rpg.pbem.online

Search

Items tagged with: encryption

Image/Photo

Why encrypt emails?


Do you want to send your digital letters as post cards? Probably not.

Sending unencrypted emails is like sending post cards – anyone and any system that process your mails can read its content. If you encrypt your emails, you put your message into an envelope that only the recipient of the email can open.

Free software. Secure. OpenSource

https://www.enigmail.net/index.php/en/

#privacy #encryption #Enigmail #email #security #PGP #surveillance
 
Image/Photo

Why encrypt emails?


Do you want to send your digital letters as post cards? Probably not.

Sending unencrypted emails is like sending post cards – anyone and any system that process your mails can read its content. If you encrypt your emails, you put your message into an envelope that only the recipient of the email can open.

Free software. Secure. OpenSource

https://www.enigmail.net/index.php/en/

#privacy #encryption #Enigmail #email #security #PGP #surveillance
 
Quote of note:

"The new Senate GOP encryption bill DOES contain backdoor mandates for device makers and comms service providers, per bill text."

Via Eric Geller

#GOP #surveillance #privacy #encryption #backdoor #fourthamendment
 
Quote of note:

"The new Senate GOP encryption bill DOES contain backdoor mandates for device makers and comms service providers, per bill text."

Via Eric Geller

#GOP #surveillance #privacy #encryption #backdoor #fourthamendment
 

Renewed Threat to the Internet Archive


Once again the Internet Archive is under threat. This time it is publishers who do not want an online public library that anyone with access to the Internet can use.

I worry about this, in particular, because the Internet Archive is now the primary repository for my software.

I think it will help to support institutions like the EFF that will fight in the legislatures and courtrooms for libraries everywhere, but I do not know what else we can do.

We can, of course, use censorship-resistant Internet overlay networks as backup repositories, and I do this by using ZeroNet and I2P, but I think it is important that the clearnet not be entirely taken away from us. The Internet Archive is also available as a Tor Onion Service, but everyone knows where its servers are, so that gives it little protection. There was talk of backing up the Archive in Canada, but government regulators in Canada do not seem less corrupted than those in the USA.

I have also heard news that Project Gutenberg, the oldest project of this type, is under threat in Europe. These two threats are connected because the Internet Archive hosts many of the public domain books in Project Gutenberg. I suppose that LibriVox will be attacked next.

I wrote recently that I think the Internet Archive, as the champion of free culture, is the right place for free software, and that public posts on this federated, free network are the right place for release notes, bug reports etc. I do not want to move to any platform controlled by a business.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography #archive #internet-archive #project-gutenberg #librivox
 

Renewed Threat to the Internet Archive


Once again the Internet Archive is under threat. This time it is publishers who do not want an online public library that anyone with access to the Internet can use.

I worry about this, in particular, because the Internet Archive is now the primary repository for my software.

I think it will help to support institutions like the EFF that will fight in the legislatures and courtrooms for libraries everywhere, but I do not know what else we can do.

We can, of course, use censorship-resistant Internet overlay networks as backup repositories, and I do this by using ZeroNet and I2P, but I think it is important that the clearnet not be entirely taken away from us. The Internet Archive is also available as a Tor Onion Service, but everyone knows where its servers are, so that gives it little protection. There was talk of backing up the Archive in Canada, but government regulators in Canada do not seem less corrupted than those in the USA.

I have also heard news that Project Gutenberg, the oldest project of this type, is under threat in Europe. These two threats are connected because the Internet Archive hosts many of the public domain books in Project Gutenberg. I suppose that LibriVox will be attacked next.

I wrote recently that I think the Internet Archive, as the champion of free culture, is the right place for free software, and that public posts on this federated, free network are the right place for release notes, bug reports etc. I do not want to move to any platform controlled by a business.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography #archive #internet-archive #project-gutenberg #librivox
 
● NEWS ● #techdirt #deletefacebook ☞ #Facebook Shareholders The Latest Group To Ask Facebook To Drop Its #Encryption Plans https://www.techdirt.com/articles/20200528/10513444596/facebook-shareholders-latest-group-to-ask-facebook-to-drop-encryption-plans.shtml perpetuates #fb lies though...
 
● NEWS ● #techdirt #deletefacebook ☞ #Facebook Shareholders The Latest Group To Ask Facebook To Drop Its #Encryption Plans https://www.techdirt.com/articles/20200528/10513444596/facebook-shareholders-latest-group-to-ask-facebook-to-drop-encryption-plans.shtml perpetuates #fb lies though...
 
