Sony -- whose most notorious DRM foray infected millions of computers with malware -- has announced an incoherent plan to use blockchain to make DRM work, somehow. Read the rest
Incoherence, multiplied: Sony announces nebulous "blockchain for DRM"
Google releases Android encrypted DNS app that will help beat censorship
Google sister-company Jigsaw (previously) has released an Android app called Intra that encrypts DNS queries, which allows Android users to bypass one of the most common forms of internet censorship. Read the rest
Standard Notes: free, open, cross-platform, encrypted, eternal note-taking app
With Evernote's business on the rocks, a lot of people are waking up to the fact that commercial, proprietary cloud systems work great (easy, well-supported) but fail badly (lock-in, sudden bankruptcy, loss of years' worth of important data). Read the rest
EFF and McSweeney's collaborated on a publication: "The End of Trust"
The End of Trust will be McSweeney's issue 54, the first-ever all-nonfiction issue of McSweeney's, with more than 30 contributions on "surveillance in the digital age." Read the rest
Oh for fuck's sake, not this fucking bullshit again (cryptography edition)
America, Canada, New Zealand, the UK and Australia are in a surveillance alliance called The Five Eyes, through which they share much of their illegally harvested surveillance data. Read the rest
All versions of Openssh share a critical vulnerability, including embedded code that will never be updated
Every version of the popular Openssh program -- a critical, widely used tool for secure communications -- share a critical vulnerability that was present in the program's initial 1999 release. Read the rest
Talking the hard questions of privacy and freedom with the Yale Privacy Lab podcast
This week, I sat down for an hour-long interview with the Yale Privacy Lab's Sean O'Brien (MP3); Sean is a frequent Boing Boing contributor and I was honored that he invited me to be his guest on the very first episode of the Lab's new podcast. Read the rest
EFF has released STARTTLS Everywhere: free tools to encrypt email between mail servers
When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest
Help Wanted: a new executive director for Simply Secure, a nonprofit focused on usability in crypto tools
For several years, I've been honored to volunteer on the advisory board of Simply Secure (previously) a nonprofit consultancy that does open research on usability in cryptographic privacy tools and consults with firms to help make their tools more broadly usable and accessible, especially for vulnerable groups who are often left out of consideration when secure tools are being designed. Read the rest
Efail: instructions for using PGP again as safely as is possible for now
It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out. Read the rest
Efail: can email be saved?
The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? Read the rest
"Phooey": a pre-eminent cryptographer responds to Ray Ozzie's key escrow system
I have a lot of respect for ex-Microsoft Chief Software Architect Ray Ozzie, but when I saw that he'd taken to promoting a Clipper-Chip-style key escrow system, I was disheartened -- I'm a pretty keen observer of these proposals and have spent a lot of time having their problems explained to me by some of the world's leading cryptographers, and this one seemed like it had the same problems as all of those dead letters. Read the rest
Senate confirms Paul Nakasone to head NSA and U.S. Cyber Command
The U.S. Senate today confirmed President Donald Trump’s selection to lead the National Security Agency and U.S. Cyber Command. Paul Nakasone will replace Mike Rogers, who is retiring. Read the rest
It's 2018, and Google just proposed an instant messaging tool with no encryption
It's 2018, five years after Edward Snowden's documents revealed the scope of US and allied mass surveillance; after a string of revelations about creepy private-sector cyber-arms-dealers who sell spying tools to stalkers, criminals, and autocratic governments, Google has proposed "Chat," a new Android standard for instant messaging with no encryption and hence zero protection against snooping. Read the rest
Stego for Skrillex: hiding data in dubstep drops
Ben Cartwright-Cox observed that he could modulate the bass frequencies in electronic dance music/dubstep in a way that was easy to detect with a signal processor and inaudible to his unaided ears, so he wrote some code to hide messages in the wubwubwub. Read the rest
Cities' emergency sirens will play anything you send them over an unencrypted radio protocol
It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest
You can unscramble the hashes of humanity's 5 billion email addresses in ten milliseconds for $0.0069
Marketing companies frequently "anonymize" their dossiers on internet users using hashes of their email addresses -- rather than the email addresses themselves -- as identifiers in databases that are stored indefinitely, traded, sold, and leaked. Read the rest
