Skip to main content

Cerca

Elementi taggati con: encryption


 

EFail and Thunderbird, What You Need To Know | The Mozilla Thunderbird Blog


https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/

How to protect yourself

DO NOT DISABLE ENCRYPTION. We’ve seen recommendations from some outlets to stop using encrypted Email altogether. If you are sending sensitive data via Email, Thunderbird still recommends using encryption to keep those messages safe.

#EFail #thunderbird #encryption
EFail and Thunderbird, What You Need To Know

 
Immagine/foto
Immagine/foto
Immagine/foto
SàT 0.7.0a1 (first alpha) released.

https://www.goffi.org/b/Uj5MCqezCwQUuYvKhSFAwL/salut-alpha-contributors,-take-your-keyboards

There is a big need of contributors. If you want to participate in a project which is decentralized, ethics, and politically involved, contact me.

#XMPP #ethics #SàT #salutatoi #decentralization #release #social networks #chat #encryption #privacy #forge #blog #events #forums #file sharing

 
I work in mobile app development and the technology out there to spy on you is pretty insane. There is a whole industry for snooping and reselling data. Here are some examples.

There are several SDKs (software development kits) that offer fingerprinting identity services. Meaning, when someone opens your app, it checks their device ID, IP address, GPS location, email address, etc. and makes a match to an identity. You then use this SDK to track their behavior in your app, such as purchases, interests, demographics, preferences, etc. This data is stored along with all the other apps that use the SDK. Now as an upsell, I can buy all of your behavior data from every other app that uses the same service. From the moment you install the app I know everything about you.

There are SDKs that don’t even offer a service, they just straight up pay the app maker to let their agent sit and collect data and send it up to their servers. Mostly location data.

My favorite is there’s an SDK that actually records the screen while you use the app, and the video gets sent up to the server for the app maker to see how you use their app in real time. It also tracks all of your views, swipes, and button presses tied to the video for analytics.

Basically, you should assume that every moment you are using an internet connected device, you are being observed, scrutinized, and analyzed so that someone can sell you more shit.

They are really good at this, and getting better every year. You think Facebook is listening to your microphone to serve you ads at the moment you are discussing a product? They don’t need to. They know you that well.

Edit: A lot of people are asking for specific examples of this monitoring tech. There are a ton of small players. So an example of location tracking is Tamoco. An example of behavior tracking is Branch.io (they don't advertise the data mining, but it's a back-end deal). And session monitoring is AppSee or HotJar. There are many more that I haven't heard of.

There are a ton of data resellers out there. They're typically small startups who buy and sell data, and they compete on having the most comprehensive and clean data sets. We get approached by a data reseller maybe once a month, either trying to buy our data or sell us data.

Edit: A lot of people are flippant about this idea because you "don't click on ads" or you "don't buy anything". There are people who aren't interested in just selling you products. How about voting for a particular political candidate, or for/against a ballot measure? How about selling you a particular world view? Propaganda is just like advertising, they're just selling you an idea instead of a product.
#android #ios #programming #development #app #apps #phone #smartphone #sdk #hotjar #facebook #appsee #branch.io #tamoco #surveillance #privacy #encryption

 

Looking for a mom-and-pops-friendly IM solution


tl;dr: I'm looking for an alternative to #Whatsapp that is easy enough for my nontechie family to use. So far, #Matrix looks like the most complete solution, but seems pretty slow these days for some reason. Also, I have reasons on why I'm not 100% on choosing #XMPP this time.

What is the alternative you would recommend to mom and dad?

#CambridgeAnalytica leaks and #Facebook scandals apart, I've already been looking for an alternative to WhatsApp for many years, with the largest hurdle in this crusade definitely being the fact that my family hasn't been keen on leaving it for another app. On my side, I have the following requirements:
  • End-to-end #Encryption enabled by default, or at least built into the program (native implementation, no third party plugins)
  • Clients exist for at least GNU/Linux and Android platforms (more is better, but not needed)
  • Support for group chats with E2EE
  • Supports at least text and image transferring.
Matching all of these used to be very tough for a chat program, until about two years ago. With the tremendous progress that the XMPP movement has been doing for the past two or so years, I was hard-pressed to inevitably tell them to immediately download #Conversations for their phones and find true #privacy with #OMEMO encryption and their chats. However...

