El Chapo went down because his sysadmin sold him out

Here's something to remember come the next Sysadmin Appreciation Day: Mexican drug lord El Chapo was only caught because his systems administrator flipped and started working for the feds, backdooring El Chapo's comms infrastructure and providing the cops with the decryption keys needed to eavesdrop on El Chapo's operations. Read the rest

Debunking "ghost users": MI5's plan to backdoor all secure messaging platforms

When lawmakers and cops propose banning working cryptography (as they often do in the USA), or ban it outright (as they just did in Australia), they are long on talk about "responsible encryption" and the ability of sufficiently motivated technologists to "figure it out" and very short on how that might work -- but after many years, thanks to the UK's spy agency MI5, we have a detailed plan of what this system would look like, and it's called "ghost users." Read the rest

Podcast: "Sole and Despotic Dominion" and "What is the Internet For?"

Here's my reading (MP3) of my Locus column, "What is the Internet For?" (which asks, "Is the internet a revolutionary technology?") and my short story for the fiftieth anniversary of Reason Magazine, Sole and Despotic Dominion, which builds on my 2015 Guardian column, If Dishwashers Were iPhones.

MP3 Read the rest

Sennheiser's headphone drivers covertly changed your computer's root of trust, leaving you vulnerable to undetectable attacks

Your computer ships with a collection of trusted cryptographic certificates, called its "root of trust," which are consulted to verify things like SSL connections and software updates. Read the rest

The internet is made up of revolutionary technologies, but isn't revolutionary

My latest Locus Magazine column is What the Internet Is For: it describes the revolutionary principle (end-to-end communications) and technologies (general purpose computers, strong cryptography) that undergird the net, but also cautions that these are, themselves, not sufficient to revolutionize the world. Read the rest

My keynote for Ethereum Devcon: without the rule of law, crypto fails

I was one of the keynote speakers at last week's Ethereum Devcon in Prague, where I gave a talk called "Decentralize, Democratize, or Die," about the way that bad tech policy (crypto backdoors, the DMCA's ban on security disclosures, etc) come from weak states where the super-rich get to call the shots, and how things like money-laundering creates these weak states. The core message: if you don't figure out how to make more pluralistic, less plutocratic states, you will never get the kind of information security you need for your blockchain systems to thrive. Read the rest

Consumer Reports finds that D-Link's home camera sends unencrypted video without unique passwords

As part of its ongoing commitment to evaluate information security and privacy when reviewing IoT devices (previously), Consumer Reports has published a scathing review of D-Link's home security camera. Read the rest

Signal's new "Sealed Sender" will hide your identity from Signal

A new feature on the encrypted messaging platform Signal, "Sealed Sender," will hide your identity from Signal itself, so that if the company is ever compromised, it will not be able to reveal who sent messages to whom. Read the rest

EFF and McSweeney's collaborated on a publication: "The End of Trust"

The End of Trust will be McSweeney's issue 54, the first-ever all-nonfiction issue of McSweeney's, with more than 30 contributions on "surveillance in the digital age." Read the rest

Oh for fuck's sake, not this fucking bullshit again (cryptography edition)

America, Canada, New Zealand, the UK and Australia are in a surveillance alliance called The Five Eyes, through which they share much of their illegally harvested surveillance data. Read the rest

Wickr announces a firewall-circumventing tool to help beat national censorship regimes

Wickr, a private, secure messaging company, has teamed up with Psiphon (previously), a spinout from Citizen Lab (previously) to allow its users to communicate even when they are behind national firewalls. Read the rest

Talking the hard questions of privacy and freedom with the Yale Privacy Lab podcast

This week, I sat down for an hour-long interview with the Yale Privacy Lab's Sean O'Brien (MP3); Sean is a frequent Boing Boing contributor and I was honored that he invited me to be his guest on the very first episode of the Lab's new podcast. Read the rest

EFF has released STARTTLS Everywhere: free tools to encrypt email between mail servers

When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest

Help Wanted: a new executive director for Simply Secure, a nonprofit focused on usability in crypto tools

For several years, I've been honored to volunteer on the advisory board of Simply Secure (previously) a nonprofit consultancy that does open research on usability in cryptographic privacy tools and consults with firms to help make their tools more broadly usable and accessible, especially for vulnerable groups who are often left out of consideration when secure tools are being designed. Read the rest

Telegram: ever since Russia's blocking demand, Apple has prevented us from updating our app

Last April, the Kremlin ordered a ban on the private messaging app Telegram, blocking millions of IP addresses that formed Amazon and Google's clouds in order to prevent users from accessing the service; not only was it an ominous moment in the evolution of the internet as a system for oppressive control, it was also an object lesson in how internet concentration has made the internet more susceptible to censorship and control. Read the rest

The FBI's mountain of uncrackable crimephones was nearly entirely imaginary

The FBI has been trying to ban working cryptography since the Clinton years, a losing battle whose stakes go up with each passing day as the number of devices that depend on working crypto to secure them and their users goes up and up and up. Read the rest

Efail: can email be saved?

The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? Read the rest

More posts