How to prepare to join the Internet of the dead

Online_No_One_Knows_Youre_Dead

In January 2015, security researcher and beloved, prolific geek Michael "Hackerjoe" Hamelin died in a head-on collision that also hospitalized his widow, Beth Hamelin. Read the rest

FBI's war on encryption is unnecessary because the Internet of Things will spy on us just fine

Reuters

The war on encryption waged by the F.B.I. and other intelligence agencies is unnecessary, because the data trails we voluntarily leak allow “Internet of Things” devices and social media networks to track us in ways the government can access.

That's the short version of what's in “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” a study published today by the Berkman Center for Internet and Society at Harvard.

Read the rest

California assemblyman joins NY legislator in proposing ban on crypto for phones

001

California assemblyman Jim Cooper (D-9th) has copy-pasted New York assemblyman Matthew Titone's (D-61st) insane, reality-denying bill that bans companies from selling smartphones with working crypto on them, introducing nearly identical measures in the California legislature. Read the rest

Juniper's products are still insecure; more evidence that the company was complicit

MX480_left.png

It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest

Lessig on how the economics of data-retention will drive privacy tech

Panopticon

In an interview with the WSJ's CIO blog, Lawrence Lessig proposes that the existence of cryptographic tools that allow for "zero-knowledge" data-querying, combined with the potential liability from leaks, will drive companies to retain less data on their customers. Read the rest

Payment system security is hilariously bad

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x910

In Shopshifting: The potential for payment system abuse, Karsten Nohl and Fabian Bräunlein showed attendees at Hamburg's Chaos Communications Congress just how poor the security in payment terminals is, and demonstrated several attacks that would let them harvest card numbers and PINs, make undetectable phantom charges and refunds to merchant accounts, and commit other mischief. Read the rest

Windows 10 covertly sends your disk-encryption keys to Microsoft

152101REDSchwartzWin10

There's no way to turn off the "recovery" feature that sends your disk encryption keys to Microsoft by default, without notice -- though you can (and should) ask Microsoft to forget the keys later. Read the rest

Wishful thinking versus terrorism: why crypto backdoors are a dumb idea

Cinderlla_Animated

"We know of no case where such an addition of exceptional access capabilities has not resulted in weakened security." Read the rest

Obama promises statement on encryption before Xmas (maybe)

Asymmetric_cryptography_-_step_2.svg

The Obama administration, which has staffed up on savvy pro-privacy technologists, even as its law enforcement arm has called for a "magic pony" that would let Internet users attain technological security without compromising the ability to wiretap them, has promised to release a statement indicating whether it will make policy based on science or fear.

Update: Kevin Bankston clarifies:

Read the rest

Harlem Cryptoparty: Crypto matters for #blacklivesmatter

cYrxq8Ks.png

This week's Radio Motherboard podcast (MP3) talks with Matthew Mitchell, a former data journalist who organizes Harlem Cryptoparty, a regular training meeting for black activists who want to learn to defend themselves against the burgeoning police/DHS practice of racially profiling black activists through targeted surveillance.

Though social media surveillance is a modern phenomenon, the US government has a long and shameful history of surveilling black activists (see, for example, the FBI's attempt to convince Martin Luther King to kill himself).

Harlem Cryptoparty is an attempt to help black people armor themselves against everyday surveillance, promoted through barbershops, hair salons, black churches and flyers in the neighborhood.

2:24 Mitchell explains why a cryptography meetup makes sense in Harlem.

5:05 In order to reach the Harlem community, you have to recruit offline.

7:55 Cryptoparties and privacy events are still rare in the inner city in predominantly black and Latino communities, even though it’s not just a hypothetical threat. “You’re worried about, hey this guy threw me against a wall, flashed a badge at me, took my phone, he said if I gave him the phone he’ll let me walk, otherwise I have to do paper work. What was he doing with it?”

9:40 Nusrat Choudury from the ACLU’s Racial Justice program joins us. She wrote this piece, “The Government Is Watching #BlackLivesMatter, And It’s Not Okay.”

12:40 There is a pattern throughout history of the government using the fear of threats to conduct surveillance on “people who look or act different.”

15:30 A private security firm called Zero Fox collected information on protesters in Baltimore and labeled some “high severity physical threats.”

The Black Community Needs Encryption [Adrianne Jeffries/Vice] Read the rest

French PM defies Ministry of Interior, says he won't ban open wifi or Tor

LibertyEqualityorDeath

Despite the French Ministry of Interior's demands to crack down on Internet anonymity, Prime Minister Manual Valls has gone on record saying he won't allow such a thing to pass: Read the rest

The crypto explainer you should send to your boss (and the FBI)

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x894

Whenever a clueless authority figure who apparently knows nothing about security (like, apparently, FBI director James Comey) calls for a ban on crypto, here's the article you should show them.

Read the rest

The moral character of cryptographic work

Bertrand Russel- Albert Einstein

Phillip Rogaway, an eminent computer scientist and cryptographer at UC Davis, has made a stir in information security circles with a long, thoughtful paper called The Moral Character of Cryptographic Work. Read the rest

Let's Encrypt enters public beta: free HTTPS certificates for everyone!

free-ssl-certificate

Let's Encrypt is a joint project from EFF, Mozilla and others that allows anyone to create a free HTTPS certificate in minutes, this being a critical piece of infrastructure, necessary for making connections between a web-server and a browser secure and private. Read the rest

Free usability help for privacy toolmakers

home-toolbox@2.png

Simply Secure, a nonprofit I volunteer for, is launching a new series of usability programs for organizations, companies and individuals who are making cryptographic/privacy/security tools. Read the rest

The Tor project is soliciting donations in its first fundraising drive

tor.png

The nonprofit foundation that oversees development on Tor, the anonymity and privacy tool, has launched its first ever major cash fundraiser, seeking support for its crucial work. Read the rest

Mozilla will let go of Thunderbird

image-of-mozilla-thunderbird-logo5141-580x358

The Mozilla Foundation stopped active development of the Thunderbird stand-alone email client in 2012, a year before Edward Snowden's revelations about mass email interception by spy agencies sparked an exodus from webmail platforms. Read the rest

More posts