OMEMO isn't exactly a silver bullet (yet).


First off, allow me to clarify one thing: I love XMPP. I think it is a very mature and very reliable protocol, has a very diverse ecosystem of servers and clients around and has worked very well for me so far. With that said, though, the entire Go OMEMO! isn't exactly the magical crypto bullet that will save every one from surveillance. Or at least not yet.

First off, adoption of OMEMO in client applications has been slow. The only one that actually gets it right in my opinion is Conversations, but that's a phone app - a privacy nightmare. On the desktop, we have few options, and, from experience, none is mature to the point of surviving heavy usage:
  • Gajim - the go-to answer everyone receives - doesn't have native support, and the OMEMO plug-in requires little-tested versions that are unstable, or link to libraries whose versions some distros like Debian and Ubuntu do not offer, even if you add the development Gajim repo.
  • Profanity has at least two plug-ins for OMEMO (python and C), but they are also in the early stages of development (when I tested the python one, it didn't allow me to send messages, just receive).
  • Pidgin seems to have released an OMEMO library, but given the time of the release, I doubt it's any more stable than the above.
  • Dino appears to offer native support, but is still in alpha stage.
I know that this site indicates many other programs having some or full support for OMEMO already, but quite frankly, in my experience it's not accurate at all from the experience of a user (see my points above).

So much for requirement #2...

Enter (or not) the Matrix


So while I was busy digging for the grail, all the cool kids seemed to have switched to something called Matrix, specifically through the Riot webapp. Citing full integration over many different communication networks, I also decided to give it a try because, well, why not?

Turns out that Riot is glossy and bloated, but yes, fairly easy to use - very much like WhatsApp itself. That could be a selling point to the non-techies! And they have E2EE that apparently has been audited already. And it does fulfill all the four requirements I have. But I still am a little unsure about a few things:
  • By using the Riot web interface, you have to use Javascript to do cryptography. I know that the implementation was audited, but the whole thing about trusting Javascript still gives me the creeps. Also: RIP my RAM.
  • Desktop clients for Matrix are, very much like XMPP, lacking. Riot-desktop seems to be just a thin wrapper around the webapp. The weechat plugin last time I checked does not support encryption, etc.
  • It is mysteriously very slow these days. It seems that this is because of people overloading a few of the already few servers around and not wishing to host more, thus resulting in a very inefficient federation and network. That wasn't the case when I first tried it two years ago. This will not help convince WhatsApp users.
But even with all the above considered, I still think that Matrix, through the Riot App and Webapp is the best way to go to convince nontechies to move away from WhatsApp. I'm not praising Matrix either, though. It always sounded to me like a project that wanted to do everything, and seeing the bloat I get for what I intend to use it for, it seems to have kept going that way.

Perhaps when one day OMEMO finds its way into native or mature implementations in XMPP clients, I will revisit this post and lean towards XMPP again. But so far, no single free software IM solution has been 100% satisfactory in my case, and I'm still looking for more alternatives.

What is the alternative you would recommend to mom and dad?

 

The rocky road to OMEMO by default



Daniel Gultsch, developer of Android XMPP client Conversations, writes,

Why it took us more than two years to enable End-to-End encryption by default: The first in a series of essays leading up to the release of Conversations 2.0



