social.gl-como.it

Cerca

Elementi taggati con: Encryption

The rocky road to OMEMO by default



Daniel Gultsch, developer of Android XMPP client Conversations, writes,

Why it took us more than two years to enable End-to-End encryption by default: The first in a series of essays leading up to the release of Conversations 2.0



...
The other big hurdle we had to overcome was the adoption rate in clients. If you send OMEMO encrypted messages by default you should have a reasonable expectation that your contact will be able to decrypt the message. Reasonable expectation doesn’t mean that every single client out there has to support it—In an ecosystem with hundreds of small, badly maintained clients that’s just not feasible—but the major clients should at least have a plugin available.
In March 2018 we finally reached the point where every plattform has one or more clients with OMEMO support. Conversations and Zom on Android, ChatSecure on iOS, Psi and Gajim on the desktop. The up and coming desktop client Dino—despite not having had an initial release—already has support for OMEMO as well. And even the webclient JSXC has a plugin available.
Considering the complexity of OMEMO and the fact that most of these clients are developed by people in their spare time, this is actually quite an impressive adoption rate.
...
Moxie Marlinspike, in his 2016 propaganda piece ignorantly bashing XMPP, had one valid point: Enabling end-to-end encryption in a homogenous environment is easier than introducing it in a heterogenous one like Jabber. Nobody is denying that. However, if something is hard to achieve there are two possible approaches: Either try your best and don’t give up, or put your head in the sand and create yet another walled garden that is no different from other proprietary solutions.
Admittedly it has taken us a while to get to a point where we can enable end-to-end encryption by default, but it was worth the effort in that we ended up with something that is different from WhatsApp in more than just marketing.
#xmpp #omemo #conversations #psi #gajim #zom #chatsecure #dino #jsxc #federation #encryption
 



You broke the Internet



Now let's build a GNU one



Details: Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace.

Strongly recommend checking out the source website: http://youbroketheinternet.org/

Some related tags: #internet #surveillance #freesoftware #gnu #linux #security #netsec #crypto #ipfs #gpg #pgp #encryption #cryptocat #mumble #GNS #guix #nix #bittorrent #faceboogle #tor #I2P #otr #librecmc #libreboot #fsf #eff #ccc #pirateparty #pirates #ricochet #gnunet #freenet #android #replicant #grothoff #signal #libresignal #taler #gnutaler #youbroketheinternet #selfhosting #decentralization #selfhosted #tox #xmpp #jitsi #pond #PSYC #Tahoe-LAFS #retroshare #cjdns #onionshare #cryptocat #briar #maidsafe #coreboot #tribler #axolotl #zeroqm #bitmessage #cloud #skype #twitter #microsoft #rhizome #rina #netsukuku #tails #debian #freedombox #freedombone #ethos #qubes #whonix #guixSD #gentoo #zyre #reproduciblebuilds #openwrt #BMX7 #net2o #ethereum #copperheadOS #federation #dns #smtp #dane #blackadder #globaleaks #redphone #2020 #mesh #pulse #heartbeat

#youbroketheinternet

#youbroketheinternet
 

Installing Signal on a Google free phone



I tried to install Singal on my Google free Android phone one year ago and I was shocked when I found out that I had to install Google Play services to use Signal and there was not much info out there how to do it without it.
So now I gave it another try and after almost a whole day I finally did it.
Here is what I did:
I have rooted CyanogenMod 13 on my phone, no Google apps.
- Go to https://microg.org/ (A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.)
- Download and install GmsCore.apk, GsfProxy.apk, FakeStore.apk in this order
- Open the microG Settings and tick both checkboxes for background services
- Reboot your device
- Disable Battery Optimization for microG Services Core in System Settings > Battery > Menu > Battery optimization.
- Go to https://www.apkmirror.com and get an old version of Signal - e.g. v3.20 (you won't be able to sign up with the newest version)
- Install Signal and sign up.
- Now if everything works just download the newest version of Signal and install it.

I hope this helps others.

