Sock-puppet- and traffic-analysis-resistant group conversation protocol

Dissent implements the Dining Cryptographers and Verifiable Shuffling algorithms to produce a group-conversation system that is resistant to traffic analysis. Feels like we're entering the second golden age of cypherpunk.

Read the rest

Crypto-Santa: use onion routing to anonymize gifts at your Xmas party

Dmytri writes, "Add a crypto wrinkle to your Kris Kringle! Make your Secret Santa even more secret with the magic of Onion Wrapping!"

Read the rest

Google's end-to-end email encryption moves to Github

Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.

Read the rest

Over 700 million people have taken steps to improve privacy since Snowden


As Schneier points out, the way this is spun ("only 39% of people did something because of Snowden") is bullshit: the headline number is that more than 700 million people are in the market for a product that barely exists, and that could make more money than Facebook if you get it right.

Read the rest

Spain's Xnet: leak-publishing corruption-fighters


Xnet is a Spanish collective that invites the public to leak evidence of corruption using the Tor anonymizer, then uses those leaks to bring private criminal complaints against officials and corporations.

Read the rest

We know you love privacy, Judge Posner. We just wish you'd share.


As I wrote yesterday, 7th circuit judge Richard Posner's views on privacy (basically: "nothing to fear, nothing to hide" and "it should be illegal to made a phone the government can't search") are dismal and unsophisticated -- but they're also deeply hypocritical.

Read the rest

Blackphone announces privacy-oriented app store


Blackphone, the Swiss-based, secure hardware/OS mobile phone from PGP inventor Phil Zimmerman has announced that it will provide a store with privacy-oriented apps that are sandboxed to minimize data-misuse.

Read the rest

Judge Posner: it should be illegal to make phones the government can't search

Cory Doctorow on why privacy is about more than concealing crime—and why backdoors are inevitably available to everyone, not just people you trust.

Read the rest

Fellowships available in security usability

The Open Technology Fund and Simply Secure are offering fellowships to researchers who seek funding to work on usability in privacy and security technology.

Read the rest

Senator Ron Wyden introduces a bill banning FBI backdoors


It's a legislative shot across the bow of the FBI, who are demanding back-doors in phones and other devices, claiming "children will die" unless our pocket supercomputers are designed to allow untrusted parties to secretly take them over.

Read the rest

NSA leak reveal plans to subvert mobile network security around the world


The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security.

Read the rest

When Ed Snowden met Marcus Yallow


Here's a scene from Citizenfour, Laura Poitras's acclaimed documentary on Edward Snowden, showing Snowden packing his bags to leave Hong Kong, showing the book on his nightstand: my novel Homeland.

Read the rest

Free encryption training workshops in NYC


Tommy writes, "I'm working with Verso Books (which just published Gabriella Coleman's Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous to provide free encryption workshops to groups in NYC."

Read the rest

Whatsapp integrates Moxie Marlinspike's Textsecure end-to-end crypto


It's the largest-ever deployment of end-to-end crypto, and assuming they didn't add any back-doors or make critical errors, this means that hundreds of millions of users can now communicate without being spied upon by governments, crooks, cops, spies or voyeurs.

Read the rest

EFF backs new nonprofit free certificate authority "Let's Encrypt"

It will be overseen by Internet Security Research Group with backing from EFF, Mozilla, Cisco, Akamai and others, and will offer free HTTPS certificates to all comers, making it radically easier and cheaper to encrypt the Web and make it resistant to mass surveillance.

Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol—in contrast to HTTP—encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection.

The new Let's Encrypt project aims to solve that. Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.

Let's Encrypt

New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic [EFF]