters long and uses . . .

• The full alphabet but doesn’t mix upper and lowercase, the time to “crack” = 12 seconds.
• The full alphabet and numbers 0 through 9 but doesn’t mix upper and lowercase, the time to “crack” = 1 minute.
• The full alphabet and numbers with mixed case, time to “crack” = 15 minutes.
• If we combine the alphabet, numbers, mixed case and use 6 characters instead of 5, time to “crack” goes jumps to 16 hours.
• If we go to 8 characters and throw in symbols like # % & *, the time to “crack” jumps to 94 years!

Bottom line, you need at least 6 characters, a mix of numbers and cases, and toss in a special character for good measure. And one more thing, don’t use the same password for every website.

Wow. It’s not easy out there! Stay tuned for more info on best internet security practices.