Australia just voted to ban working cryptography. No, really.

Remember when Malcolm Turnbull, the goddamned idiot who was briefly Prime Minister of Australia, was told that the laws of mathematics mean that there was no way to make a cryptography system that was weak enough that the cops could use to spy on bad guys, but strong enough that the bad guys couldn't use it to spy on cops, and he said: "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." Read the rest

The internet is made up of revolutionary technologies, but isn't revolutionary

My latest Locus Magazine column is What the Internet Is For: it describes the revolutionary principle (end-to-end communications) and technologies (general purpose computers, strong cryptography) that undergird the net, but also cautions that these are, themselves, not sufficient to revolutionize the world. Read the rest

My keynote for Ethereum Devcon: without the rule of law, crypto fails

I was one of the keynote speakers at last week's Ethereum Devcon in Prague, where I gave a talk called "Decentralize, Democratize, or Die," about the way that bad tech policy (crypto backdoors, the DMCA's ban on security disclosures, etc) come from weak states where the super-rich get to call the shots, and how things like money-laundering creates these weak states. The core message: if you don't figure out how to make more pluralistic, less plutocratic states, you will never get the kind of information security you need for your blockchain systems to thrive. Read the rest

Steganographically hiding secret messages in fake fingerprints

In Towards Construction Based Data Hiding: From Secrets to Fingerprint Images , published in IEEE Transactions on Image Processing (Sci-Hub Mirror), two Fudan University computer scientists propose a fascinating method for hiding encrypted messages in fake fingerprints that are both visually and computationally difficult to distinguish from real ones, which could theoretically allow the use of fingerprint databases to convey secret messages. Read the rest

Audio represetation of Bitcoin's price history

As the price goes up and down, the generated audio tone changes in this interesting and insightful audio piece!

I'd been looking for a used video card over the last couple of weeks, but gave up despite the amazing prices being listed. The eBayers are unresponsive to questions and the Craigslist sellers talk like drug dealers. That $225 GTX 1070 you have your eye on is being pulled from a mining rig where it's spent months running 24/7, accumulating all the grease, fur and pain that will be its only friends in the bubble mailer it will be sent to you in.

I ended up ordering this from Amazon despite the still-outrageous price of new video cards. Read the rest

Incoherence, multiplied: Sony announces nebulous "blockchain for DRM"

Sony -- whose most notorious DRM foray infected millions of computers with malware -- has announced an incoherent plan to use blockchain to make DRM work, somehow. Read the rest

Google releases Android encrypted DNS app that will help beat censorship

Google sister-company Jigsaw (previously) has released an Android app called Intra that encrypts DNS queries, which allows Android users to bypass one of the most common forms of internet censorship. Read the rest

Standard Notes: free, open, cross-platform, encrypted, eternal note-taking app

With Evernote's business on the rocks, a lot of people are waking up to the fact that commercial, proprietary cloud systems work great (easy, well-supported) but fail badly (lock-in, sudden bankruptcy, loss of years' worth of important data). Read the rest

EFF and McSweeney's collaborated on a publication: "The End of Trust"

The End of Trust will be McSweeney's issue 54, the first-ever all-nonfiction issue of McSweeney's, with more than 30 contributions on "surveillance in the digital age." Read the rest

Oh for fuck's sake, not this fucking bullshit again (cryptography edition)

America, Canada, New Zealand, the UK and Australia are in a surveillance alliance called The Five Eyes, through which they share much of their illegally harvested surveillance data. Read the rest

All versions of Openssh share a critical vulnerability, including embedded code that will never be updated

Every version of the popular Openssh program -- a critical, widely used tool for secure communications -- share a critical vulnerability that was present in the program's initial 1999 release. Read the rest

Talking the hard questions of privacy and freedom with the Yale Privacy Lab podcast

This week, I sat down for an hour-long interview with the Yale Privacy Lab's Sean O'Brien (MP3); Sean is a frequent Boing Boing contributor and I was honored that he invited me to be his guest on the very first episode of the Lab's new podcast. Read the rest

EFF has released STARTTLS Everywhere: free tools to encrypt email between mail servers

When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest

Help Wanted: a new executive director for Simply Secure, a nonprofit focused on usability in crypto tools

For several years, I've been honored to volunteer on the advisory board of Simply Secure (previously) a nonprofit consultancy that does open research on usability in cryptographic privacy tools and consults with firms to help make their tools more broadly usable and accessible, especially for vulnerable groups who are often left out of consideration when secure tools are being designed. Read the rest

Efail: instructions for using PGP again as safely as is possible for now

It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out. Read the rest

Efail: can email be saved?

The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? Read the rest

"Phooey": a pre-eminent cryptographer responds to Ray Ozzie's key escrow system

I have a lot of respect for ex-Microsoft Chief Software Architect Ray Ozzie, but when I saw that he'd taken to promoting a Clipper-Chip-style key escrow system, I was disheartened -- I'm a pretty keen observer of these proposals and have spent a lot of time having their problems explained to me by some of the world's leading cryptographers, and this one seemed like it had the same problems as all of those dead letters. Read the rest

More posts