EFF and McSweeney's collaborated on a publication: "The End of Trust"

The End of Trust will be McSweeney's issue 54, the first-ever all-nonfiction issue of McSweeney's, with more than 30 contributions on "surveillance in the digital age." Read the rest

Oh for fuck's sake, not this fucking bullshit again (cryptography edition)

America, Canada, New Zealand, the UK and Australia are in a surveillance alliance called The Five Eyes, through which they share much of their illegally harvested surveillance data. Read the rest

Wickr announces a firewall-circumventing tool to help beat national censorship regimes

Wickr, a private, secure messaging company, has teamed up with Psiphon (previously), a spinout from Citizen Lab (previously) to allow its users to communicate even when they are behind national firewalls. Read the rest

Talking the hard questions of privacy and freedom with the Yale Privacy Lab podcast

This week, I sat down for an hour-long interview with the Yale Privacy Lab's Sean O'Brien (MP3); Sean is a frequent Boing Boing contributor and I was honored that he invited me to be his guest on the very first episode of the Lab's new podcast. Read the rest

EFF has released STARTTLS Everywhere: free tools to encrypt email between mail servers

When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest

Help Wanted: a new executive director for Simply Secure, a nonprofit focused on usability in crypto tools

For several years, I've been honored to volunteer on the advisory board of Simply Secure (previously) a nonprofit consultancy that does open research on usability in cryptographic privacy tools and consults with firms to help make their tools more broadly usable and accessible, especially for vulnerable groups who are often left out of consideration when secure tools are being designed. Read the rest

Telegram: ever since Russia's blocking demand, Apple has prevented us from updating our app

Last April, the Kremlin ordered a ban on the private messaging app Telegram, blocking millions of IP addresses that formed Amazon and Google's clouds in order to prevent users from accessing the service; not only was it an ominous moment in the evolution of the internet as a system for oppressive control, it was also an object lesson in how internet concentration has made the internet more susceptible to censorship and control. Read the rest

The FBI's mountain of uncrackable crimephones was nearly entirely imaginary

The FBI has been trying to ban working cryptography since the Clinton years, a losing battle whose stakes go up with each passing day as the number of devices that depend on working crypto to secure them and their users goes up and up and up. Read the rest

Efail: can email be saved?

The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? Read the rest

A vital guide to the Canadian encryption debate

Canada's two leading digital rights groups, CIPPIC (previously) and Citizen Lab (previously) have issued a joint report called Shining a Light on the Encryption Debate: A Canadian Field Guide , and every Canadian should read it. Read the rest

"Phooey": a pre-eminent cryptographer responds to Ray Ozzie's key escrow system

I have a lot of respect for ex-Microsoft Chief Software Architect Ray Ozzie, but when I saw that he'd taken to promoting a Clipper-Chip-style key escrow system, I was disheartened -- I'm a pretty keen observer of these proposals and have spent a lot of time having their problems explained to me by some of the world's leading cryptographers, and this one seemed like it had the same problems as all of those dead letters. Read the rest

It's 2018, and Google just proposed an instant messaging tool with no encryption

It's 2018, five years after Edward Snowden's documents revealed the scope of US and allied mass surveillance; after a string of revelations about creepy private-sector cyber-arms-dealers who sell spying tools to stalkers, criminals, and autocratic governments, Google has proposed "Chat," a new Android standard for instant messaging with no encryption and hence zero protection against snooping. Read the rest

The upside of big tech is Russia vs Telegram, but the downside is Cloudflare vs SESTA

Yesterday, I wrote about the way that tech-sector concentration was making it nearly impossible for Russia to block the encrypted messaging service Telegram: because Telegram can serve its traffic through giant cloud providers like Amazon, Russia can only block Telegram by blocking everyone else who uses Amazon. Read the rest

Cities' emergency sirens will play anything you send them over an unencrypted radio protocol

It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest

You can unscramble the hashes of humanity's 5 billion email addresses in ten milliseconds for $0.0069

Marketing companies frequently "anonymize" their dossiers on internet users using hashes of their email addresses -- rather than the email addresses themselves -- as identifiers in databases that are stored indefinitely, traded, sold, and leaked. Read the rest

Even if governments backdoor crypto, they still won't be able to spy on terrorists

In a paper published by the International Association for Cryptologic Research, a group of Harvard and MIT cryptographers demonstrate that even if the government were to backdoor encryption and lock up anyone who used non-backdoored systems, people could still hide undetectable, secure, private messages within the messages sent over the compromised systems. Read the rest

Cloudflare's 1.1.1.1: an encrypted, privacy-protecting DNS service

Cloudflare, a company with a history of resisting surveillance and censorship orders (albeit imperfectly and sometimes with undesirable consequences) has announced a new DNS service, hosted at the easy-to-remember address of 1.1.1.1, which accepts connections under the still-novel DNS-over-HTTPS protocol, and which has privacy designed in, with all logs written only to RAM (never to disk) and flushed every 24 hours. Read the rest

More posts