What's the best way to weaken crypto?


Daniel Bernstein, the defendant in the landmark lawsuit that legalized cryptography (over howls of protest from the NSA) engages in a thought-experiment about how the NSA might be secretly undermining crypto through sabotage projects like BULLRUN/EDGEHILL.

Making sure crypto stays insecure [PDF/Daniel J Bernstein]

(via O'Reilly Radar)

When can the police search your computer/phone?


The Electronic Frontier Foundation has updated its indispensable "Know Your Rights" guide for dealing with police search requests for your phone, computer, and other devices.

Know Your Rights [Hanni Fakhoury and Nadia Kayyali/EFF]

Tor Browser goes 4.0

The 4.0 version of the secure, anonymized, private browser disables SSL3 (in deference to the POODLE attack) and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls.

Read the rest

FBI chief demands an end to cellphone security

If your phone is designed to be secure against thieves, voyeurs, and hackers, it'll also stop spies and cops. So the FBI has demanded that device makers redesign their products so that they -- and anyone who can impersonate them -- can break into them at will.

Read the rest

Darkmatter: a secure Paranoid Android version that hides from attackers

Stock Android phones with the Darkmatter OS use encrypted storage, OS-level app controls, and secure messaging by default, but if the phone thinks it's under attack, it dismounts all the encrypted stuff and reboots as a stock Android phone with no obvious hints that its owner has anything hidden on it.

Read the rest

There's no back door that only works for good guys

My latest Guardian column, Crypto wars redux: why the FBI's desire to unlock your private life must be resisted, explains why the US government's push to mandate insecure back-doors in all our devices is such a terrible idea -- the antithesis of "cyber-security."

Read the rest

Help wanted: crypto-usability research director & ops manager

Simply Secure, a nonprofit developing usable, free, open interfaces for cryptographic communications tools like OTR, is hiring!

Read the rest

Faced with network surveillance, Hong Kong student demonstrators go P2P


The makers of Firechat, a wireless P2P chat app that works phone-to-phone over Bluetooth and wifi, say they've seen a surge of new users from Hong Kong's student demonstrators, who are locked in pitched battle with the territory's police as they fight for the right to choose HK's leaders without interference with Beijing, against a backdrop of growing wealth inequality.

Read the rest

Reasons (not) to trust Apple's privacy promises

Apple's new Ios privacy policy makes some bold promises about their technology's wiretap-resistance, saying that even if Apple wanted to snoop on your messages, they couldn't, but as EFF co-founder John Gilmore points out, Apple's asking you to take an awful lot on faith here.

Read the rest

Privacy for Normal People


My latest Guardian column, Privacy technology everyone can use would make us all more secure, makes the case for privacy technology as something that anyone can -- and should use, discussing the work being done by the charitable Simply Secure foundation that launches today (site is not yet up as of this writing), with the mandate to create usable interfaces to cryptographic tools, and to teach crypto developers how to make their tools accessible to non-technical people.

Read the rest

Free cybersecurity MOOC


The Open University's "Introduction to Cyber Security" is a free online course -- with optional certificate -- that teaches the fundamentals of crypto, information security, and privacy; I host the series, which starts on Oct 13."

Read the rest

UK Ministry of Justice loses harddrive with 3,000 prisoners' data, which they forgot to encrypt

Alan sez, "The UK Ministry of Justice was just slapped with a fine for the loss of a hard disk containing data on over 3,000 prisoners. These things happen."

Read the rest

Honorable spies anonymously leak NSA/GHCQ-discovered flaws in Tor

Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users.

Read the rest

A video about cybersecurity that you should really watch

Dan Geer's Black Hat 2014 talk Cybersecurity as Realpolitik (also available as text) is thoughtful, smart, vital, and cuts through -- then ties together -- strands of security, liability, governance, privacy, and fairness, and is a veritable manifesto for a better world.

Read the rest

EFF unveils secure, sharing-friendly, privacy-minded router OS

As promised, the Open Wireless Movement's new sharing-friendly, privacy-minded router operating system was unveiled at HOPE X in New York last weekend.

Read the rest