...
The other big hurdle we had to overcome was the adoption rate in clients. If you send OMEMO encrypted messages by default you should have a reasonable expectation that your contact will be able to decrypt the message. Reasonable expectation doesn’t mean that every single client out there has to support it—In an ecosystem with hundreds of small, badly maintained clients that’s just not feasible—but the major clients should at least have a plugin available.
In March 2018 we finally reached the point where every plattform has one or more clients with OMEMO support. Conversations and Zom on Android, ChatSecure on iOS, Psi and Gajim on the desktop. The up and coming desktop client Dino—despite not having had an initial release—already has support for OMEMO as well. And even the webclient JSXC has a plugin available.
Considering the complexity of OMEMO and the fact that most of these clients are developed by people in their spare time, this is actually quite an impressive adoption rate.
...
Moxie Marlinspike, in his 2016 propaganda piece ignorantly bashing XMPP, had one valid point: Enabling end-to-end encryption in a homogenous environment is easier than introducing it in a heterogenous one like Jabber. Nobody is denying that. However, if something is hard to achieve there are two possible approaches: Either try your best and don’t give up, or put your head in the sand and create yet another walled garden that is no different from other proprietary solutions.
Admittedly it has taken us a while to get to a point where we can enable end-to-end encryption by default, but it was worth the effort in that we ended up with something that is different from WhatsApp in more than just marketing.
#xmpp #omemo #conversations #psi #gajim #zom #chatsecure #dino #jsxc #federation #encryption

 



You broke the Internet



Now let's build a GNU one



Details: Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace.

Strongly recommend checking out the source website: http://youbroketheinternet.org/

Some related tags: #internet #surveillance #freesoftware #gnu #linux #security #netsec #crypto #ipfs #gpg #pgp #encryption #cryptocat #mumble #GNS #guix #nix #bittorrent #faceboogle #tor #I2P #otr #librecmc #libreboot #fsf #eff #ccc #pirateparty #pirates #ricochet #gnunet #freenet #android #replicant #grothoff #signal #libresignal #taler #gnutaler #youbroketheinternet #selfhosting #decentralization #selfhosted #tox #xmpp #jitsi #pond #PSYC #Tahoe-LAFS #retroshare #cjdns #onionshare #cryptocat #briar #maidsafe #coreboot #tribler #axolotl #zeroqm #bitmessage #cloud #skype #twitter #microsoft #rhizome #rina #netsukuku #tails #debian #freedombox #freedombone #ethos #qubes #whonix #guixSD #gentoo #zyre #reproduciblebuilds #openwrt #BMX7 #net2o #ethereum #copperheadOS #federation #dns #smtp #dane #blackadder #globaleaks #redphone #2020 #mesh #pulse #heartbeat

#youbroketheinternet

#youbroketheinternet

 



You broke the Internet



Now let's build a GNU one



Details: Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace.

Strongly recommend checking out the source website: http://youbroketheinternet.org/

Some related tags: #internet #surveillance #freesoftware #gnu #linux #security #netsec #crypto #ipfs #gpg #pgp #encryption #cryptocat #mumble #GNS #guix #nix #bittorrent #faceboogle #tor #I2P #otr #librecmc #libreboot #fsf #eff #ccc #pirateparty #pirates #ricochet #gnunet #freenet #android #replicant #grothoff #signal #libresignal #taler #gnutaler #youbroketheinternet #selfhosting #decentralization #selfhosted #tox #xmpp #jitsi #pond #PSYC #Tahoe-LAFS #retroshare #cjdns #onionshare #cryptocat #briar #maidsafe #coreboot #tribler #axolotl #zeroqm #bitmessage #cloud #skype #twitter #microsoft #rhizome #rina #netsukuku #tails #debian #freedombox #freedombone #ethos #qubes #whonix #guixSD #gentoo #zyre #reproduciblebuilds #openwrt #BMX7 #net2o #ethereum #copperheadOS #federation #dns #smtp #dane #blackadder #globaleaks #redphone #2020 #mesh #pulse #heartbeat

#youbroketheinternet

#youbroketheinternet

 

Installing Signal on a Google free phone



I tried to install Singal on my Google free Android phone one year ago and I was shocked when I found out that I had to install Google Play services to use Signal and there was not much info out there how to do it without it.
So now I gave it another try and after almost a whole day I finally did it.
Here is what I did:
I have rooted CyanogenMod 13 on my phone, no Google apps.
- Go to https://microg.org/ (A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.)
- Download and install GmsCore.apk, GsfProxy.apk, FakeStore.apk in this order
- Open the microG Settings and tick both checkboxes for background services
- Reboot your device
- Disable Battery Optimization for microG Services Core in System Settings > Battery > Menu > Battery optimization.
- Go to https://www.apkmirror.com and get an old version of Signal - e.g. v3.20 (you won't be able to sign up with the newest version)
- Install Signal and sign up.
- Now if everything works just download the newest version of Signal and install it.