#android #signal #messaging #encryption #privacy #security #floss #opensource

Open Whisper Systems >> Home

Open Whisper Systems >> Home
 

Installing Signal on a Google free phone



I tried to install Singal on my Google free Android phone one year ago and I was shocked when I found out that I had to install Google Play services to use Signal and there was not much info out there how to do it without it.
So now I gave it another try and after almost a whole day I finally did it.
Here is what I did:
I have rooted CyanogenMod 13 on my phone, no Google apps.
- Go to https://microg.org/ (A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.)
- Download and install GmsCore.apk, GsfProxy.apk, FakeStore.apk in this order
- Open the microG Settings and tick both checkboxes for background services
- Reboot your device
- Disable Battery Optimization for microG Services Core in System Settings > Battery > Menu > Battery optimization.
- Go to https://www.apkmirror.com and get an old version of Signal - e.g. v3.20 (you won't be able to sign up with the newest version)
- Install Signal and sign up.
- Now if everything works just download the newest version of Signal and install it.

I hope this helps others.

#android #signal #messaging #encryption #privacy #security #floss #opensource

Open Whisper Systems >> Home

Open Whisper Systems >> Home
 
#Vaults - #Encryption in Plasma http://cukic.co/2017/02/03/vaults-encryption-in-plasma/ #kde #plasma #gnu #linux

Vaults - Encryption in Plasma | Ivan Čukić

Five years ago(I’m completely shocked how the time flies),we were working on Plasma Active,and one of the ideas was to allow the userto create private activi...
 
#Vaults - #Encryption in Plasma http://cukic.co/2017/02/03/vaults-encryption-in-plasma/ #kde #plasma #gnu #linux

Vaults - Encryption in Plasma | Ivan Čukić

Five years ago(I’m completely shocked how the time flies),we were working on Plasma Active,and one of the ideas was to allow the userto create private activi...
 

Microsoft is making it easier for the Thai government to break web encryption - The Verge



#Microsoft #surveillance #thailand #https #encryption #security #privacy

Microsoft is making it easier for Thailand to spy on its citizens

The Thai government is looking to take greater control over its citizens' web encryption, according to a new report from Privacy International, and Microsoft is part of the problem.
At issue is...
 

Microsoft is making it easier for the Thai government to break web encryption - The Verge



#Microsoft #surveillance #thailand #https #encryption #security #privacy

Microsoft is making it easier for Thailand to spy on its citizens

The Thai government is looking to take greater control over its citizens' web encryption, according to a new report from Privacy International, and Microsoft is part of the problem.
At issue is...
 
git diff --stat master[...]36 files changed, 3591 insertions(+)Making #progress :)

#omemo #smack #module #encryption #bachelor #thesis
 

End-to-End Encrypted group chats via XMPP



Jamie McClelland writes, that it is still difficult to have a secure group chat. But it's possible.
Use either Conversations for Android (f-droid or Play) or Gajim for Windows or Linux [...]

Ensure that everyone in your group has added everyone else in the group to their roster [...]

Create the group in the android Conversations app, not in Gajim [...]

#xmpp #muc #conversations #gajim #omemo #encryption

End-to-End Encrypted group chats via XMPP

 

Email Self-Defense - a guide to defend yourself from surveillance with GnuPG encryptionhttps://emailselfdefense.fsf.org/en/



Immagine/foto
This #guide will teach you a basic #surveillance self-defense skill: #email #encryption. Once you've finished, you'll be able to send and receive emails that are scrambled to make sure a surveillance agent or thief intercepting your email can't read them. All you need is a computer with an #Internet connection, an email account, and about forty minutes. (...)

#gnupg #gpg #emailselfdefense #gnu #gpl #fsf #gnulinux #linux #ssl #tls #journalism #tutorial #howto #enigmail #security #weboftrust #journalism++ #jplusplus

http://www.jplusplus.org/en/

via Diaspora* Publisher -

Email Self-Defense - a guide to fighting surveillance with GnuPG encryption

Email surveillance violates our fundamental rights and makes free speech risky. This guide will teach you email self-defense in 40 minutes with GnuPG.
 
Encrypted messengers: Why Riot (and not Signal) is the future

http://www.titus-stahl.de/blog/2016/12/21/encrypted-messengers-why-riot-and-not-signal-is-the-future/
But Riot has other advantages that make it, in some aspects, superior to Signal. Riot is based on the so-called Matrix protocol which is a federated protocol. That means that anyone who wants can run a Matrix server can do so and Riot users from all these servers can communicate with one another. There is no central instance that controls Matrix or Riot.

