Tagencryption

Why Google’s New Open Source Crypto Tool Might Not Be Such a Good Thing

From my story for Wired about Google’s new encryption plugin for Chrome “End-to-End“:

Google won’t be able to scan encrypted email messages in order to target advertising. Security expert Eleanor Saitta believes this may lead to Google to discourage most users from actively using encryption. She worries that the End-to-End may simply be a publicity stunt designed to keep Google’s engineers happy while scoring points with privacy advocates.

She also points out Google has history of abandoning projects that don’t make the company money, such as iGoogle and Google Reader. If activists come to rely on Google’s encryption tools, but those tools are discontinued, they will be left without crucial protections. “People live and die by the long-term success and failure of communication platforms — I mean that in a very literal sense,” she says. “You cannot put people in a position where they are depending on a software platform for life safety issues and then simply terminate it.”

Her other worry is that the existence of Google’s own plugin may discourage people from building other alternatives, or make it harder for open source encryption projects to raise funds. For example, Mailpile raised over $100,000 last year to build a new open source email client that works with any email provider, including Gmail, and has PGP encryption baked in from the beginning. But it will need more funding eventually, and Saitta worries that potential backers may not be as motivated to contribute.

Full Story: Wired: Google Renews Battle With the NSA by Open Sourcing Email Encryption Tool

Meet Briar, an Open Source “WhatsApp” for Activists

Briar diagram

My latest for Wired:

Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.

SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.

When you use messaging services like these, you’re depending on outside companies to properly encrypt your messages, store them safely, and protect them when the authorities come calling. And they may not be up to the task. The only way to ensure your messages are reasonably safe is to encrypt them yourself, using keys that no one has access to–including your messaging service provider. That way, even if hackers bust into your service provider or the authorities hit it with subpoenas, your messages are protected.

Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.

This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.

Full Story: Wired: Take Back Your Privacy With This Open Source WhatsApp

Briar is still in alpha and not ready for use for high-risk scenarios. If you’re looking for something immediately, OffTheRecord and TextSecure are worth considering, but of course nothing is perfectly secure.

The State Of Leak Sites

From Ars Technica:

WikiLeaks remains under a near financial blockade, its founder under effective house arrest after having been granted asylum in the Ecuadorian Embassy in London. The group has yet to release anything as substantial as last year’s “Detainee Policies”—Balkanleaks remains one of the few “leaking sites” still going strong. Its recent insurance-key move comes precisely out of the WikiLeaks playbook.

More than two years ago, a flurry of new WikiLeaks clones sprung up around the world inspired by the world’s most famous transparency-driven organization. They had all kinds of names: QuebecLeaks, BaltiLeaks, EnviroLeaks, and more. PirateLeaks (based in the Czech Republic), BrusselsLeaks (Belgium) and RuLeaks (Russia) all did not respond to Ars’ requests for comments. [...]

So how does Balkanleaks thrive where others haven’t?

Tchobanov, the site’s co-founder, boils it down to one word: Tor. It’s the open-source online anonymizing tool that’s become the de facto gold standard for hiding one’s tracks online. Balkanleaks provides instructions in Bulgarian, Serbian, Macedonian, and English, and the submission website is only available on its Tor-enabled server.

Full Story: Ars Technica Whither whistleblowing: Where have all the leaking sites gone?

The article goes on to detail the state of some other projects, including OpenLeaks and GlobalLeaks.

Cypherpunk Rising: WikiLeaks, Encryption, And The Coming Surveillance Dystopia

Cypherpunks

R.U. Sirius wrote:

If, in 1995, some cypherpunks had published a book about the upcoming “postmodern surveillance dystopia,” most commentators would have shrugged it off as just a wee bit paranoid and ushered them into the Philip K. Dick Reading Room. Now, it is more likely that people will shrug and say, “that ship has already sailed.”

Full Story: The Verge: Cypherpunk rising: WikiLeaks, encryption, and the coming surveillance dystopia

Quantum Encryption Becomes A Little Less Impractical

From Bob McMillan at Wired Enterprise:

Sharing encryption keys the quantum way is exciting because it promises to be an incredibly secure way of doing encryption. In quantum cryptography, the encryption key is read by measuring the polarization of the photons being sent between computers. And according to Heisenberg’s uncertainty principle, anyone listening in on the communications would have to start messing with that polarization. And that would be detectable.

Up until now, the photons used to exchange quantum keys have been built using external lasers. But this new laser-free technique would be cheaper to mass-produce, says Sven Höfling, a group leader with the applied physics department at Würzburg University. “We can make Quantum key distribution with electrically driven sources,” he says. This is really compatible with standard semiconductor technology, meaning it could be, in principle, very cheap.”

Wired Enterprise: Quantum Crypto Takes Practical Step With Photon Breakthrough

Bob also notes that this may never actually be a practical technology.

Disclosure: I work for Wired Enterprise

Dead Drops: Anonymous, Offline, Peer-to-Peer File-Sharing Network in Public Space

dead drops

‘Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space. USB flash drives are embedded into walls, buildings and curbs accessable to anybody in public space. Everyone is invited to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your favorite files and data. Each dead drop is installed empty except a readme.txt file explaining the project. ‘Dead Drops’ is open to participation. If you want to install a dead drop in your city/neighborhood follow the ‘how to’ instructions and submit the location and pictures.

Dead Drops

(via Theremina)

If only there was some way to keep these from filling up with malware, porn and spam.

