Boing Boing 

Reasons (not) to trust Apple's privacy promises

Apple's new Ios privacy policy makes some bold promises about their technology's wiretap-resistance, saying that even if Apple wanted to snoop on your messages, they couldn't, but as EFF co-founder John Gilmore points out, Apple's asking you to take an awful lot on faith here.

Read the rest

Privacy for Normal People


My latest Guardian column, Privacy technology everyone can use would make us all more secure, makes the case for privacy technology as something that anyone can -- and should use, discussing the work being done by the charitable Simply Secure foundation that launches today (site is not yet up as of this writing), with the mandate to create usable interfaces to cryptographic tools, and to teach crypto developers how to make their tools accessible to non-technical people.

Read the rest

Comcast blocks Tor (updated)

"Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal; we have the right to terminate, fine, or suspend your account at anytime due to you violating the rules -- Do you have any other questions? Thank you for contacting Comcast."

Read the rest

Feds wanted to fine Yahoo $250K/day for fighting PRISM


We've known since the start that Yahoo fought the NSA's Prism surveillance program tooth-and-nail; but as unsealed court docs show, the Feds made the process into a harrowing ordeal, and sweet-talked gullible judges into dropping the hammer on Y.

Read the rest

W3C hosting a "Web We Want Magna Carta" drafting session at Internet Governance Forum


The Web I want doesn't have DRM in its standards, because the Web I want doesn't believe it's legitimate to design computers so that strangers over a network can give your computer orders that you aren't allowed to know about or override.

Read the rest

Free cybersecurity MOOC


The Open University's "Introduction to Cyber Security" is a free online course -- with optional certificate -- that teaches the fundamentals of crypto, information security, and privacy; I host the series, which starts on Oct 13."

Read the rest

Dragoncon cosplayers team up with EFF to fight for anonymity


It's called "Project Secret Identity," and it's a joint effort with Southeastern Browncoats, ; the Harry Potter Alliance, the Baker Street Babes, Wattpad, , Organization for Transformative Works, and IO9.

Read the rest

Honorable spies anonymously leak NSA/GHCQ-discovered flaws in Tor

Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users.

Read the rest

EFF guide to cell phone use for US protesters

It's a timely update to their 2011 edition, incorporating new Supreme Court precedents that give additional protection to protesters who face arrest while video-recording or otherwise documenting protests -- required reading in a world of #Ferguson.

Read the rest

EU wants Google to extend "right to be forgotten" to global users


Right now, Google blocks "forgotten" articles on EU versions of its site.

Read the rest

White House caught secretly tracking Web visitors with sneaky spyware


They proudly say that they comply with federal privacy law, eschewing cookies, but sneakily use Addthis's "canvas fingerprinting," a product whose other major user is Youporn (but they stopped after they were outed, and the White House didn't).

Read the rest

EFF unveils secure, sharing-friendly, privacy-minded router OS

As promised, the Open Wireless Movement's new sharing-friendly, privacy-minded router operating system was unveiled at HOPE X in New York last weekend.

Read the rest

Snowden: Dropbox is an NSA surveillance target, use Spideroak instead


A remarkable moment from last night's remarkable Snowden video from the Guardian.

Read the rest

Indexing pages that Google must hide from Europeans


The controversial "right to be forgotten" European court ruling has Google removing embarrassing (and worse) search results from search-results served in the EU.

Read the rest

Microsoft says it won't use contents of emails to target ads

Alan sez, "Microsoft is pushing out an update to its privacy policies."

Read the rest

Understanding #DRIP: new spy powers being rammed through UK Parliament


The party line from MPs who are being told by their parties to vote in mass-scale, warrantless surveillance powers is that the law doesn't change anything -- it's a lie.

Read the rest

If you read Boing Boing, the NSA considers you a target for deep surveillance

The NSA says it only banks the communications of “targeted” individuals. Guess what? If you follow a search-engine link to Boing Boing’s articles about Tor and Tails, you’ve been targeted. Cory Doctorow digs into Xkeyscore and the NSA’s deep packet inspection rules.

Read the rest

Seven things you should know about Tor

Tor (The Onion Router) is a military-grade, secure tool for increasing the privacy and anonymity of your communications; but it's been the subject of plenty of fear, uncertainty and doubt.

The Electronic Frontier Foundation's 7 Things You Should Know About Tor debunks some of the most common myths about the service (which even the NSA can't break) and raises some important points about Tor's limitations.

7 Things You Should Know About Tor [Cooper Quintin/EFF]

UK cinemas ban Google Glass from screenings


UK cinema exhibitors -- which already makes a practice of recklessly confiscating mobile phones full of sensitive, unprotected data during preview screenings -- have announced that it will not allow Google Glass wearers into cinemas, lest they commit an act of piracy (Glass has a 45 minute battery life when in recording mode).

Read the rest

Blackphone: a privacy-conscious phone that actually works


The Blackphone is a secure mobile phone whose operating system is based on Android, designed to minimize the amount of data you leak as you move through the world through a combination of encryption and systems design that takes your privacy as its first priority.

