Trump's policies on net neutrality, free speech, press freedom, surveillance, encryption and cybersecurity

Three posts from the Electronic Frontier Foundation dispassionately recount the on-the-record policies of Trump and his advisors on issues that matter to a free, fair and open internet: net neutrality; surveillance, encryption and cybersecurity; free speech and freedom of the press. Read the rest

Ten principles for user-protection in hostile states

The Tor Project's "Ten Principles for User Protection in Hostile States" is both thoughtful and thought-provoking -- it's a list that excites my interest as someone who cares about the use of technology in improving lives and organizing political movements (principle 1 is "Do not rely on the law to protect systems or users" -- a call to technologists -- while number 7 is aimed at companies, "Invest in cryptographic R&D to replace non-cryptographic systems" and principle 2 says "Prepare policy commentary for quick response to crisis," which suggests that the law, while not reliable, can't be ignored); and also as a science fiction writer (check out those tags! "Acausal trade," "Pluralistic singularity" and "Golden path"! Yowza!) Read the rest

Freedom of the Press releases an automated, self-updating report card grading news-sites on HTTPS

Secure the News periodically checks in with news-sites to see how many of them implement HTTPS -- the secure protocol that stops your ISP and people snooping on it from knowing which pages you're looking at and from tampering with them -- and what proportion of them default to HTTPS. Read the rest

Bruce Schneier's four-year plan for the Trump years

1. Fight the fights (against more government and commercial surveillance; backdoors, government hacking); 2. Prepare for those fights (push companies to delete those logs; remind everyone that security and privacy can peacefully co-exist); 3. Lay the groundword for a better future (figure out non-surveillance internet business models, privacy-respecting law enforcement, and limits on corporate surveillance); 4. Continue to solve the actual problems (cybercrime, cyber-espionage, cyberwar, the Internet of Things, algorithmic decision making, foreign interference in our elections). Read the rest

Filmmakers want cameras with encrypted storage

Documentarians and news-gatherers who record sensitive material from confidential sources live in terror of having their cameras seized and their storage-cards plundered by law-enforcement; they struggle to remember to immediately transfer their files to encrypted laptop storage and wipe their cards while dodging bombs in conflict zones, or simply to remember to have robotically perfect operational security while they are trying to get a movie made. Read the rest

Cryptomancer: RPG based on real crypto fundamentals

In Cryptomancer, players inhabit a fantasy world populated with elves, dwarves and humans, but they win out by designing and undermining cryptographically secured networks of magical gems that allow different factions to coordinate their actions over distance. Read the rest

UK cops beat phone encryption by "mugging" suspect after he unlocked his phone

Detectives from Scotland Yard's cybercrime unit decided the easiest way to get around their suspect's careful use of full-disk encryption and strong passphrases on his Iphone was to trail him until he made a call, then "mug" him by snatching his phone and then tasking an officer to continuously swipe at the screen to keep it from going to sleep, which would reactivate the disk encryption. Read the rest

The hacker who took over San Francisco's Muni got hacked

Last week, the San Francisco Municipal Light Rail system (the Muni) had to stop charging passengers to ride because a ransomware hacker had taken over its network and encrypted the drives of all of its servers. Read the rest

Iphones secretly send your call history to Apple's cloud, even after you tell them not to

Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals. Read the rest

How to defend your digital rights: street protest edition

The Electronic Frontier Foundation's Digital Security Tips for Protesters builds on its indispensable Surveillance Self Defense guide for protesters with legal and technical suggestions to protect your rights, your data, and your identity when protesting. Read the rest

UAE surveillance contractor is recruiting an army of foreign hackers to break into its citizens' devices

The world's most sophisticated security experts have been bombarded with recruiting offers from UAE-based company Darkmatter, which bills itself as a major state security contractor -- but people who've taken the bait say they were then told that they were being hired to weaponize huge arsenals of zero-day vulnerabilities so that the UAE can subject its own population to fine-grained, continuous surveillance. Read the rest

Audit reveals significant vulnerabilities in Truecrypt and its successors

Veracrypt was created to fill the vacuum left by the implosion of disk-encryption tool Truecrypt, which mysteriously vanished in 2014, along with a "suicide note" (possibly containing a hidden message) that many interpreted as a warning that an intelligence agency had inserted a backdoor into the code, or was attempting to force Truecrypt's anonymous creators to do so. Read the rest

Digital Defenders: a free open-licensed booklet for kids about privacy and crypto

European Digital Rights has created a free, CC-licensed kids' booklet about privacy called Digital Defenders. Read the rest

Wikileaks: a "state party" has cut off Julian Assange's primary internet access

Late yesterday, the @wikileaks account tweeted "Julian Assange's internet link has been intentionally severed by a state party. We have activated the appropriate contingency plans." Read the rest

Cryptpad: a free/open, end-to-end encrypted, zero-knowledge shared text editor

Tools like Etherpad and Google Docs are transformative ways to collaborate on text (including code); I've used them in contexts as varied as making unofficial transcripts of statements at UN agencies to liveblogging conference presentations -- but they all share a weakness, which is that whomever owns the document server can see everything you're typing. Read the rest

Xiaomi phones are pre-backdoored; your apps can be silently overwritten

Thijs Broenink audited the AnalyticsCore.apk app that ships pre-installed on all Xiaomi phones (Xiaomi has their own Android fork with a different set of preinstalled apps) and discovered that the app, which seemingly serves no useful purpose, allows the manufacturer to silently install other code on your phone, with unlimited privileges and access. Read the rest

Join me at EFF's 25th Pioneer Awards in San Francisco next Wednesday

Nicole from EFF writes, "The Electronic Frontier Foundation is excited to host the 2016 Pioneer Awards in San Francisco next Wednesday, September 21 at Delancey Street’s Town Hall Room." Read the rest

More posts