#facebook does not do #e2e #encryption but an illusion of it, a lie. There are back doors.
 
#BorgBackup: #Deduplication with #compression and authenticated #encryption
The project offers single-file binaries that do not require installing anything – you can just run them on these platforms:
Linux 
Mac OS X 
FreeBSD 
OpenBSD and NetBSD (no xattrs/ACLs support or binaries yet) 
Cygwin (not supported, no binaries yet)
BorgBackup: Deduplication with compression and authenticated encryption
 
Quote of note:

“The EARN IT Bill is a Trojan horse to give Attorney General Barr and Donald Trump the power to control online speech and require government access to every aspect of Americans’ lives.” "

Tweet via https://twitter.com/RonWyden/status/1235640470015008768

Background: The Cybersecurity 202: Senate bill sparks open war over encryption

Also: Senators Hawley & Feinstein Join Graham & Blumenthal In Announcing Bill To Undermine Both Encryption And Section 230

#encryption #Section230 #SafeHarbor #surveillance #privacy #FourthAmendment #FirstAmendment
 
"Members of Congress are about to introduce a bill that will undermine the law that undergirds free speech on the Internet. If passed, the bill known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, will fulfill a long-standing dream of U.S. law enforcement. If passed, it could largely mark the end of private, encrypted messaging on the Internet."

#privacy #encryption #surveillance #FourthAmendment #technology
 
Protect our Speech and Security Online: Reject the Graham-Blumenthal Proposal

"Senators Lindsey Graham and Richard Blumenthal are quietly circulating a serious threat to your free speech and security online. Their proposal would give the Attorney General the power to unilaterally write new rules for how online platforms and services must operate in order to rely on Section 230, the most important law protecting free speech online. The AG could use this power to force tech companies to undermine our secure and private communications."

"We must stop this dangerous proposal before it sees the light of day. Please tell your members of Congress to reject the so-called EARN IT Act."

#privacy #encryption #surveillance #FourthAmendment #technology
 
#signal #encryption
 
#signal #encryption
 
"For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. That company was secretly run by the CIA, which had the ability to read all those communications for decades."

#CIA #encryption #espionage
CIA secretly owned world's top encryption supplier, read enemy and ally messages for decades
 

How worried should you be about Apple and end-to-end encryption? | IDB

A new report out today says that Apple has not implemented end to end encryption on iCloud backups at the behest of the FBI. Apple hasn’t verified the report, but it has other reasons not to encrypt iCloud backups. In the end, I don’t worry too much about the absence of end-to-end encryption in iCloud, because it’s to my benefit. Let me explain.
One reason why it might be better that Apple doesn't encrypt everything.

#technology #tech #Apple #encryption #security #privacy
How worried should you be about Apple and end-to-end encryption?
 
"Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters."

"The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information."

#Apple #surveillance #privacy #encryption #FBI
 
Derp.

Defense Department To Congress: 'No, Wait, Encryption Is Actually Good; Don't Break It'

" As Senate Judiciary Committee Chair Lindsey Graham has continued his latest quest to undermine encryption with a hearing whose sole purpose seemed to be to misleadingly argue that encryption represents a 'risk to public safety'. The Defense Department has weighed in to say that's ridiculous. As you may recall, the DOJ and the FBI have been working overtime to demonize encryption and pretend -- against nearly all evidence -- that widespread, strong encryption somehow undermines its ability to stop criminals."

"However, it appears that other parts of the government are a bit more up to date on these things. Representative Ro Khanna has forwarded a letter to Senator Graham that he received earlier this year from the Defense Department's CIO Dana Deasy, explaining just how important encryption actually is. The letter highlights how DoD employees rely on the kind of strong encryption found on mobile devices and in VPN services to protect the data of their employees, both at rest (on the devices) and in transit (across the network)."

#encryption #surveillance #privacy #cybersecurity
 
A former general counsel for the FBI seems to understand reality:

https://www.lawfareblog.com/rethinking-encryption

#encryption
 
"Justice Department officials have long pushed for some sort of backdoor to permit warranted surveillance and searches of encrypted communications. Recently, that push has been taken international with Attorney General William Barr and his counterparts from the United Kingdom and Australia making an open plea to Facebook to delay plans to use end-to-end encryption across all the company's messaging tools."

"Now, the Department of Justice and Federal Bureau of Investigations are attempting to get an even larger international consensus on banning end-to-end encryption by way of a draft resolution authored by officials at the FBI for the International Criminal Police Organization's 37th Meeting of the INTERPOL Specialists Group on Crimes against Children. The event took place from November 12 to November 15 at INTERPOL headquarters in Lyon, France."