#privacy #encryption #messaging #federation

Encrypted messengers: Why Riot (and not Signal) is the future - Titus Stahl

As a response to the Snowden revelations, the number of messaging apps that promise security against surveillance has rapidly multiplied. There seems …
 
Too cool for PGP

https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html
The experts, by and large, have yet to offer any credible replacements for PGP. And when they suggest abandoning PGP, what they're really saying is we should give up on secure e-mail and just use something else. That doesn't fly. Many people have to use e-mail. E-mail is everywhere. Not improving the security of e-mail and instead expecting people to just use other tools (or go without), is the security elite proclaiming from their ivory tower: "Let them eat cake!"

Furthermore, if that "something else" also requires people use their phone number for everything... well, that's the messaging world's equivalent of the widely despised Facebook Real Name Policy. If you ever needed a clear example of why the lack of diversity (and empathy) in tech is a problem, there it is!

A very good article on just why OpenPGP is so important! From one of the main guys behind Mailpile.

#privacy #encryption #email #openpgp

Mailpile: Too Cool for PGP

 
Remember if you run a SSL site and use #wosign or #startssl that your users will not be able to connect soon! My chrome already can not connect to some pods and sites as they are distrusted. Get your self set up with #letsencrypt now!

Check out https://acme.sh to make it super simple to get letsencrypt set up.

Pass it on!

#podmin #diaspora #ssl #webhost #devops #webmaster #sysadmin #encryption #le #tls #security #ssl ca #certificateAuthority #firefox #chrome #apple #google #startcom #server #https

More reading on the topic: https://dia.so/27c https://dia.so/27d https://dia.so/27e

Not sure how long till distros and OS's follow, but if users can not access the sites its pretty much dead.

Neilpang/acme.sh

An ACME Shell script, an acme client alternative to certbot : acme.sh
 
Remember if you run a SSL site and use #wosign or #startssl that your users will not be able to connect soon! My chrome already can not connect to some pods and sites as they are distrusted. Get your self set up with #letsencrypt now!

Check out https://acme.sh to make it super simple to get letsencrypt set up.

Pass it on!

#podmin #diaspora #ssl #webhost #devops #webmaster #sysadmin #encryption #le #tls #security #ssl ca #certificateAuthority #firefox #chrome #apple #google #startcom #server #https

More reading on the topic: https://dia.so/27c https://dia.so/27d https://dia.so/27e

Not sure how long till distros and OS's follow, but if users can not access the sites its pretty much dead.

Neilpang/acme.sh

An ACME Shell script, an acme client alternative to certbot : acme.sh
 
Too cool for PGP

https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html
The experts, by and large, have yet to offer any credible replacements for PGP. And when they suggest abandoning PGP, what they're really saying is we should give up on secure e-mail and just use something else. That doesn't fly. Many people have to use e-mail. E-mail is everywhere. Not improving the security of e-mail and instead expecting people to just use other tools (or go without), is the security elite proclaiming from their ivory tower: "Let them eat cake!"

Furthermore, if that "something else" also requires people use their phone number for everything... well, that's the messaging world's equivalent of the widely despised Facebook Real Name Policy. If you ever needed a clear example of why the lack of diversity (and empathy) in tech is a problem, there it is!

A very good article on just why OpenPGP is so important! From one of the main guys behind Mailpile.

#privacy #encryption #email #openpgp

Mailpile: Too Cool for PGP

 

#CryptoWar: Instead of fighting for the right of #encryption, we should fight for the duty of encryption!



Only those who explicit want an unencrypted #transmission should get it. The #default must be an encrypted #connection.

#security #freedom #privacy #justice #politics #eff #software #internet #communication
 

#CryptoWar: Instead of fighting for the right of #encryption, we should fight for the duty of encryption!



Only those who explicit want an unencrypted #transmission should get it. The #default must be an encrypted #connection.

#security #freedom #privacy #justice #politics #eff #software #internet #communication
 
#conversations.im #OMEMO #Gagim #encryption #messenger #FOSS #Fdroid

Setup Whatsapp-like chat messaging that respects your privacy [complete guide]

This guide helps using a chat messenger that works like Whatsapp or Facebook Messenger, but which respects your privacy and freedom.
 

