Boing Boing 

Citizenfour: all it's cracked up to be and more

I've been travelling continuously since September, and that means that despite my best efforts, I haven't been able to see Citizenfour, Laura Poitras's storied Edward Snowden documentary -- until last night.

Read the rest

NSA can wiretap Skype wholesale

Another gem from the latest Der Spiegel NSA leaks: the NSA can listen in on all Skype traffic and read Skype messages, because Microsoft hands over its keys.

Read the rest

FBI can secretly spy on Americans even if its useless oversight court says no


In theory, the FBi needs to get the FISA court to sign off on requests for secret warrants to spy on Americans -- in practice, it almost always rubberstamps those requests. But on the rare occasions when the FISA court says no, the FBI just gets a National Security Letter (AKA "the other secret warrant") and gets spying.

Read the rest

New NSA leaks: does crypto still work?


Matthew Green's got an excellent postmortem on the huge dump of NSA docs Der Spiegel last weekend.

Read the rest

NSA dumps incriminating documents on Christmas Eve


At 1:30pm on Christmas Eve, the NSA dumped a huge cache of documents on its website in response to a long-fought ACLU Freedom of Information Act request, including documents that reveal criminal wrongdoing.

Read the rest

Algorithmically evolved masks that appear as faces to facial-recognition software


Sterling Crispin uses evolutionary algorithms to produce masks that satisfy facial recognition algorithms: "my goal is to show the machine what it’s looking for, to hold a mirror up to the all-seeing eye of the digital-panopticon we live in and let it stare back into its own mind."

Read the rest

Crypto-Santa: use onion routing to anonymize gifts at your Xmas party

Dmytri writes, "Add a crypto wrinkle to your Kris Kringle! Make your Secret Santa even more secret with the magic of Onion Wrapping!"

Read the rest

Google's end-to-end email encryption moves to Github

Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.

Read the rest

UK cops demand list of attendees at university fracking debate


Canterbury Christ Church University refused to give the Kent police a list of the attendees at a debate on fracking, despite the cops insistence that they needed to have the names to assess "the threat and risk for significant public events in the county to allow it to maintain public safety."

Read the rest

Over 700 million people have taken steps to improve privacy since Snowden


As Schneier points out, the way this is spun ("only 39% of people did something because of Snowden") is bullshit: the headline number is that more than 700 million people are in the market for a product that barely exists, and that could make more money than Facebook if you get it right.

Read the rest

We know you love privacy, Judge Posner. We just wish you'd share.


As I wrote yesterday, 7th circuit judge Richard Posner's views on privacy (basically: "nothing to fear, nothing to hide" and "it should be illegal to made a phone the government can't search") are dismal and unsophisticated -- but they're also deeply hypocritical.

Read the rest

Blackphone announces privacy-oriented app store


Blackphone, the Swiss-based, secure hardware/OS mobile phone from PGP inventor Phil Zimmerman has announced that it will provide a store with privacy-oriented apps that are sandboxed to minimize data-misuse.

Read the rest

Judge Posner: it should be illegal to make phones the government can't search

Cory Doctorow on why privacy is about more than concealing crime—and why backdoors are inevitably available to everyone, not just people you trust.Read the rest

Spies can't make cyberspace secure AND vulnerable to their own attacks


In his Sunday Observer column, John Naughton makes an important point that's hammered home by the escape of the NSA/GCHQ Regin cyberweapon into the wild: spies who make war on the Internet can't be trusted with its security.

Read the rest

Stats-based response to UK Tories' call for social media terrorism policing


David Cameron wants social media companies to invent a terrorism-detection algorithm and send all the "bad guys" it detects to the police -- but this will fall prey to the well-known (to statisticians) "paradox of the false positive," producing tens of thousands of false leads that will drown the cops.

Read the rest

Fellowships available in security usability

The Open Technology Fund and Simply Secure are offering fellowships to researchers who seek funding to work on usability in privacy and security technology.

Read the rest

Irish government retroactively legalizes GCHQ surveillance revealed in Snowden docs

As reported by The Irish Times on Saturday, 6th December; "Foreign law enforcement agencies will be allowed to tap Irish phone calls and intercept emails under a statutory instrument signed into law by Minister for Justice Frances Fitzgerald."

Read the rest

Senator Ron Wyden introduces a bill banning FBI backdoors


It's a legislative shot across the bow of the FBI, who are demanding back-doors in phones and other devices, claiming "children will die" unless our pocket supercomputers are designed to allow untrusted parties to secretly take them over.

Read the rest

NSA leak reveal plans to subvert mobile network security around the world


The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security.

Read the rest

Make yourself doxx-resistant by opting out of data-brokers

It's an incredibly arduous, tedious, and deliberately unfriendly process, but you can, in fact, opt out of the data-brokers that are most commonly used to doxx people, uncovering their home addresses, work details, and so on (but beware, you have to do this on a more-or-less monthly basis to stay out of their databases).

Read the rest

Glenn Greenwald: NSA-proofing your product is good for business


Just because Congress can't even pass minimal NSA reform, it doesn't mean that privacy is dead: American tech companies are NSA-proofing their services because customers are demanding it.

Read the rest

Free encryption training workshops in NYC


Tommy writes, "I'm working with Verso Books (which just published Gabriella Coleman's Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous to provide free encryption workshops to groups in NYC."

Read the rest

Smart Pipe: a design fiction from the Internet of Things dystopia

11 minutes seems like a long ask for a gag video about an Internet-of-Things toilet-analyzer, but man, is it worth it.

Read the rest

EFF backs new nonprofit free certificate authority "Let's Encrypt"

It will be overseen by Internet Security Research Group with backing from EFF, Mozilla, Cisco, Akamai and others, and will offer free HTTPS certificates to all comers, making it radically easier and cheaper to encrypt the Web and make it resistant to mass surveillance.

Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol—in contrast to HTTP—encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection.

The new Let's Encrypt project aims to solve that. Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.

Let's Encrypt

New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic [EFF]

EFF makes DoJ admit it lied in court about FBI secret warrants

Department of Justice lawyers told a judge that when the FBI gives one of its secret National Security Letters to a company, the company is allowed to reveal the NSL's existence and discuss its quality -- it lied.

Read the rest

ISPs caught sabotaging their customers' email encryption


Ever since 2013, when the Electronic Frontier Foundation started shaming email providers that did not encrypt their customers' email, more and more mail providers have turned on STARTTLS, which protects email in transit from snooping, without requiring users to take any additional steps.

Read the rest

Random Darknet Shopper: Internet art randomly spends $100/wk of Bitcoin in darknet


It's part of a Swiss gallery exhibit called The Darknet: From Memes to Onionland, where all the random junk the algorithm buys (from ecstasy to fire brigade master-keys to boxed Tolkien sets) are displayed.

Read the rest

New Firefox has a "Forget" button

It allows you to erase your browser history/cookies for 5 minutes, 2 hours, or 1 day, in case you want your browser to be able to unsee wherever it is that you've blundered into.

Read the rest

Cyberwar's hidden victims: NGOs


A new report from the storied Citizen Lab at the University of Toronto documents the advanced, persistent threats levied against civil society groups and NGOs -- threats that rival those facing any government or Fortune 100 company, but whose targets are much less well-equipped to defend themselves.

Read the rest

Expat activists and journalists leave USA for Berlin's safety

From Laura Poitras to Jacob Appelbaum to Sarah Harrison, Berlin has become a haven for American journalists, activists and whistleblowers who fear America's unlimited appetite for surveillance and put their trust in Germany's memory of the terror of the Stasi.

Read the rest