"A draft of the resolution viewed by Ars Technica stated that INTERPOL would 'strongly urge providers of technology services to allow for lawful access to encrypted data enabled or facilitated by their systems' in the interest of fighting child sexual exploitation. Currently, it is not clear whether Interpol will ultimately issue a statement."

#encryption #privacy #surveillance
 
"The Department of Justice wants access to encrypted consumer devices, but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement."

#cybersecurity #encryption #surveillance
 

The Encryption Debate Is Over - Dead At The Hands Of Facebook who will control the Whatsapp end-to-end encryption on your device


If either user’s device is compromised, unbreakable encryption is of little relevance. This is why surveillance operations typically focus on compromising end devices, bypassing the encryption debate entirely. If a user’s cleartext keystrokes and screen captures can be streamed off their device in real-time, it matters little that they are eventually encrypted for transmission elsewhere. Facebook announced earlier this year preliminary results from its efforts to move a global mass surveillance infrastructure directly onto users’ devices where it can bypass the protections of end-to-end encryption.

In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.

The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service. This allows them to intercept your messages and pass them on to any 3rd party without you knowing.

So be very wary when you hear a vendor touting end-to-end encryption. What you want to ask is two questions:
1. Am I the only one who has the encryption/decryption key, can I use my own key?
2. If I lose my password can the vendor reset it for me so I can see my messages? If the answer is yes then the veendor has a decryption key.

You either have true user-owned end-to-end encryption or you do not. There is no half-security. You're secure or you are not secure.

See https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/

#security #facebook #encryption
The Encryption Debate Is Over - Dead At The Hands Of Facebook

Image/Photo
The sad reality of the encryption debate is that after 30 years it is finally over: dead at the hands of Facebook.
Image/Photo- - - - - -

https://gadgeteer.co.za/node/3403
 

The Encryption Debate Is Over - Dead At The Hands Of Facebook who will control the Whatsapp end-to-end encryption on your device


If either user’s device is compromised, unbreakable encryption is of little relevance. This is why surveillance operations typically focus on compromising end devices, bypassing the encryption debate entirely. If a user’s cleartext keystrokes and screen captures can be streamed off their device in real-time, it matters little that they are eventually encrypted for transmission elsewhere. Facebook announced earlier this year preliminary results from its efforts to move a global mass surveillance infrastructure directly onto users’ devices where it can bypass the protections of end-to-end encryption.

In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.

The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service. This allows them to intercept your messages and pass them on to any 3rd party without you knowing.

So be very wary when you hear a vendor touting end-to-end encryption. What you want to ask is two questions:
1. Am I the only one who has the encryption/decryption key, can I use my own key?
2. If I lose my password can the vendor reset it for me so I can see my messages? If the answer is yes then the veendor has a decryption key.

You either have true user-owned end-to-end encryption or you do not. There is no half-security. You're secure or you are not secure.

See https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/

#security #facebook #encryption
The Encryption Debate Is Over - Dead At The Hands Of Facebook

Image/Photo
The sad reality of the encryption debate is that after 30 years it is finally over: dead at the hands of Facebook.
Image/Photo- - - - - -

https://gadgeteer.co.za/node/3403
 
Personally, I don't use WhatsApp, primarily because it is owned by Facebook (who I don't trust), but also because of this.

'Five Eyes' nations discuss backdoor access to WhatsApp

"British, American and other intelligence agencies from English-speaking countries have concluded a two-day meeting in London amid calls for spies and police officers to be given special, backdoor access to WhatsApp and other encrypted communications."

"The meeting of the 'Five Eyes' nations – the UK, US, Australia, Canada and New Zealand – was hosted by new home secretary, Priti Patel, in an effort to coordinate efforts to combat terrorism and child abuse."

"Dealing with the challenge faced by increasingly effective encryption was one of the main topics at the summit, officials said, at a time when technology companies want to make their services more secure after a range of security breaches."

"The meetings, however, were held in private with no agenda being made public, making it difficult to conclude exactly what had been discussed by the ministers, officials and intelligence agencies from the countries involved."

#WhatsApp #encryption #subversion #cybersecurity #privacy #surveillance
 
I work in mobile app development and the technology out there to spy on you is pretty insane. There is a whole industry for snooping and reselling data. Here are some examples.