Email Self-Defense - a guide to defend yourself from surveillance with GnuPG encryptionhttps://emailselfdefense.fsf.org/en/



Immagine/foto
This #guide will teach you a basic #surveillance self-defense skill: #email #encryption. Once you've finished, you'll be able to send and receive emails that are scrambled to make sure a surveillance agent or thief intercepting your email can't read them. All you need is a computer with an #Internet connection, an email account, and about forty minutes. (...)

#gnupg #gpg #emailselfdefense #gnu #gpl #fsf #gnulinux #linux #ssl #tls #journalism #tutorial #howto #enigmail #security #weboftrust #journalism++ #jplusplus

http://www.jplusplus.org/en/

via Diaspora* Publisher -

Email Self-Defense - a guide to fighting surveillance with GnuPG encryption

Email surveillance violates our fundamental rights and makes free speech risky. This guide will teach you email self-defense in 40 minutes with GnuPG.
 

Tor: Volunteer - A few things everyone can do nowhttps://www.torproject.org/getinvolved/volunteer.html.en



Immagine/foto
#tor #getinvolved #help #onion #privacy #tails #torbrowser #relay #anonymous #censorship #security #encryption #volunteer

via Diaspora* Publisher -

Tor: Volunteer

Tor is a free software that prevents people from learning your location or browsing habits by letting you communicate anonymously on the Internet. It also helps you bypass censorship online. If you can't open the website, email gettor@torproject.org for instruction on how to get the Tor Browser.
 

Tor: Volunteer - A few things everyone can do nowhttps://www.torproject.org/getinvolved/volunteer.html.en



Immagine/foto
#tor #getinvolved #help #onion #privacy #tails #torbrowser #relay #anonymous #censorship #security #encryption #volunteer

via Diaspora* Publisher -

Tor: Volunteer

Tor is a free software that prevents people from learning your location or browsing habits by letting you communicate anonymously on the Internet. It also helps you bypass censorship online. If you can't open the website, email gettor@torproject.org for instruction on how to get the Tor Browser.
 
“[…] in the #surveillance state in which we all now live, it is more important than ever to ensure that our #communication tools are secure and trustworthy. While it’s a good thing that apps such as Duo and WhatsApp are now using end-to-end #encryption — meaning third parties, including the company providing the service, should not be able to read, or listen to, what users are saying — using #proprietary software and protocols means that we have to place a certain degree of trust in companies such as Google and Facebook.

“Given that we know many of these companies have co-operated with government agencies — such as the National Security Agency #NSA — the recent news that #WhatsApp will be cross-referencing users’ phone numbers with #Facebook accounts and the fact that the proprietary nature of these applications means they are often less likely to undergo thorough #security audits, it’s hard to blindly trust these companies to keep our best interests and #privacy in mind.

“My solution to the problem of people being segregated on, often insecure, communications platforms is to buck the trend whenever possible and refuse to correspond using anything that isn’t open and secure. But this will only work if other people follow my lead.”

#SurveillanceCapitalism #FreeSoftware #free-software #standards

National Post: Jesse Kline: Google gives the world another video conferencing app that won't let you talk to all your friends (Jesse Kline)

For a technology to become widely adopted as a method of communication, it needs to be based on open standards.
 
“[…] in the #surveillance state in which we all now live, it is more important than ever to ensure that our #communication tools are secure and trustworthy. While it’s a good thing that apps such as Duo and WhatsApp are now using end-to-end #encryption — meaning third parties, including the company providing the service, should not be able to read, or listen to, what users are saying — using #proprietary software and protocols means that we have to place a certain degree of trust in companies such as Google and Facebook.

“Given that we know many of these companies have co-operated with government agencies — such as the National Security Agency #NSA — the recent news that #WhatsApp will be cross-referencing users’ phone numbers with #Facebook accounts and the fact that the proprietary nature of these applications means they are often less likely to undergo thorough #security audits, it’s hard to blindly trust these companies to keep our best interests and #privacy in mind.

“My solution to the problem of people being segregated on, often insecure, communications platforms is to buck the trend whenever possible and refuse to correspond using anything that isn’t open and secure. But this will only work if other people follow my lead.”

