Free encryption training workshops in NYC


Tommy writes, "I'm working with Verso Books (which just published Gabriella Coleman's Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous to provide free encryption workshops to groups in NYC."

Read the rest

Whatsapp integrates Moxie Marlinspike's Textsecure end-to-end crypto


It's the largest-ever deployment of end-to-end crypto, and assuming they didn't add any back-doors or make critical errors, this means that hundreds of millions of users can now communicate without being spied upon by governments, crooks, cops, spies or voyeurs.

Read the rest

EFF backs new nonprofit free certificate authority "Let's Encrypt"

It will be overseen by Internet Security Research Group with backing from EFF, Mozilla, Cisco, Akamai and others, and will offer free HTTPS certificates to all comers, making it radically easier and cheaper to encrypt the Web and make it resistant to mass surveillance.

Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol—in contrast to HTTP—encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection.

The new Let's Encrypt project aims to solve that. Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.

Let's Encrypt

New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic [EFF]

How the Enigma code-machines worked


With the release of the Alan Turing biopic "The Imitation Game," interest in the Enigma cipher used by the Axis powers and broken by Turing and the exiled Polish mathematicians at Bletchley Park has been revived.

Read the rest

ISPs caught sabotaging their customers' email encryption


Ever since 2013, when the Electronic Frontier Foundation started shaming email providers that did not encrypt their customers' email, more and more mail providers have turned on STARTTLS, which protects email in transit from snooping, without requiring users to take any additional steps.

Read the rest

Opsec, Snowden style

Micah Lee, the former EFF staffer whom Edward Snowden reached out to in order to establish secure connections to Glenn Greenwald and Laura Poitras, shares the methodology he and Snowden employed to stay secure and secret in the face of overwhelming risk and scrutiny.

Read the rest

Which crowdfunded privacy routers are worthy of your trust?


After the spectacular rise and fall of Anonabox, a kickstarted $45 router that was supposed to protect your privacy but had its campaign yanked for not being entirely forthright with backers, a spate of shady, silly, and even serious projects have sprung up to fill the demand that Anonabox's $615,000 Kickstarter near-win demonstrated.

Read the rest

EFF launches a new version of Surveillance Self-Defense


Hugh from the Electronic Frontier Foundation writes, "We're thrilled to announce the relaunch of Surveillance Self-Defense (SSD), our guide to defending yourself and your friends from digital surveillance by using encryption tools and developing appropriate privacy and security practices. The site launches today in English, Arabic, and Spanish, with more languages coming soon."

Surveillance Self-Defense (Thanks, Hugh!)

What's the best way to weaken crypto?


Daniel Bernstein, the defendant in the landmark lawsuit that legalized cryptography (over howls of protest from the NSA) engages in a thought-experiment about how the NSA might be secretly undermining crypto through sabotage projects like BULLRUN/EDGEHILL.

Making sure crypto stays insecure [PDF/Daniel J Bernstein]

(via O'Reilly Radar)

When can the police search your computer/phone?


The Electronic Frontier Foundation has updated its indispensable "Know Your Rights" guide for dealing with police search requests for your phone, computer, and other devices.

Know Your Rights [Hanni Fakhoury and Nadia Kayyali/EFF]

Tor Browser goes 4.0

The 4.0 version of the secure, anonymized, private browser disables SSL3 (in deference to the POODLE attack) and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls.

Read the rest

FBI chief demands an end to cellphone security

If your phone is designed to be secure against thieves, voyeurs, and hackers, it'll also stop spies and cops. So the FBI has demanded that device makers redesign their products so that they -- and anyone who can impersonate them -- can break into them at will.

Read the rest

Darkmatter: a secure Paranoid Android version that hides from attackers

Stock Android phones with the Darkmatter OS use encrypted storage, OS-level app controls, and secure messaging by default, but if the phone thinks it's under attack, it dismounts all the encrypted stuff and reboots as a stock Android phone with no obvious hints that its owner has anything hidden on it.

Read the rest

There's no back door that only works for good guys

My latest Guardian column, Crypto wars redux: why the FBI's desire to unlock your private life must be resisted, explains why the US government's push to mandate insecure back-doors in all our devices is such a terrible idea -- the antithesis of "cyber-security."

Read the rest

Help wanted: crypto-usability research director & ops manager

Simply Secure, a nonprofit developing usable, free, open interfaces for cryptographic communications tools like OTR, is hiring!

Read the rest