I hope this helps others.

#android #signal #messaging #encryption #privacy #security #floss #opensource

Open Whisper Systems >> Home

Open Whisper Systems >> Home

 

Installing Signal on a Google free phone



I tried to install Singal on my Google free Android phone one year ago and I was shocked when I found out that I had to install Google Play services to use Signal and there was not much info out there how to do it without it.
So now I gave it another try and after almost a whole day I finally did it.
Here is what I did:
I have rooted CyanogenMod 13 on my phone, no Google apps.
- Go to https://microg.org/ (A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.)
- Download and install GmsCore.apk, GsfProxy.apk, FakeStore.apk in this order
- Open the microG Settings and tick both checkboxes for background services
- Reboot your device
- Disable Battery Optimization for microG Services Core in System Settings > Battery > Menu > Battery optimization.
- Go to https://www.apkmirror.com and get an old version of Signal - e.g. v3.20 (you won't be able to sign up with the newest version)
- Install Signal and sign up.
- Now if everything works just download the newest version of Signal and install it.

I hope this helps others.

#android #signal #messaging #encryption #privacy #security #floss #opensource

Open Whisper Systems >> Home

Open Whisper Systems >> Home

 
#Vaults - #Encryption in Plasma http://cukic.co/2017/02/03/vaults-encryption-in-plasma/ #kde #plasma #gnu #linux

Vaults - Encryption in Plasma | Ivan Čukić

Five years ago(I’m completely shocked how the time flies),we were working on Plasma Active,and one of the ideas was to allow the userto create private activi...

 
#Vaults - #Encryption in Plasma http://cukic.co/2017/02/03/vaults-encryption-in-plasma/ #kde #plasma #gnu #linux

Vaults - Encryption in Plasma | Ivan Čukić

Five years ago(I’m completely shocked how the time flies),we were working on Plasma Active,and one of the ideas was to allow the userto create private activi...

 

How is NSA breaking so much crypto?


There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.

However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.

The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.

For the nerds in the audience, here’s what’s wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.

Read more -- https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/

#NationalSecurityAgency #NSA #encryption #privacy #security #surveillance#VirtualPrivateNetwork #VPN #SecureShell #SSH #HTTPS #SSL #DiffieHellman
https://freedom-to-tinker.com/2015/10/14/how-is-nsa-breaking-so-much-crypto/

 

Microsoft is making it easier for the Thai government to break web encryption - The Verge



#Microsoft #surveillance #thailand #https #encryption #security #privacy

Microsoft is making it easier for Thailand to spy on its citizens

The Thai government is looking to take greater control over its citizens' web encryption, according to a new report from Privacy International, and Microsoft is part of the problem.
At issue is...

 

Microsoft is making it easier for the Thai government to break web encryption - The Verge



#Microsoft #surveillance #thailand #https #encryption #security #privacy

Microsoft is making it easier for Thailand to spy on its citizens

The Thai government is looking to take greater control over its citizens' web encryption, according to a new report from Privacy International, and Microsoft is part of the problem.
At issue is...

 
git diff --stat master[...]36 files changed, 3591 insertions(+)Making #progress :)

#omemo #smack #module #encryption #bachelor #thesis

 

End-to-End Encrypted group chats via XMPP



Jamie McClelland writes, that it is still difficult to have a secure group chat. But it's possible.
Use either Conversations for Android (f-droid or Play) or Gajim for Windows or Linux [...]

Ensure that everyone in your group has added everyone else in the group to their roster [...]

Create the group in the android Conversations app, not in Gajim [...]