#SurveillanceCapitalism #FreeSoftware #free-software #standards

National Post: Jesse Kline: Google gives the world another video conferencing app that won't let you talk to all your friends (Jesse Kline)

For a technology to become widely adopted as a method of communication, it needs to be based on open standards.
 
Maker of Signal asked to give out information to the FBI
Earlier this year, the FBI served Open Whisper Systems, the creator of Signal, a popular end-to-end encrypted messaging application, with its first criminal grand jury subpoena. On Tuesday, Open Whisper Systems and its lawyers at the American Civil Liberties Union successfully challenged a gag order forbidding the company from speaking about that request.

That's one of the problems with a centralised system, all the metadata is collected in one place and may be retreivable by authorities or other with power to request it.

However:
It this case, Open Whisper Systems barely had any subscriber data to give to the FBI. They responded with two pieces of information for one of the phone numbers: the time that the Signal account was created and the most recent date that the user connected to the Signal server. The other phone number did not have a Signal account associated with it.

Other messaging services routinely store more information about their users, including the IP addresses they use to connect to the service, their contact lists, who they sent messages to and when, and often the content of the messages themselves. When those services receive similar government requests, they could be legally compelled to turn over that information. Open Whisper Systems designed Signal to log only the bare minimum information necessary to operate their service, specifically to avoid being put in that position.

This also shows that it is possible to design your systems in ways that don't expose more data than what's needed. OpenWhisper Systems seems to have done their job properly here.

#signal #encryption #fbi #privacy #security
 

all mine!: Latest attacks on #privacy...



http://blog.jospoortvliet.com/2016/08/latest-attacks-on-privacy.html
It is the usual story: we should disallow companies from using perfect end to end #encryption and force them to insert #backdoors against #terrorists. Not that it would help - that's been discussed extensively already but in short: * If you have nothing to hide, you'll use a backdoored app and you're vulnerable to foreign (and your own) #governments, terrorists (!), #criminals and others who can abuse your #data in more ways than you can imagine. * If you have something to hide, you can use 1000 different tools to do so and there is nothing government can do about that so you won't use a backdoored app. * And note that government has failed to even use fully unencrypted information to stop terrorist #attacks so perhaps we should first see if they can actually get their act together there.

Very well said, in a really short article. Loving the ideological/political position the #Nextcloud project is taking. Worth a read and a share!

all mine!: Latest attacks on privacy...

 



You broke the Internet



Now let's build a GNU one



Details: Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace.

Strongly recommend checking out the source website: http://youbroketheinternet.org/

Some related tags: #internet #surveillance #freesoftware #gnu #linux #security #netsec #crypto #ipfs #gpg #pgp #encryption #cryptocat #mumble #GNS #guix #nix #bittorrent #faceboogle #tor #I2P #otr #librecmc #libreboot #fsf #eff #ccc #pirateparty #pirates #ricochet #gnunet #freenet #android #replicant #grothoff #signal #libresignal #taler #gnutaler #youbroketheinternet #selfhosting #decentralization #selfhosted #tox #xmpp #jitsi #pond #PSYC #Tahoe-LAFS #retroshare #cjdns #onionshare #cryptocat #briar #maidsafe #coreboot #tribler #axolotl #zeroqm #bitmessage #cloud #skype #twitter #microsoft #rhizome #rina #netsukuku #tails #debian #freedombox #freedombone #ethos #qubes #whonix #guixSD #gentoo #zyre #reproduciblebuilds #openwrt #BMX7 #net2o #ethereum #copperheadOS #federation #dns #smtp #dane #blackadder #globaleaks #redphone #2020 #mesh #pulse #heartbeat

#youbroketheinternet

#youbroketheinternet
 

How is NSA breaking so much crypto?


There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.

However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.

The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.

For the nerds in the audience, here’s what’s wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.

Read more -- https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/

#NationalSecurityAgency #NSA #encryption #privacy #security #surveillance#VirtualPrivateNetwork #VPN #SecureShell #SSH #HTTPS #SSL #DiffieHellman
https://freedom-to-tinker.com/2015/10/14/how-is-nsa-breaking-so-much-crypto/
 
nuovi vecchi