It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out. Read the rest

A group of researchers have published a paper and associated website describing a clever attack on encrypted email that potentially allows an attacker to read encrypted emails sent in the past as well as current and future emails; EFF has recommended switching off PGP-based email encryption for now, to prevent attackers from tricking your email client into decrypting old emails and sending them to adversaries. Read the rest

W Aaron Waychoff, creator of the Falsom Upside-Down ⊥ "Resist" campaign, was inspired by this 2016 post; he writes, "I've made a proof-of-concept encrypting digital camera based on the open source, widely adoped GnuPG. This project uses public key encryption to encrypt every photo the camera takes before writing the encrypted version to memory. Of particular note, there are absolutely no UI changes over what an ordinary point-and-shoot camera provides. No extra keyboards or touch screens are needed as no passwords need be entered." Read the rest

Thunderbird is one of the last robust email clients, a must-have for people who don't want to use webmail or leave their mail on a server, waiting to be hacked and dumped -- but for years, it has been on deathwatch, as the Mozilla Foundation looked for another organization to take it over. Read the rest

The Mozilla Foundation stopped active development of the Thunderbird stand-alone email client in 2012, a year before Edward Snowden's revelations about mass email interception by spy agencies sparked an exodus from webmail platforms. Read the rest

Jeff sez, "Tuts+ has made my six part introduction to PGP encryption, email and networking privacy available to readers for free." Read the rest

The update allows users to post their public email encryption key on their Facebook profile, so others can encrypt future emails to that user.

Gnu Privacy Guard (GPG, the free/open version of PGP) relies on donations to pay developers to keep the project alive and viable; as one of its millions of users, I am grateful and indebted to the people who keep it alive and that's why I've just donated to the project. Read the rest

Google has announced support for end-to-end encryption with Gmail, a major step for privacy and a major blow against mass surveillance. Gmail users who install free and open Chrome plugin will be able to send and receive messages that can only be read by people who have their intended recipients' passphrase, and not Google -- meaning that even if the NSA legally or covertly taps into Google's data-centers, they won't be able to read mail that's encrypted with the End-to-End plugin.

This is marvellous news. There is already support for Gnu Privacy Guard (GPG) and Pretty Good Privacy (PGP) in Gmail, through Firefox plugin or Chrome plugin, but long experience has shown that many people are confused by PGP/GPG in its current state.

What's more, Google has explicitly tied this to the Reset the Net campaign (in which Boing Boing is a partner), a global day commemorating the Snowden leaks and calling for an Internet that is made strong and secure from mass spying. Read the rest