Read the rest

Bust card: Constitutionally protected smartphone edition

Now that the Supreme Court has ruled that warrantless smartphone searches are unconstitutional, here's a bust-card for you to print, carry, and commit to memory so that you'll have it to hand when John Law wants to muscle his way into your mobile life.

Read the rest

Nominate for the EFF Pioneer Award

The Electronic Frontier Foundation has opened the nominations for the 2014 Pioneer Award, which celebrates people who have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications. Anyone can nominate, and the winners will be chosen by an independent and august jury. I am enduringly proud to have received the Pioneer Award, along with such luminaries as Limor "Lady Ada" Fried, Bruce Shneier, Bunnie Huang and Aaron Swartz.

NSA helps foreign governments conduct mass surveillance at home


A new release of Snowden's leaked NSA docs detail RAMPART-A, through which the NSA gives foreign governments the ability to conduct mass surveillance against their own populations in exchange for NSA access to their communications. RAMPART-A, is spread across 13 sites, accesses three terabytes/second from 70 cables and networks. It cost US taxpayers $170M between 2011 and 2013, allocated through the NSA's "black budget."

The NSA makes its foreign partners promise not to spy on the USA using its equipment and in return, agrees not to spy on its partners' populations (with "exceptions"). However, as was documented in Glenn Greenwald's indispensable No Place to Hide, the NSA has a simple trick for circumventing any promises not to spy on its partners' populations.

"No Place to Hide" revealed a list of 33 "third party" countries that assist the NSA in conducting mass surveillance, including Saudi Arabia, Israel, Singapore, Ethiopia, and 15 EU member states. These countries do not allow the NSA to spy on their own countries, but the NSA exploits a loophole to conduct this surveillance anyway: it will strike an agreement with Country A, on one end of a high-speed cable not to spy on it population, and with Country B, on the other end of the cable, not to spy on its population, but will conduct mass surveillance of Country A's communications from Country B and vice-versa.

How Secret Partners Expand NSA’s Surveillance Dragnet [Ryan Gallagher/The Intercept]

GCHQ claims right to do warrantless mass interception of all webmail, search and social media


The UK spy agency GCHQ says it doesn't need a warrant to intercept and store all UK social media traffic, search history and webmail because it is headed offshore, so it's "foreign communications". It had kept this interpretation of English and Welsh law a secret until now, and only revealed it after a protracted legal battle with the excellent people at Privacy International and six other civil liberties groups, including Amnesty International, and ACLU.

Read the rest

IRS won't fix database of nonprofits, so it goes dark


Rogue archivist Carl Malamud writes, "Due to inaction by the Internal Revenue Service and the U.S. Congress, Public.Resource.Org has been forced to terminate access to 7,634,050 filings of nonprofit organizations. The problem is that we have been fixing the database, providing better access mechanisms and finding and redacting huge numbers of Social Security Numbers. Our peers such as GuideStar are also fixing their copies of the database."

Read the rest

Erotic fiction written by a privacy-conscious author


Mallory Ortberg (who created the excellent Squicked out alien describes human sex story) has done it again with Erotica Written By Someone With An Appropriate Sense of Privacy.

Read the rest

Canadian Supreme Court's landmark privacy ruling

The Supreme Court of Canada's ruling in R. v. Spencer sets an amazing precedent for privacy that not only reforms the worst practices of Canadian ISPs and telcos; it also annihilates the Tories' plans to weaken Canadian privacy law into insignificance. The Supremes unanimously held that the longstanding practice of carriers voluntarily handing over subscriber data to cops and government agencies without a warrant was unconstitutional.

The court's decision, written by Harper appointed Justice Thomas Cromwell, takes a nuanced view of privacy, and upholds the importance of anonymity as part of the protected right to privacy.

The Harper government is currently pushing two surveillance bills, C-13 and S-4, which would radically expand the practice of "voluntary" disclosure of subscriber data without a warrant. As Michael Geist writes in an excellent explainer, these bills are almost certainly unconstitutional under this ruling and are likely to die or be substantially reformed.

Read the rest

Apple adds privacy-protecting MAC spoofing (when Aaron Swartz did it, it was evidence of criminality)

Apple has announced that it will spoof the MAC addresses emitted by its wireless devices as an anti-tracking measure, a change that, while welcome, is "an umbrella in a hurricane" according to a good technical explainer by the Electronic Frontier Foundation's Jeremy Gillula and Seth Schoen.

Read the rest

US appeals court rules a warrant is required for cell phone location tracking

logo25

Big news in the fight for security and privacy in the US: the 11th Circuit Court of Appeals this week ruled that a warrant is required for cell phone location tracking.

Read the rest

Time-capsule crypto to help journalists protect their sources


Jonathan Zittrain writes, "I published an op-ed in the Boston Globe today musing on the prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions -- such as the passage of time -- are met. I could see libraries and archives offering such technology as part of accepting papers and manuscripts, especially in the wake of the "Belfast Project" situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely."

I'm less enthusiastic about this than Jonathan is. I think calibrating the strength of your time-capsule is very hard. If the NSA might be an order of magnitude faster than the rest of us at brute-force cryptanalysis, that means you need to make your 10-year capsule strong enough to last for 100 years just to be on the safe side. Same goes for proof-of-work.

Read the rest