#xmpp #muc #conversations #gajim #omemo #encryption

End-to-End Encrypted group chats via XMPP


 

Email Self-Defense - a guide to defend yourself from surveillance with GnuPG encryptionhttps://emailselfdefense.fsf.org/en/



Immagine/foto
This #guide will teach you a basic #surveillance self-defense skill: #email #encryption. Once you've finished, you'll be able to send and receive emails that are scrambled to make sure a surveillance agent or thief intercepting your email can't read them. All you need is a computer with an #Internet connection, an email account, and about forty minutes. (...)

#gnupg #gpg #emailselfdefense #gnu #gpl #fsf #gnulinux #linux #ssl #tls #journalism #tutorial #howto #enigmail #security #weboftrust #journalism++ #jplusplus

http://www.jplusplus.org/en/

via Diaspora* Publisher -

Email Self-Defense - a guide to fighting surveillance with GnuPG encryption

Email surveillance violates our fundamental rights and makes free speech risky. This guide will teach you email self-defense in 40 minutes with GnuPG.

 

Email Self-Defense - a guide to defend yourself from surveillance with GnuPG encryptionhttps://emailselfdefense.fsf.org/en/



Immagine/foto
This #guide will teach you a basic #surveillance self-defense skill: #email #encryption. Once you've finished, you'll be able to send and receive emails that are scrambled to make sure a surveillance agent or thief intercepting your email can't read them. All you need is a computer with an #Internet connection, an email account, and about forty minutes. (...)

#gnupg #gpg #emailselfdefense #gnu #gpl #fsf #gnulinux #linux #ssl #tls #journalism #tutorial #howto #enigmail #security #weboftrust #journalism++ #jplusplus

http://www.jplusplus.org/en/

via Diaspora* Publisher -

Email Self-Defense - a guide to fighting surveillance with GnuPG encryption

Email surveillance violates our fundamental rights and makes free speech risky. This guide will teach you email self-defense in 40 minutes with GnuPG.

 
Encrypted messengers: Why Riot (and not Signal) is the future

http://www.titus-stahl.de/blog/2016/12/21/encrypted-messengers-why-riot-and-not-signal-is-the-future/
But Riot has other advantages that make it, in some aspects, superior to Signal. Riot is based on the so-called Matrix protocol which is a federated protocol. That means that anyone who wants can run a Matrix server can do so and Riot users from all these servers can communicate with one another. There is no central instance that controls Matrix or Riot.

#privacy #encryption #messaging #federation

Encrypted messengers: Why Riot (and not Signal) is the future - Titus Stahl

As a response to the Snowden revelations, the number of messaging apps that promise security against surveillance has rapidly multiplied. There seems …

 
Too cool for PGP

https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html
The experts, by and large, have yet to offer any credible replacements for PGP. And when they suggest abandoning PGP, what they're really saying is we should give up on secure e-mail and just use something else. That doesn't fly. Many people have to use e-mail. E-mail is everywhere. Not improving the security of e-mail and instead expecting people to just use other tools (or go without), is the security elite proclaiming from their ivory tower: "Let them eat cake!"

Furthermore, if that "something else" also requires people use their phone number for everything... well, that's the messaging world's equivalent of the widely despised Facebook Real Name Policy. If you ever needed a clear example of why the lack of diversity (and empathy) in tech is a problem, there it is!

A very good article on just why OpenPGP is so important! From one of the main guys behind Mailpile.

#privacy #encryption #email #openpgp

Mailpile: Too Cool for PGP


 
Remember if you run a SSL site and use #wosign or #startssl that your users will not be able to connect soon! My chrome already can not connect to some pods and sites as they are distrusted. Get your self set up with #letsencrypt now!

Check out https://acme.sh to make it super simple to get letsencrypt set up.

Pass it on!

#podmin #diaspora #ssl #webhost #devops #webmaster #sysadmin #encryption #le #tls #security #ssl ca #certificateAuthority #firefox #chrome #apple #google #startcom #server #https

More reading on the topic: https://dia.so/27c https://dia.so/27d https://dia.so/27e

Not sure how long till distros and OS's follow, but if users can not access the sites its pretty much dead.

