Skip to main content

Sounds crazy, but this wall of lava lamps keeps you protected from hackers

Computers are supposed to be predictable. In 99.9 percent of cases, that’s exactly what we want from them. The exception to that rule? When we’re trying to get a computer to generate a truly random number, which is crucial for things like encryption. We’ve previously covered some innovative ways to solve this problem, ranging from quantum physics to carbon nanotubes — but Silicon Valley-based web performance and security company Cloudflare has a different and far more fun, solution: lava lamps.

In the lobby of Cloudflare’s global headquarters in San Francisco, there’s a wall packed with 100 lava lamps of various colors. These lamps are recorded with a camera and a live feed sent to the company’s server, so that lava-related data can be extracted from the image and used to generate packets of unpredictable bits. These unpredictable bits are then sent to Cloudflare servers around the world to help generate cryptographic keys, which ultimately encrypt data for around 10 percent of all web requests.

Recommended Videos

In other words, when you browse the internet, the security of the data you’re sending and receiving is, in part, provided by a wall of lava lamps.

Dani Grant
Dani Grant

“True randomness is difficult to achieve in computers because computers are designed to be predictable,” Nick Sullivan, head of cryptography at Cloudflare, told Digital Trends. “When a computer executes a program, it follows series of predetermined steps. To get truly random numbers, you have to involve the physical world. Most companies rely only on their computer’s operating system to provide randomness, which can sometimes lead to security issues like the recent ROCA vulnerability. It’s always best to mix in multiple sources of randomness.”

Sullivan said the idea for the lava lamp came about in the early days of Cloudflare in discussions between himself, CEO Matthew Prince, CTO John Graham-Cumming, and other early employees — all of whom wanted both to achieve high levels of security and also create some groovy functional art for their office design. “In true startup fashion, we iterated,” he continued. “We started with a single orange lava lamp in the kitchen of the old Cloudflare office, and when we moved to our global headquarters we built an entire wall of them into our lobby.”

News of Cloudflare’s unorthodox (but effective) approach to encryption was recently shared with the world in a video by YouTuber Tom Scott. “I make videos about science, technology, and interesting things in the world — and this was all three,” Scott told us. He’s certainly not wrong on that front!

Luke Dormehl
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
This anti-hacker group helps you escape ransomware for free
A depiction of a hacked computer sitting in an office full of PCs.

This week marks the sixth anniversary of the No More Ransom project, an initiative aimed at helping ransomware victims.

Operating as an online platform to help anyone who’s experiencing trouble after their system has been infected by some form of ransomware, No More Ransom was formed as a joint venture between law enforcement (Europol and the Dutch National Police) alongside IT security firms (Kaspersky and McAfee).

Read more
You’ll never guess what hackers are using Microsoft Calculator for
A depiction of a hacker breaking into a system via the use of code.

Hackers have found an unusual and unconventional method to infect PCs with malware: distributing dangerous code with Windows Calculator.

The individuals behind the well-known QBot malware have managed to find a way to use the program to side-load malicious code on infected systems.

Read more
Update Google Chrome now to protect yourself from an urgent security bug
Google Chrome app on s8 screen.

Google posted a security update for its Chrome browser that fixes what's known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it's best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Read more