Trevor Blake wrote here a few years ago:

Now is a good time to establish lines of electronic communication that are not entirely (if at all) reliant on the Internet as it currently exists. Hand delivery of a stack of media is still one of my favorites. At a certain point it the best bit-per-second value known, it has certain privacy features that can’t be beat and it requires very little technical know-how or fancy equipment or money. For all the gnostic freakout of The Matrix, the scene where a disreputable character knocks on Mr. Anderson’s door and passes him a data disc might be the most prophetic.

Learning about cryptography, fidonet and the postal system won’t do anyone any harm. Nothing beats trusted person-to-person connections established in many only-partially overlapping social / professional circles.

See also: sneaker net.

A Bitcoin-based E-Bay for Illegal Drugs

Drugs

Gawker is running an unbelievable story on website called Silk Road – an open market for mail ordering illegal drugs. And it’s only accessible through TOR:

Mark, a software developer, had ordered the 100 micrograms of acid through a listing on the online marketplace Silk Road. He found a seller with lots of good feedback who seemed to know what they were talking about, added the acid to his digital shopping cart and hit “check out.” He entered his address and paid the seller 50 Bitcoins—untraceable digital currency—worth around $150. Four days later the drugs, sent from Canada, arrived at his house.

“It kind of felt like I was in the future,” Mark said.

Gawker: The Underground Website Where You Can Buy Any Drug Imaginable

Buyer beware: TOR is not untraceable. And an update from Bitcoin’s development team indicates that Bitcoin isn’t 100% anonymous either.

For more information on how Bitcoin works, see my interview with developer Gavin Andresen.

From a comment on Facebook:

The only thing that Jeff Garzik, the Bitcoin developer, forgot to mention are the extremely useful Bitcoin Laundries. They allow you to obscure and obfuscate the origin of a Bitcoin, allowing you to effectively ‘launder’ the Bitcoin so that network analysis would be futile. And they are free, simple, and widely available. They probably “forgot” that because it would make it seem even EASIER than it already is to buy drugs online.

I would still urge caution in using this service.

Hong Kong Group Building Encrypted Bacterial Data Storage

Chinese University of Hong Kong iGem

Data encryption and storage has always been an important branch of research in computer engineering. In our project, we explored the possibility of harnessing a biological system as an alternative solution for data en/decryption and storage. Using bacteria as the information storage device is not new. However the practicability of previous research is being doubt due to the limited size of information available to be inserted into the bacteria.

We recognized the current barricades in developing a truly useful system and we forecasted the indispensable modules that one would be anticipating when putting fantasy into reality. This year, we have proposed a model that is a true, massively parallel bacterial data storage system.

In addition we have created an encryption module with the R64 Shufflon-Specific Recombinase to further secure the information. Together with the data proof-read/correction and random access modules developed, our expectation is high – we believe this could be an industrial standard in handling large scale data storage in living cells.

Team:Hong Kong-CUHK – 2010.igem.org

(via Wade)

Freenet, darknets, and the “deep web”

Installing the software takes barely a couple of minutes and requires minimal computer skills. You find the Freenet website, read a few terse instructions, and answer a few questions (“How much security do you need?” … “NORMAL: I live in a relatively free country” or “MAXIMUM: I intend to access information that could get me arrested, imprisoned, or worse”). Then you enter a previously hidden online world. In utilitarian type and bald capsule descriptions, an official Freenet index lists the hundreds of “freesites” available: “Iran News”, “Horny Kate”, “The Terrorist’s Handbook: A practical guide to explosives and other things of interests to terrorists”, “How To Spot A Pedophile [sic]“, “Freenet Warez Portal: The source for pirate copies of books, games, movies, music, software, TV series and more”, “Arson Around With Auntie: A how-to guide on arson attacks for animal rights activists”. There is material written in Russian, Spanish, Dutch, Polish and Italian. There is English-language material from America and Thailand, from Argentina and Japan. There are disconcerting blogs (“Welcome to my first Freenet site. I’m not here because of kiddie porn … [but] I might post some images of naked women”) and legally dubious political revelations. There is all the teeming life of the everyday internet, but rendered a little stranger and more intense. One of the Freenet bloggers sums up the difference: “If you’re reading this now, then you’re on the darkweb.”

Guardian: The dark side of the internet

(via Atom Jack)

I haven’t looked at Freenet in years, but it’s certain relevant to the discussion here about darknets.

Washington State House Gives Nod to Privacy Bill

“A revised version of legislation intended to protect the privacy of individuals using RFID tags with “unique personal identifier numbers” passed the Washington State House of Representatives on Wednesday. House Bill (HB) 1031-intended to limit collection of personal information from an RFID tag without the tag holder’s knowledge or consent-passed with 69 to 27 votes. The bill is now headed for the State Senate and, if approved, to the office of Governor Christine Gregoire.

[...] The revised bill would make it a Class C felony to intentionally read the data encoded to an RFID tag in possession of a person without that individual’s knowledge and consent, for the purpose of fraud, identity theft or some other illegal or unapproved purpose-a process known as “skimming.” With this bill, skimming refers to capturing personal data about a tag’s holder, such as the details on a loyalty card, driver’s license or other identity card. It does not refer to capturing data from EPC RFID tags attached to products that do not hold the consumer’s data. Class C felony in Washington State has a maximum penalty of five years in prison and a $10,000 fine. If the bill is signed into law, it would be the first legislation on the state level to make skimming a felony, says Morris.”

(via RFID Journal)

© 2014 Technoccult

Theme by Anders NorenUp ↑