Neilpang/acme.sh

An ACME Shell script, an acme client alternative to certbot : acme.sh

 
Remember if you run a SSL site and use #wosign or #startssl that your users will not be able to connect soon! My chrome already can not connect to some pods and sites as they are distrusted. Get your self set up with #letsencrypt now!

Check out https://acme.sh to make it super simple to get letsencrypt set up.

Pass it on!

#podmin #diaspora #ssl #webhost #devops #webmaster #sysadmin #encryption #le #tls #security #ssl ca #certificateAuthority #firefox #chrome #apple #google #startcom #server #https

More reading on the topic: https://dia.so/27c https://dia.so/27d https://dia.so/27e

Not sure how long till distros and OS's follow, but if users can not access the sites its pretty much dead.

Neilpang/acme.sh

An ACME Shell script, an acme client alternative to certbot : acme.sh

 
Too cool for PGP

https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html
The experts, by and large, have yet to offer any credible replacements for PGP. And when they suggest abandoning PGP, what they're really saying is we should give up on secure e-mail and just use something else. That doesn't fly. Many people have to use e-mail. E-mail is everywhere. Not improving the security of e-mail and instead expecting people to just use other tools (or go without), is the security elite proclaiming from their ivory tower: "Let them eat cake!"

Furthermore, if that "something else" also requires people use their phone number for everything... well, that's the messaging world's equivalent of the widely despised Facebook Real Name Policy. If you ever needed a clear example of why the lack of diversity (and empathy) in tech is a problem, there it is!

A very good article on just why OpenPGP is so important! From one of the main guys behind Mailpile.

#privacy #encryption #email #openpgp

Mailpile: Too Cool for PGP


 

#CryptoWar: Instead of fighting for the right of #encryption, we should fight for the duty of encryption!



Only those who explicit want an unencrypted #transmission should get it. The #default must be an encrypted #connection.

#security #freedom #privacy #justice #politics #eff #software #internet #communication

 

#CryptoWar: Instead of fighting for the right of #encryption, we should fight for the duty of encryption!



Only those who explicit want an unencrypted #transmission should get it. The #default must be an encrypted #connection.

#security #freedom #privacy #justice #politics #eff #software #internet #communication

 
#conversations.im #OMEMO #Gagim #encryption #messenger #FOSS #Fdroid

Setup Whatsapp-like chat messaging that respects your privacy [complete guide]

This guide helps using a chat messenger that works like Whatsapp or Facebook Messenger, but which respects your privacy and freedom.

 

Tor: Volunteer - A few things everyone can do nowhttps://www.torproject.org/getinvolved/volunteer.html.en



Immagine/foto
#tor #getinvolved #help #onion #privacy #tails #torbrowser #relay #anonymous #censorship #security #encryption #volunteer

via Diaspora* Publisher -

Tor: Volunteer

Tor is a free software that prevents people from learning your location or browsing habits by letting you communicate anonymously on the Internet. It also helps you bypass censorship online. If you can't open the website, email gettor@torproject.org for instruction on how to get the Tor Browser.

 

Tor: Volunteer - A few things everyone can do nowhttps://www.torproject.org/getinvolved/volunteer.html.en



Immagine/foto
#tor #getinvolved #help #onion #privacy #tails #torbrowser #relay #anonymous #censorship #security #encryption #volunteer

via Diaspora* Publisher -

Tor: Volunteer

Tor is a free software that prevents people from learning your location or browsing habits by letting you communicate anonymously on the Internet. It also helps you bypass censorship online. If you can't open the website, email gettor@torproject.org for instruction on how to get the Tor Browser.

 
“[…] in the #surveillance state in which we all now live, it is more important than ever to ensure that our #communication tools are secure and trustworthy. While it’s a good thing that apps such as Duo and WhatsApp are now using end-to-end #encryption — meaning third parties, including the company providing the service, should not be able to read, or listen to, what users are saying — using #proprietary software and protocols means that we have to place a certain degree of trust in companies such as Google and Facebook.

