Tagcrypto

4chan Spawns an Open Source, Encrypted Skype Alternative, But Can You Trust It?

Tox

My latest for Wired:

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.

When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.

Full Story: Wired: Hackers Build a Skype That’s Not Controlled by Microsoft

Why Google’s New Open Source Crypto Tool Might Not Be Such a Good Thing

From my story for Wired about Google’s new encryption plugin for Chrome “End-to-End“:

Google won’t be able to scan encrypted email messages in order to target advertising. Security expert Eleanor Saitta believes this may lead to Google to discourage most users from actively using encryption. She worries that the End-to-End may simply be a publicity stunt designed to keep Google’s engineers happy while scoring points with privacy advocates.

She also points out Google has history of abandoning projects that don’t make the company money, such as iGoogle and Google Reader. If activists come to rely on Google’s encryption tools, but those tools are discontinued, they will be left without crucial protections. “People live and die by the long-term success and failure of communication platforms — I mean that in a very literal sense,” she says. “You cannot put people in a position where they are depending on a software platform for life safety issues and then simply terminate it.”

Her other worry is that the existence of Google’s own plugin may discourage people from building other alternatives, or make it harder for open source encryption projects to raise funds. For example, Mailpile raised over $100,000 last year to build a new open source email client that works with any email provider, including Gmail, and has PGP encryption baked in from the beginning. But it will need more funding eventually, and Saitta worries that potential backers may not be as motivated to contribute.

Full Story: Wired: Google Renews Battle With the NSA by Open Sourcing Email Encryption Tool

Meet Briar, an Open Source “WhatsApp” for Activists

Briar diagram

My latest for Wired:

Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.

SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.

When you use messaging services like these, you’re depending on outside companies to properly encrypt your messages, store them safely, and protect them when the authorities come calling. And they may not be up to the task. The only way to ensure your messages are reasonably safe is to encrypt them yourself, using keys that no one has access to–including your messaging service provider. That way, even if hackers bust into your service provider or the authorities hit it with subpoenas, your messages are protected.

Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.

This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.

Full Story: Wired: Take Back Your Privacy With This Open Source WhatsApp

Briar is still in alpha and not ready for use for high-risk scenarios. If you’re looking for something immediately, OffTheRecord and TextSecure are worth considering, but of course nothing is perfectly secure.

The State Of Leak Sites

From Ars Technica:

WikiLeaks remains under a near financial blockade, its founder under effective house arrest after having been granted asylum in the Ecuadorian Embassy in London. The group has yet to release anything as substantial as last year’s “Detainee Policies”—Balkanleaks remains one of the few “leaking sites” still going strong. Its recent insurance-key move comes precisely out of the WikiLeaks playbook.

More than two years ago, a flurry of new WikiLeaks clones sprung up around the world inspired by the world’s most famous transparency-driven organization. They had all kinds of names: QuebecLeaks, BaltiLeaks, EnviroLeaks, and more. PirateLeaks (based in the Czech Republic), BrusselsLeaks (Belgium) and RuLeaks (Russia) all did not respond to Ars’ requests for comments. […]

So how does Balkanleaks thrive where others haven’t?

Tchobanov, the site’s co-founder, boils it down to one word: Tor. It’s the open-source online anonymizing tool that’s become the de facto gold standard for hiding one’s tracks online. Balkanleaks provides instructions in Bulgarian, Serbian, Macedonian, and English, and the submission website is only available on its Tor-enabled server.

Full Story: Ars Technica Whither whistleblowing: Where have all the leaking sites gone?

The article goes on to detail the state of some other projects, including OpenLeaks and GlobalLeaks.

Cypherpunk Rising: WikiLeaks, Encryption, And The Coming Surveillance Dystopia

Cypherpunks

R.U. Sirius wrote:

If, in 1995, some cypherpunks had published a book about the upcoming “postmodern surveillance dystopia,” most commentators would have shrugged it off as just a wee bit paranoid and ushered them into the Philip K. Dick Reading Room. Now, it is more likely that people will shrug and say, “that ship has already sailed.”

Full Story: The Verge: Cypherpunk rising: WikiLeaks, encryption, and the coming surveillance dystopia

Quantum Encryption Becomes A Little Less Impractical

From Bob McMillan at Wired Enterprise:

Sharing encryption keys the quantum way is exciting because it promises to be an incredibly secure way of doing encryption. In quantum cryptography, the encryption key is read by measuring the polarization of the photons being sent between computers. And according to Heisenberg’s uncertainty principle, anyone listening in on the communications would have to start messing with that polarization. And that would be detectable.

Up until now, the photons used to exchange quantum keys have been built using external lasers. But this new laser-free technique would be cheaper to mass-produce, says Sven Höfling, a group leader with the applied physics department at Würzburg University. “We can make Quantum key distribution with electrically driven sources,” he says. This is really compatible with standard semiconductor technology, meaning it could be, in principle, very cheap.”

Wired Enterprise: Quantum Crypto Takes Practical Step With Photon Breakthrough

Bob also notes that this may never actually be a practical technology.

Disclosure: I work for Wired Enterprise

A Bitcoin-based E-Bay for Illegal Drugs

Drugs

Gawker is running an unbelievable story on website called Silk Road – an open market for mail ordering illegal drugs. And it’s only accessible through TOR:

Mark, a software developer, had ordered the 100 micrograms of acid through a listing on the online marketplace Silk Road. He found a seller with lots of good feedback who seemed to know what they were talking about, added the acid to his digital shopping cart and hit “check out.” He entered his address and paid the seller 50 Bitcoins—untraceable digital currency—worth around $150. Four days later the drugs, sent from Canada, arrived at his house.

“It kind of felt like I was in the future,” Mark said.

Gawker: The Underground Website Where You Can Buy Any Drug Imaginable

Buyer beware: TOR is not untraceable. And an update from Bitcoin’s development team indicates that Bitcoin isn’t 100% anonymous either.

For more information on how Bitcoin works, see my interview with developer Gavin Andresen.

From a comment on Facebook:

The only thing that Jeff Garzik, the Bitcoin developer, forgot to mention are the extremely useful Bitcoin Laundries. They allow you to obscure and obfuscate the origin of a Bitcoin, allowing you to effectively ‘launder’ the Bitcoin so that network analysis would be futile. And they are free, simple, and widely available. They probably “forgot” that because it would make it seem even EASIER than it already is to buy drugs online.

I would still urge caution in using this service.

© 2014 Technoccult

Theme by Anders NorenUp ↑