Boing Boing 

NSA-proof passwords


The Intercept's Micah Lee explains how to use Diceware's to generate a passphrase that can survive the NSA's trillion-guess-per-second cracking attempts -- but which can still be easily memorized.

Read the rest

Top homeland security Congressjerk only just heard about crypto, and he doesn't like it


Rep John Carter [R-TX] chairs Homeland Security Appropriations and sits on Defense subcommittees, but he only found out that encryption exists when FBI Director James Comey gave bizarre congressional testimony about the coming Bad Times if we're allowed to know about math.

Read the rest

As crypto wars begin, FBI silently removes sensible advice to encrypt your devices


The FBI used to publish excellent advice about encrypting your devices to keep your data secure when your stuff is lost or stolen; this advice has been silently dropped now that FBI Director James Comey is trying to stop manufacturers from using crypto by default.

Read the rest

Automating remote BIOS attacks


Legbacore's upcoming "digital voodoo" presentation will reveal an automated means of discovering BIOS defects that are vulnerable to remote attacks, meaning that your computer can be compromised below the level of the OS by attackers who do not have physical access to it.

Read the rest

Parliamentary Office of Science & Technology tells Cameron Tor is good, unstoppable


David Cameron has vowed to ban crypto if he wins the UK election, but Parliament's lead technical experts have told him that he can't, and shouldn't, mess with Tor and other cryptographic tools.

Read the rest

Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

No one explains security, privacy, crypto and safety better.Read the rest

Companies should never try to intercept their users' encrypted traffic

Lenovo's disgraceful use of Superfish to compromise its users' security is just the tip of the iceberg: everywhere we look, companies have decided that it's a good idea to sneakily subvert their users' encryption.

Read the rest

Yahoo's security boss faces down NSA director over crypto ban


During Monday's Cybersecurity for a New America conference in DC, Yahoo's Chief Information Security Officer Alex Stamos stood up and had an intense verbal showdown with NSA director Mike Rogers about the NSA's plan to ban working crypto, in which the nation's top spook fumfuhed and fumbled to explain how this idea isn't totally insane.

Read the rest

Laura Poitras's Citizenfour OPSEC


One of the most startling motifs of Citizenfour, Laura Poitras's Academy Award-winning documentary about Edward Snowden, is the use and abuse of cryptographic tools, which are at the center of the NSA's surveillance plans and Snowden's audacious act of whistleblowing.

Read the rest

Anyone who makes you choose between privacy and security wants you to have neither

An excellent op-ed from the Open Rights Group: "When ORG defends privacy, we are fighting to protect people from abuses of power that leave them vulnerable."

Read the rest

If privacy was really dead, would everyone be trying so hard to kill it?


A reader writes, "SF author Peter Watts writes about the ever-encroaching assault on our privacy and how relocating their arguments from the Internet to meatspace illustrates how ridiculous they are, and reasons to be cheerful because of the governments of the 'free world''s determination to eliminate the last shreds of our privacy."

Read the rest

Alan Turing's lost notes discovered as crumpled insulation in Bletchley Park huts


After the war ended, Churchill ordered all of Bletchley's work -- the computers, the notebooks -- destroyed, but some of Alan Turing's notes were discovered between the walls of Hut 6 during a recent renovation, and are now on display at Bletchley Park.

Read the rest

Leaked US cybersecurity report singles out crypto as essential for security of private data

A newly released document from the Snowden trove is a five-year "cyber-threat" forecast that stresses the importance of strong civilian use of cyrptography as crucial to protecting private data, especially the industrial secrets sought by foreign spies.

Read the rest

What David Cameron just proposed would endanger every Briton and destroy the IT industry

David Cameron says there should be no "means of communication" which "we cannot read" -- and no doubt many in his party will agree with him, politically. But if they understood the technology, they would be shocked to their boots.Read the rest

Exciting progress towards surveillance-resistant email


Ladar Levison -- persecuted founder of the now-shuttered private mail service Lavabit, as used by Edward Snowden -- has made great progress on his Darkmail project, a joint initiative with Phil "PGP" Zimmerman's also shut-down Silent Circle private email service.

Read the rest

Crypto puzzles and games for kids

Dev Gualtieri's newly published Secret Codes & Number Games: Cryptographic Projects & Number Games for Children Ages 5-16 is a thoughtfully designed introduction to crypto for kids.

Read the rest

New NSA leaks: does crypto still work?


Matthew Green's got an excellent postmortem on the huge dump of NSA docs Der Spiegel last weekend.

Read the rest

Gnupg needs your support!

Gnu Privacy Guard (GPG, the free/open version of PGP) relies on donations to pay developers to keep the project alive and viable; as one of its millions of users, I am grateful and indebted to the people who keep it alive and that's why I've just donated to the project.

Read the rest

Sock-puppet- and traffic-analysis-resistant group conversation protocol

Dissent implements the Dining Cryptographers and Verifiable Shuffling algorithms to produce a group-conversation system that is resistant to traffic analysis. Feels like we're entering the second golden age of cypherpunk.

Read the rest

Crypto-Santa: use onion routing to anonymize gifts at your Xmas party

Dmytri writes, "Add a crypto wrinkle to your Kris Kringle! Make your Secret Santa even more secret with the magic of Onion Wrapping!"

Read the rest

Google's end-to-end email encryption moves to Github

Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.

Read the rest

Over 700 million people have taken steps to improve privacy since Snowden


As Schneier points out, the way this is spun ("only 39% of people did something because of Snowden") is bullshit: the headline number is that more than 700 million people are in the market for a product that barely exists, and that could make more money than Facebook if you get it right.

Read the rest

Spain's Xnet: leak-publishing corruption-fighters


Xnet is a Spanish collective that invites the public to leak evidence of corruption using the Tor anonymizer, then uses those leaks to bring private criminal complaints against officials and corporations.

Read the rest

We know you love privacy, Judge Posner. We just wish you'd share.


As I wrote yesterday, 7th circuit judge Richard Posner's views on privacy (basically: "nothing to fear, nothing to hide" and "it should be illegal to made a phone the government can't search") are dismal and unsophisticated -- but they're also deeply hypocritical.

Read the rest

Blackphone announces privacy-oriented app store


Blackphone, the Swiss-based, secure hardware/OS mobile phone from PGP inventor Phil Zimmerman has announced that it will provide a store with privacy-oriented apps that are sandboxed to minimize data-misuse.

Read the rest

Judge Posner: it should be illegal to make phones the government can't search

Cory Doctorow on why privacy is about more than concealing crime—and why backdoors are inevitably available to everyone, not just people you trust.Read the rest

Fellowships available in security usability

The Open Technology Fund and Simply Secure are offering fellowships to researchers who seek funding to work on usability in privacy and security technology.

Read the rest

Senator Ron Wyden introduces a bill banning FBI backdoors


It's a legislative shot across the bow of the FBI, who are demanding back-doors in phones and other devices, claiming "children will die" unless our pocket supercomputers are designed to allow untrusted parties to secretly take them over.

Read the rest

NSA leak reveal plans to subvert mobile network security around the world


The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security.

Read the rest

When Ed Snowden met Marcus Yallow


Here's a scene from Citizenfour, Laura Poitras's acclaimed documentary on Edward Snowden, showing Snowden packing his bags to leave Hong Kong, showing the book on his nightstand: my novel Homeland.

Read the rest