“Given that we know many of these companies have co-operated with government agencies — such as the National Security Agency #NSA — the recent news that #WhatsApp will be cross-referencing users’ phone numbers with #Facebook accounts and the fact that the proprietary nature of these applications means they are often less likely to undergo thorough #security audits, it’s hard to blindly trust these companies to keep our best interests and #privacy in mind.

“My solution to the problem of people being segregated on, often insecure, communications platforms is to buck the trend whenever possible and refuse to correspond using anything that isn’t open and secure. But this will only work if other people follow my lead.”

#SurveillanceCapitalism #FreeSoftware #free-software #standards

National Post: Jesse Kline: Google gives the world another video conferencing app that won't let you talk to all your friends (Jesse Kline)

For a technology to become widely adopted as a method of communication, it needs to be based on open standards.

 
“[…] in the #surveillance state in which we all now live, it is more important than ever to ensure that our #communication tools are secure and trustworthy. While it’s a good thing that apps such as Duo and WhatsApp are now using end-to-end #encryption — meaning third parties, including the company providing the service, should not be able to read, or listen to, what users are saying — using #proprietary software and protocols means that we have to place a certain degree of trust in companies such as Google and Facebook.

“Given that we know many of these companies have co-operated with government agencies — such as the National Security Agency #NSA — the recent news that #WhatsApp will be cross-referencing users’ phone numbers with #Facebook accounts and the fact that the proprietary nature of these applications means they are often less likely to undergo thorough #security audits, it’s hard to blindly trust these companies to keep our best interests and #privacy in mind.

“My solution to the problem of people being segregated on, often insecure, communications platforms is to buck the trend whenever possible and refuse to correspond using anything that isn’t open and secure. But this will only work if other people follow my lead.”

#SurveillanceCapitalism #FreeSoftware #free-software #standards

National Post: Jesse Kline: Google gives the world another video conferencing app that won't let you talk to all your friends (Jesse Kline)

For a technology to become widely adopted as a method of communication, it needs to be based on open standards.

 
Maker of Signal asked to give out information to the FBI
Earlier this year, the FBI served Open Whisper Systems, the creator of Signal, a popular end-to-end encrypted messaging application, with its first criminal grand jury subpoena. On Tuesday, Open Whisper Systems and its lawyers at the American Civil Liberties Union successfully challenged a gag order forbidding the company from speaking about that request.

That's one of the problems with a centralised system, all the metadata is collected in one place and may be retreivable by authorities or other with power to request it.

However:
It this case, Open Whisper Systems barely had any subscriber data to give to the FBI. They responded with two pieces of information for one of the phone numbers: the time that the Signal account was created and the most recent date that the user connected to the Signal server. The other phone number did not have a Signal account associated with it.

Other messaging services routinely store more information about their users, including the IP addresses they use to connect to the service, their contact lists, who they sent messages to and when, and often the content of the messages themselves. When those services receive similar government requests, they could be legally compelled to turn over that information. Open Whisper Systems designed Signal to log only the bare minimum information necessary to operate their service, specifically to avoid being put in that position.

This also shows that it is possible to design your systems in ways that don't expose more data than what's needed. OpenWhisper Systems seems to have done their job properly here.

#signal #encryption #fbi #privacy #security

 

all mine!: Latest attacks on #privacy...



http://blog.jospoortvliet.com/2016/08/latest-attacks-on-privacy.html
It is the usual story: we should disallow companies from using perfect end to end #encryption and force them to insert #backdoors against #terrorists. Not that it would help - that's been discussed extensively already but in short: * If you have nothing to hide, you'll use a backdoored app and you're vulnerable to foreign (and your own) #governments, terrorists (!), #criminals and others who can abuse your #data in more ways than you can imagine. * If you have something to hide, you can use 1000 different tools to do so and there is nothing government can do about that so you won't use a backdoored app. * And note that government has failed to even use fully unencrypted information to stop terrorist #attacks so perhaps we should first see if they can actually get their act together there.

Very well said, in a really short article. Loving the ideological/political position the #Nextcloud project is taking. Worth a read and a share!

all mine!: Latest attacks on privacy...