In 2015, Mozilla announced that it would turn Thunderbird -- one of the last freestanding, cross-platform email clients -- into a freestanding, independent project, and in 2017, Thunderbird became a community-overseen project with institutional backing from Moz.
Read the rest
It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out.
Read the rest
A group of researchers have published a paper and associated website describing a clever attack on encrypted email that potentially allows an attacker to read encrypted emails sent in the past as well as current and future emails; EFF has recommended switching off PGP-based email encryption for now, to prevent attackers from tricking your email client into decrypting old emails and sending them to adversaries.
Read the rest
W Aaron Waychoff, creator of the Falsom Upside-Down ⊥ "Resist" campaign, was inspired by this 2016 post; he writes, "I've made a proof-of-concept encrypting digital camera based on the open source, widely adoped GnuPG. This project uses public key encryption to encrypt every photo the camera takes before writing the encrypted version to memory. Of particular note, there are absolutely no UI changes over what an ordinary point-and-shoot camera provides. No extra keyboards or touch screens are needed as no passwords need be entered." Read the rest
Jeff sez, "Tuts+ has made my six part introduction to PGP encryption, email and networking privacy available to readers for free." Read the rest
Gnu Privacy Guard (GPG, the free/open version of PGP) relies on donations to pay developers to keep the project alive and viable; as one of its millions of users, I am grateful and indebted to the people who keep it alive and that's why I've just donated to the project. Read the rest
Google has announced support for end-to-end encryption with Gmail, a major step for privacy and a major blow against mass surveillance. Gmail users who install free and open Chrome plugin will be able to send and receive messages that can only be read by people who have their intended recipients' passphrase, and not Google -- meaning that even if the NSA legally or covertly taps into Google's data-centers, they won't be able to read mail that's encrypted with the End-to-End plugin.
This is marvellous news. There is already support for Gnu Privacy Guard (GPG) and Pretty Good Privacy (PGP) in Gmail, through Firefox plugin or Chrome plugin, but long experience has shown that many people are confused by PGP/GPG in its current state.
What's more, Google has explicitly tied this to the Reset the Net campaign (in which Boing Boing is a partner), a global day commemorating the Snowden leaks and calling for an Internet that is made strong and secure from mass spying. Read the rest