A vital guide to the Canadian encryption debate

Canada's two leading digital rights groups, CIPPIC (previously) and Citizen Lab (previously) have issued a joint report called Shining a Light on the Encryption Debate: A Canadian Field Guide , and every Canadian should read it. Read the rest

"Phooey": a pre-eminent cryptographer responds to Ray Ozzie's key escrow system

I have a lot of respect for ex-Microsoft Chief Software Architect Ray Ozzie, but when I saw that he'd taken to promoting a Clipper-Chip-style key escrow system, I was disheartened -- I'm a pretty keen observer of these proposals and have spent a lot of time having their problems explained to me by some of the world's leading cryptographers, and this one seemed like it had the same problems as all of those dead letters. Read the rest

It's 2018, and Google just proposed an instant messaging tool with no encryption

It's 2018, five years after Edward Snowden's documents revealed the scope of US and allied mass surveillance; after a string of revelations about creepy private-sector cyber-arms-dealers who sell spying tools to stalkers, criminals, and autocratic governments, Google has proposed "Chat," a new Android standard for instant messaging with no encryption and hence zero protection against snooping. Read the rest

The upside of big tech is Russia vs Telegram, but the downside is Cloudflare vs SESTA

Yesterday, I wrote about the way that tech-sector concentration was making it nearly impossible for Russia to block the encrypted messaging service Telegram: because Telegram can serve its traffic through giant cloud providers like Amazon, Russia can only block Telegram by blocking everyone else who uses Amazon. Read the rest

Cities' emergency sirens will play anything you send them over an unencrypted radio protocol

It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest

You can unscramble the hashes of humanity's 5 billion email addresses in ten milliseconds for $0.0069

Marketing companies frequently "anonymize" their dossiers on internet users using hashes of their email addresses -- rather than the email addresses themselves -- as identifiers in databases that are stored indefinitely, traded, sold, and leaked. Read the rest

Even if governments backdoor crypto, they still won't be able to spy on terrorists

In a paper published by the International Association for Cryptologic Research, a group of Harvard and MIT cryptographers demonstrate that even if the government were to backdoor encryption and lock up anyone who used non-backdoored systems, people could still hide undetectable, secure, private messages within the messages sent over the compromised systems. Read the rest

Cloudflare's 1.1.1.1: an encrypted, privacy-protecting DNS service

Cloudflare, a company with a history of resisting surveillance and censorship orders (albeit imperfectly and sometimes with undesirable consequences) has announced a new DNS service, hosted at the easy-to-remember address of 1.1.1.1, which accepts connections under the still-novel DNS-over-HTTPS protocol, and which has privacy designed in, with all logs written only to RAM (never to disk) and flushed every 24 hours. Read the rest

How to evaluate secure messengers and decide which one is for you

The Electronic Frontier Foundation is running an excellent series on the potential and pitfalls of secure messaging app -- this is very timely given the ramping up of state surveillance and identity theft, not to mention anyone looking to #DeleteFacebook and transition away from Facebook Messenger. Read the rest

Cops routinely unlock phones with corpses' fingers

Since 2016, when an FBI agent first used a dead suspect's finger to unlock his phone, police forces across the USA have made a routine practice of unlocking phones using suspects and victims' dead fingers, saving big on buying cyberwar tools like Cellebrite's $1500-$3000 unlocker, or Grayshift's $30k/year Graykey. Read the rest

Attacks that unmask anonymous blockchain transactions can be used against everyone who ever relied on the defective technique

In An Empirical Analysis of Traceability in the Monero Blockchain, a group of eminent computer scientists analyze a longstanding privacy defect in the Monero cryptocurrency, and reveal a new, subtle flaw, both of which can be used to potentially reveal the details of transactions and identify their parties. Read the rest

Teen's devastating bug-report on a "tamper-proof" cryptocurrency wallet shows why companies can't be left in charge of bad news about their products

Saleem Rashid is a 15 year old self-taught British programmer who discovered a fatal defect in the Ledger Nano S, an offline cryptocurrency wallet that is marketed as being "tamper-proof." Read the rest

A new government malware company, fronted by Hacking Team's old spokesjerk, says it can spy on Signal and Telegram

Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest

To do at SXSW: Cypherpunks Strike Back! and Cyborg Pride Parade

EFF-Austin's Jon Lebkowsky writes: "Every year while thousands flock to a certain large festival that temporarily colonizes Austin, EFF-Austin throws a honking big geek soiree. Keynote speakers are this year are Caroline Old Coyote and Michael Running Wolf, Native American VR/AR activists who are using technology to preserve their culture and heritage. Additional speakers include EFF Investigative Researcher David Maass discussing police surveillance, government transparency, and legislation in California, former EFF-Austin president Jon Lebkowsky, Carly Rose Jackson with Texans For Voter Choice, and Vikki Goodwin, Democratic candidate for Texas House District 47. Also music by Michael Garfield, Pilgrimess, and UBA, plus custom video game consoles, lockpicking, and cosplay. " Read the rest

Epidemic of cryptojacking can be traced to escaped NSA superweapon

The epidemic of cryptojacking malware isn't merely an outgrowth of the incentive created by the cryptocurrency bubble -- that's just the motive, and the all-important the means and opportunity were provided by the same leaked NSA superweapon that powered last year's Wannacry ransomware epidemic. Read the rest

Excellent explainer: how consensus algorithms (including Bitcoin/blockchain) work

The creation of "public ledgers" -- like blockchain, popularized by Bitcoin -- requires "consensus algorithms" that allow mutually untrusted, uncoordinated parties to agree on a world-readable, distributed list of things (domain names, transactions, title deeds, etc), something that cryptography makes possible in a variety of ways. Read the rest

NERD HARDER! FBI Director reiterates faith-based belief in working crypto that he can break

Working cryptography's pretty amazing: because of its fundamental theoretical soundness, we can trust it to secure the firmware updates to our pacemakers; the conversations we have with our loved ones, lawyers and business colleagues; the financial transactions the world depends on; and the integrity of all sorts of data, communications and transactions. Read the rest

More posts