Boing Boing 

UK cops demand list of attendees at university fracking debate


Canterbury Christ Church University refused to give the Kent police a list of the attendees at a debate on fracking, despite the cops insistence that they needed to have the names to assess "the threat and risk for significant public events in the county to allow it to maintain public safety."

Read the rest

Over 700 million people have taken steps to improve privacy since Snowden


As Schneier points out, the way this is spun ("only 39% of people did something because of Snowden") is bullshit: the headline number is that more than 700 million people are in the market for a product that barely exists, and that could make more money than Facebook if you get it right.

Read the rest

We know you love privacy, Judge Posner. We just wish you'd share.


As I wrote yesterday, 7th circuit judge Richard Posner's views on privacy (basically: "nothing to fear, nothing to hide" and "it should be illegal to made a phone the government can't search") are dismal and unsophisticated -- but they're also deeply hypocritical.

Read the rest

Blackphone announces privacy-oriented app store


Blackphone, the Swiss-based, secure hardware/OS mobile phone from PGP inventor Phil Zimmerman has announced that it will provide a store with privacy-oriented apps that are sandboxed to minimize data-misuse.

Read the rest

Judge Posner: it should be illegal to make phones the government can't search

Cory Doctorow on why privacy is about more than concealing crime—and why backdoors are inevitably available to everyone, not just people you trust.

Read the rest

Spies can't make cyberspace secure AND vulnerable to their own attacks


In his Sunday Observer column, John Naughton makes an important point that's hammered home by the escape of the NSA/GCHQ Regin cyberweapon into the wild: spies who make war on the Internet can't be trusted with its security.

Read the rest

Stats-based response to UK Tories' call for social media terrorism policing


David Cameron wants social media companies to invent a terrorism-detection algorithm and send all the "bad guys" it detects to the police -- but this will fall prey to the well-known (to statisticians) "paradox of the false positive," producing tens of thousands of false leads that will drown the cops.

Read the rest

Fellowships available in security usability

The Open Technology Fund and Simply Secure are offering fellowships to researchers who seek funding to work on usability in privacy and security technology.

Read the rest

Irish government retroactively legalizes GCHQ surveillance revealed in Snowden docs

As reported by The Irish Times on Saturday, 6th December; "Foreign law enforcement agencies will be allowed to tap Irish phone calls and intercept emails under a statutory instrument signed into law by Minister for Justice Frances Fitzgerald."

Read the rest

Senator Ron Wyden introduces a bill banning FBI backdoors


It's a legislative shot across the bow of the FBI, who are demanding back-doors in phones and other devices, claiming "children will die" unless our pocket supercomputers are designed to allow untrusted parties to secretly take them over.

Read the rest

NSA leak reveal plans to subvert mobile network security around the world


The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security.

Read the rest

Make yourself doxx-resistant by opting out of data-brokers

It's an incredibly arduous, tedious, and deliberately unfriendly process, but you can, in fact, opt out of the data-brokers that are most commonly used to doxx people, uncovering their home addresses, work details, and so on (but beware, you have to do this on a more-or-less monthly basis to stay out of their databases).

Read the rest

Glenn Greenwald: NSA-proofing your product is good for business


Just because Congress can't even pass minimal NSA reform, it doesn't mean that privacy is dead: American tech companies are NSA-proofing their services because customers are demanding it.

Read the rest

Free encryption training workshops in NYC


Tommy writes, "I'm working with Verso Books (which just published Gabriella Coleman's Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous to provide free encryption workshops to groups in NYC."

Read the rest

Smart Pipe: a design fiction from the Internet of Things dystopia

11 minutes seems like a long ask for a gag video about an Internet-of-Things toilet-analyzer, but man, is it worth it.

Read the rest

EFF backs new nonprofit free certificate authority "Let's Encrypt"

It will be overseen by Internet Security Research Group with backing from EFF, Mozilla, Cisco, Akamai and others, and will offer free HTTPS certificates to all comers, making it radically easier and cheaper to encrypt the Web and make it resistant to mass surveillance.

Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol—in contrast to HTTP—encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection.

The new Let's Encrypt project aims to solve that. Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.

Let's Encrypt

New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic [EFF]

EFF makes DoJ admit it lied in court about FBI secret warrants

Department of Justice lawyers told a judge that when the FBI gives one of its secret National Security Letters to a company, the company is allowed to reveal the NSL's existence and discuss its quality -- it lied.

Read the rest

ISPs caught sabotaging their customers' email encryption


Ever since 2013, when the Electronic Frontier Foundation started shaming email providers that did not encrypt their customers' email, more and more mail providers have turned on STARTTLS, which protects email in transit from snooping, without requiring users to take any additional steps.

Read the rest

Random Darknet Shopper: Internet art randomly spends $100/wk of Bitcoin in darknet


It's part of a Swiss gallery exhibit called The Darknet: From Memes to Onionland, where all the random junk the algorithm buys (from ecstasy to fire brigade master-keys to boxed Tolkien sets) are displayed.

Read the rest

New Firefox has a "Forget" button

It allows you to erase your browser history/cookies for 5 minutes, 2 hours, or 1 day, in case you want your browser to be able to unsee wherever it is that you've blundered into.

Read the rest

Cyberwar's hidden victims: NGOs


A new report from the storied Citizen Lab at the University of Toronto documents the advanced, persistent threats levied against civil society groups and NGOs -- threats that rival those facing any government or Fortune 100 company, but whose targets are much less well-equipped to defend themselves.

Read the rest

Expat activists and journalists leave USA for Berlin's safety

From Laura Poitras to Jacob Appelbaum to Sarah Harrison, Berlin has become a haven for American journalists, activists and whistleblowers who fear America's unlimited appetite for surveillance and put their trust in Germany's memory of the terror of the Stasi.

Read the rest

Some tickets still available for ORG Con, London, Nov 15


Ruth from Open Rights Group sez, "Tickets are selling fast for Open Rights Group's annual digital rights conference, all about debating civil liberties and the Internet: Get yours here.

Read the rest

USPS usage declines, but sloppy postal surveillance is way, way up

Surveillance requests for "postal metadata" climbed 600% in recent years, often undertaken with badly formed or expired warrants.

Read the rest

Potato-chip surveillance: once you start, you just can't stop

The ongoing revelations about UK domestic spying on political activists, continued in some case for decades, and which included an incident in which an undercover police officer fathered a child with the woman he was spying on, illustrate an important point: once you decide someone is suspicious enough to follow around, there's no evidence that you can gather to dispel that suspicion.

Read the rest

Edward Snowden interviewed by Lawrence Lessig

It's a fascinating, hour-long session in which Snowden articulates the case for blowing the whistle, the structural problems that created mass surveillance, and why it's not sufficient to stop the state from using our data -- we should also limit their ability to collect it. The Slashdot post by The Real Hocus Locus provides good timecode-based links into different parts of the talk.

CHP officer who stole and shared nude photos of traffic-stop victim claims "it's a game"

Officer Sean Harrington of Martinez California Highway Patrol says that when he stole nude photos from the cell phone of a woman he'd traffic-stopped and then shared them with other CHP officers, that he was just playing "a game" that is widespead in the force.

Read the rest

Wouldn't it be great if a billboard could actually read your mind?

Said no one, ever. Except, apparently not: the "data scientists" of Posterscope are excited that EE -- a joint venture of T-Mobile and Orange -- will spy on all their users' mobile data to "give profound insights...that were never possible before"

Read the rest

Which crowdfunded privacy routers are worthy of your trust?


After the spectacular rise and fall of Anonabox, a kickstarted $45 router that was supposed to protect your privacy but had its campaign yanked for not being entirely forthright with backers, a spate of shady, silly, and even serious projects have sprung up to fill the demand that Anonabox's $615,000 Kickstarter near-win demonstrated.

Read the rest