Zuckerberg announces a comprehensive plan for a new, privacy-focused Facebook, but fails to mention data sharing and ad targeting

Mark Zuckerberg's 3,000 word blog post about his plan to create a parallel set of Facebook services that contain long-overdue privacy protections has plenty to please both the regulators who are increasingly ready to fine the company billions and possibly even break it up, but also privacy advocates who will rightly cheer the announcement that the service will be increasing its end-to-end encryption offerings, only storing data in countries with good track records on human rights and the rule of law, and allowing users to mark some of their conversations as ephemeral, designed to be permanently deleted after a short while. Read the rest

A finance industry group is pushing an intentionally broken cryptography "standard" called ETS

ETS was originally called "Enterprise TLS," implying that it was an "enterprise-grade" version of TLS, the system used to secure internet sessions (if you visit a URL that starts with "https://", it's being protected with TLS). Read the rest

This is bad: the UAE's favorite sleazeball cybermercenaries have applied for permission to break Mozilla's web encryption

Remember Darkmatter, the UAE-based cybermercenaries who worked with the beltway bandit firm Cyberpoint to recruit ex-NSA spies to infiltrate and expose dissidents, journalists, even children who opposed the despotic regime in the Emirates? (Darkmatter is also one of the least-discriminating cybermercenary bands in the world, available to help torturers, murderers and thugs hang onto power by attacking opposition movements and letting the secret police know who to arrest, torture and kill). Read the rest

Installing a root certificate should be MUCH scarier

The news that Facebook had spent years paying teens to install a surveillance kit called "Facebook Research" had a key detail: as part of the program, Facebook had its users install a new "root certificate." Read the rest

How a cryptographer uses a key engraver

Legendary cryptographer and security researcher Matt Blaze (previously) somehow acquired a key engraver and now he's "using it to engrave entirely serious labels on my keys that are not in any way ironic or confusing." Read the rest

XKCD on the dishonesty implicit in the sharing options in social media

The latest XKCD strip, "Sharing Options/#2016" is a brilliant and trenchant surfacing of the hidden rhetoric of social media, where your options are "permanently share with billions of people, including internet scammers, random predatory companies, and hostile foreign governments" or "a small set of 300 or so approved friends," and when this is questioned, the social media companies profess an inability to understand what other options could exist. Read the rest

El Chapo went down because his sysadmin sold him out

Here's something to remember come the next Sysadmin Appreciation Day: Mexican drug lord El Chapo was only caught because his systems administrator flipped and started working for the feds, backdooring El Chapo's comms infrastructure and providing the cops with the decryption keys needed to eavesdrop on El Chapo's operations. Read the rest

Debunking "ghost users": MI5's plan to backdoor all secure messaging platforms

When lawmakers and cops propose banning working cryptography (as they often do in the USA), or ban it outright (as they just did in Australia), they are long on talk about "responsible encryption" and the ability of sufficiently motivated technologists to "figure it out" and very short on how that might work -- but after many years, thanks to the UK's spy agency MI5, we have a detailed plan of what this system would look like, and it's called "ghost users." Read the rest

Podcast: "Sole and Despotic Dominion" and "What is the Internet For?"

Here's my reading (MP3) of my Locus column, "What is the Internet For?" (which asks, "Is the internet a revolutionary technology?") and my short story for the fiftieth anniversary of Reason Magazine, Sole and Despotic Dominion, which builds on my 2015 Guardian column, If Dishwashers Were iPhones.

MP3 Read the rest

Sennheiser's headphone drivers covertly changed your computer's root of trust, leaving you vulnerable to undetectable attacks

Your computer ships with a collection of trusted cryptographic certificates, called its "root of trust," which are consulted to verify things like SSL connections and software updates. Read the rest

The internet is made up of revolutionary technologies, but isn't revolutionary

My latest Locus Magazine column is What the Internet Is For: it describes the revolutionary principle (end-to-end communications) and technologies (general purpose computers, strong cryptography) that undergird the net, but also cautions that these are, themselves, not sufficient to revolutionize the world. Read the rest

My keynote for Ethereum Devcon: without the rule of law, crypto fails

I was one of the keynote speakers at last week's Ethereum Devcon in Prague, where I gave a talk called "Decentralize, Democratize, or Die," about the way that bad tech policy (crypto backdoors, the DMCA's ban on security disclosures, etc) come from weak states where the super-rich get to call the shots, and how things like money-laundering creates these weak states. The core message: if you don't figure out how to make more pluralistic, less plutocratic states, you will never get the kind of information security you need for your blockchain systems to thrive. Read the rest

Consumer Reports finds that D-Link's home camera sends unencrypted video without unique passwords

As part of its ongoing commitment to evaluate information security and privacy when reviewing IoT devices (previously), Consumer Reports has published a scathing review of D-Link's home security camera. Read the rest

Signal's new "Sealed Sender" will hide your identity from Signal

A new feature on the encrypted messaging platform Signal, "Sealed Sender," will hide your identity from Signal itself, so that if the company is ever compromised, it will not be able to reveal who sent messages to whom. Read the rest

EFF and McSweeney's collaborated on a publication: "The End of Trust"

The End of Trust will be McSweeney's issue 54, the first-ever all-nonfiction issue of McSweeney's, with more than 30 contributions on "surveillance in the digital age." Read the rest

Oh for fuck's sake, not this fucking bullshit again (cryptography edition)

America, Canada, New Zealand, the UK and Australia are in a surveillance alliance called The Five Eyes, through which they share much of their illegally harvested surveillance data. Read the rest

Wickr announces a firewall-circumventing tool to help beat national censorship regimes

Wickr, a private, secure messaging company, has teamed up with Psiphon (previously), a spinout from Citizen Lab (previously) to allow its users to communicate even when they are behind national firewalls. Read the rest

More posts