/ SUBMIT / SEARCH / STORE / MENU
Cory Doctorow / 2:38 pm Fri, Dec 13, 2019

Large, diverse coalition of civil society groups tell the US, UK and Australian governments not to ban working encryption

Facebook's decision to default to end-to-end encryption for Facebook Messenger prompted the governments of the UK, the USA and Australia to write to Mark Zuckerberg, urging him to delay implementation of the move, warning him that adding working encryption by default would make it harder for spies and cops to do their jobs. Read the rest

Cory Doctorow / 9:28 am Wed, Oct 16, 2019

Edward Snowden on the global war on encryption: "This is our new battleground"

Since the 1990s, governments around the world have waged war on working encryption, arguing that "civilians" should be limited to using crypto with known defects that allow it to be broken, so that "good guys" can chase "bad guys." Read the rest

Cory Doctorow / 12:01 pm Tue, Sep 10, 2019

Creating a "coercion resistant" communications system

Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product. Read the rest

Cory Doctorow / 7:41 am Tue, Apr 24, 2018

It's 2018, and Google just proposed an instant messaging tool with no encryption

It's 2018, five years after Edward Snowden's documents revealed the scope of US and allied mass surveillance; after a string of revelations about creepy private-sector cyber-arms-dealers who sell spying tools to stalkers, criminals, and autocratic governments, Google has proposed "Chat," a new Android standard for instant messaging with no encryption and hence zero protection against snooping. Read the rest

Cory Doctorow / 9:34 am Fri, Jan 13, 2017

A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages -- UPDATED

Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).

When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest

Cory Doctorow / 9:40 am Thu, Nov 17, 2016

Iphones secretly send your call history to Apple's cloud, even after you tell them not to

Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals. Read the rest