Boing Boing 

Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

No one explains security, privacy, crypto and safety better than Bruce Schneier, and while he’s been talking about this subject for decades, it’s never been more relevant, as his new guide to the post-Snowden world Data and Goliath demonstrates.

Read the rest

Companies should never try to intercept their users' encrypted traffic

Lenovo's disgraceful use of Superfish to compromise its users' security is just the tip of the iceberg: everywhere we look, companies have decided that it's a good idea to sneakily subvert their users' encryption.

Read the rest

Yahoo's security boss faces down NSA director over crypto ban


During Monday's Cybersecurity for a New America conference in DC, Yahoo's Chief Information Security Officer Alex Stamos stood up and had an intense verbal showdown with NSA director Mike Rogers about the NSA's plan to ban working crypto, in which the nation's top spook fumfuhed and fumbled to explain how this idea isn't totally insane.

Read the rest

Laura Poitras's Citizenfour OPSEC


One of the most startling motifs of Citizenfour, Laura Poitras's Academy Award-winning documentary about Edward Snowden, is the use and abuse of cryptographic tools, which are at the center of the NSA's surveillance plans and Snowden's audacious act of whistleblowing.

Read the rest

Anyone who makes you choose between privacy and security wants you to have neither

An excellent op-ed from the Open Rights Group: "When ORG defends privacy, we are fighting to protect people from abuses of power that leave them vulnerable."

Read the rest

If privacy was really dead, would everyone be trying so hard to kill it?


A reader writes, "SF author Peter Watts writes about the ever-encroaching assault on our privacy and how relocating their arguments from the Internet to meatspace illustrates how ridiculous they are, and reasons to be cheerful because of the governments of the 'free world''s determination to eliminate the last shreds of our privacy."

Read the rest

Alan Turing's lost notes discovered as crumpled insulation in Bletchley Park huts


After the war ended, Churchill ordered all of Bletchley's work -- the computers, the notebooks -- destroyed, but some of Alan Turing's notes were discovered between the walls of Hut 6 during a recent renovation, and are now on display at Bletchley Park.

Read the rest

Leaked US cybersecurity report singles out crypto as essential for security of private data

A newly released document from the Snowden trove is a five-year "cyber-threat" forecast that stresses the importance of strong civilian use of cyrptography as crucial to protecting private data, especially the industrial secrets sought by foreign spies.

Read the rest

What David Cameron just proposed would endanger every Briton and destroy the IT industry

David Cameron says there should be no “means of communication” which “we cannot read” — and no doubt many in his party will agree with him, politically. But if they understood the technology, they would be shocked to their boots.

Read the rest

Exciting progress towards surveillance-resistant email


Ladar Levison -- persecuted founder of the now-shuttered private mail service Lavabit, as used by Edward Snowden -- has made great progress on his Darkmail project, a joint initiative with Phil "PGP" Zimmerman's also shut-down Silent Circle private email service.

Read the rest

Crypto puzzles and games for kids

Dev Gualtieri's newly published Secret Codes & Number Games: Cryptographic Projects & Number Games for Children Ages 5-16 is a thoughtfully designed introduction to crypto for kids.

Read the rest

New NSA leaks: does crypto still work?


Matthew Green's got an excellent postmortem on the huge dump of NSA docs Der Spiegel last weekend.

Read the rest

Gnupg needs your support!

Gnu Privacy Guard (GPG, the free/open version of PGP) relies on donations to pay developers to keep the project alive and viable; as one of its millions of users, I am grateful and indebted to the people who keep it alive and that's why I've just donated to the project.

Read the rest

Sock-puppet- and traffic-analysis-resistant group conversation protocol

Dissent implements the Dining Cryptographers and Verifiable Shuffling algorithms to produce a group-conversation system that is resistant to traffic analysis. Feels like we're entering the second golden age of cypherpunk.

Read the rest

Crypto-Santa: use onion routing to anonymize gifts at your Xmas party

Dmytri writes, "Add a crypto wrinkle to your Kris Kringle! Make your Secret Santa even more secret with the magic of Onion Wrapping!"

Read the rest

Google's end-to-end email encryption moves to Github

Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.

Read the rest

Over 700 million people have taken steps to improve privacy since Snowden


As Schneier points out, the way this is spun ("only 39% of people did something because of Snowden") is bullshit: the headline number is that more than 700 million people are in the market for a product that barely exists, and that could make more money than Facebook if you get it right.

Read the rest

Spain's Xnet: leak-publishing corruption-fighters


Xnet is a Spanish collective that invites the public to leak evidence of corruption using the Tor anonymizer, then uses those leaks to bring private criminal complaints against officials and corporations.

Read the rest

We know you love privacy, Judge Posner. We just wish you'd share.


As I wrote yesterday, 7th circuit judge Richard Posner's views on privacy (basically: "nothing to fear, nothing to hide" and "it should be illegal to made a phone the government can't search") are dismal and unsophisticated -- but they're also deeply hypocritical.

Read the rest

Blackphone announces privacy-oriented app store


Blackphone, the Swiss-based, secure hardware/OS mobile phone from PGP inventor Phil Zimmerman has announced that it will provide a store with privacy-oriented apps that are sandboxed to minimize data-misuse.

Read the rest

Judge Posner: it should be illegal to make phones the government can't search

Cory Doctorow on why privacy is about more than concealing crime—and why backdoors are inevitably available to everyone, not just people you trust.

Read the rest

Fellowships available in security usability

The Open Technology Fund and Simply Secure are offering fellowships to researchers who seek funding to work on usability in privacy and security technology.

Read the rest

Senator Ron Wyden introduces a bill banning FBI backdoors


It's a legislative shot across the bow of the FBI, who are demanding back-doors in phones and other devices, claiming "children will die" unless our pocket supercomputers are designed to allow untrusted parties to secretly take them over.

Read the rest

NSA leak reveal plans to subvert mobile network security around the world


The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security.

Read the rest

When Ed Snowden met Marcus Yallow


Here's a scene from Citizenfour, Laura Poitras's acclaimed documentary on Edward Snowden, showing Snowden packing his bags to leave Hong Kong, showing the book on his nightstand: my novel Homeland.

Read the rest

Free encryption training workshops in NYC


Tommy writes, "I'm working with Verso Books (which just published Gabriella Coleman's Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous to provide free encryption workshops to groups in NYC."

Read the rest

Whatsapp integrates Moxie Marlinspike's Textsecure end-to-end crypto


It's the largest-ever deployment of end-to-end crypto, and assuming they didn't add any back-doors or make critical errors, this means that hundreds of millions of users can now communicate without being spied upon by governments, crooks, cops, spies or voyeurs.

Read the rest

EFF backs new nonprofit free certificate authority "Let's Encrypt"

It will be overseen by Internet Security Research Group with backing from EFF, Mozilla, Cisco, Akamai and others, and will offer free HTTPS certificates to all comers, making it radically easier and cheaper to encrypt the Web and make it resistant to mass surveillance.

Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol—in contrast to HTTP—encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection.

The new Let's Encrypt project aims to solve that. Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.

Let's Encrypt

New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic [EFF]

How the Enigma code-machines worked


With the release of the Alan Turing biopic "The Imitation Game," interest in the Enigma cipher used by the Axis powers and broken by Turing and the exiled Polish mathematicians at Bletchley Park has been revived.

Read the rest

ISPs caught sabotaging their customers' email encryption


Ever since 2013, when the Electronic Frontier Foundation started shaming email providers that did not encrypt their customers' email, more and more mail providers have turned on STARTTLS, which protects email in transit from snooping, without requiring users to take any additional steps.

Read the rest