There are several SDKs (software development kits) that offer fingerprinting identity services. Meaning, when someone opens your app, it checks their device ID, IP address, GPS location, email address, etc. and makes a match to an identity. You then use this SDK to track their behavior in your app, such as purchases, interests, demographics, preferences, etc. This data is stored along with all the other apps that use the SDK. Now as an upsell, I can buy all of your behavior data from every other app that uses the same service. From the moment you install the app I know everything about you.

There are SDKs that don’t even offer a service, they just straight up pay the app maker to let their agent sit and collect data and send it up to their servers. Mostly location data.

My favorite is there’s an SDK that actually records the screen while you use the app, and the video gets sent up to the server for the app maker to see how you use their app in real time. It also tracks all of your views, swipes, and button presses tied to the video for analytics.

Basically, you should assume that every moment you are using an internet connected device, you are being observed, scrutinized, and analyzed so that someone can sell you more shit.

They are really good at this, and getting better every year. You think Facebook is listening to your microphone to serve you ads at the moment you are discussing a product? They don’t need to. They know you that well.

Edit: A lot of people are asking for specific examples of this monitoring tech. There are a ton of small players. So an example of location tracking is Tamoco. An example of behavior tracking is Branch.io (they don't advertise the data mining, but it's a back-end deal). And session monitoring is AppSee or HotJar. There are many more that I haven't heard of.

There are a ton of data resellers out there. They're typically small startups who buy and sell data, and they compete on having the most comprehensive and clean data sets. We get approached by a data reseller maybe once a month, either trying to buy our data or sell us data.

Edit: A lot of people are flippant about this idea because you "don't click on ads" or you "don't buy anything". There are people who aren't interested in just selling you products. How about voting for a particular political candidate, or for/against a ballot measure? How about selling you a particular world view? Propaganda is just like advertising, they're just selling you an idea instead of a product.
#android #ios #programming #development #app #apps #phone #smartphone #sdk #hotjar #facebook #appsee #branch.io #tamoco #surveillance #privacy #encryption
 
I agree with Ron Wyden.

US attorney general William Barr says Americans should accept security risks of encryption backdoors

"In a rebuttal, Sen. Ron Wyden (D-OR) said the attorney general’s remarks were 'outrageous, wrongheaded and dangerous'."

"'If we give this attorney general and this president the unprecedented power to break encryption across the board burrow into the most intimate details of every American’s life – they will abuse those powers', the senator said."

#encryption #surveillance #privacy #fourthamendment
US attorney general William Barr says Americans should accept security risks of encryption backdoors
 
Quote of the day:

"It's been said before, but this is not a debate. There is no debate. There is no "on the one hand, on the other hand." There is no "privacy v. security." This is "no privacy and weakened security v. actual privacy and actual security." There's literally no debate to be had here. If you understand the issues, encryption is essential, and any effort to take away end-to-end encryption is outlawing technology that keeps everyone safe."

Via Here We Go Again: Trump Administration Considers Outlawing Encryption

#encryption #privacy #cybersecurity #surveillance
 

White House weighs encryption crackdown


HN Discussion: https://news.ycombinator.com/item?id=20305176
Posted by traderjane (karma: 406)
Post stats: Points: 115 - Comments: 137 - 2019-06-28T15:19:15Z

\#HackerNews #crackdown #encryption #house #weighs #white
HackerNewsBot debug: Calculated post rank: 122 - Loop: 112 - Rank min: 100 - Author rank: 63
 
"Tech giants, civil society groups and Ivy League security experts have condemned a proposal from Britain’s eavesdropping agency as a 'serious threat' to digital security and fundamental human rights."

"In an open letter to GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp have jointly urged the U.K. cybersecurity agency to abandon its plans for a so-called 'ghost protocol'."

"It comes after intelligence officials at GCHQ proposed a way in which they believed law enforcement could access end-to-end encrypted communications without undermining the privacy, security or confidence of other users."

#UK #cybersecurity #surveillance #privacy #humanrights #encryption
 

It is unlikely that built-in email encryption will ever be available in Gmail


Gmail once promised that it will become end-to-end encrypted by default. Unfortunately, this is not going to happen. While it is possible to encrypt certain emails in Gmail with PGP, Google can still…
Article word count: 683

HN Discussion: https://news.ycombinator.com/item?id=19440336
Posted by wil_I_am_27 (karma: 311)
Post stats: Points: 129 - Comments: 42 - 2019-03-20T09:23:14Z

\#HackerNews #available #built-in #email #encryption #ever #gmail #that #unlikely #will
Article content:




Two years ago, [1]Google has silently handed the project E2EMail which was started to enable easy end-to-end encryption in Gmail via a browser extension to "the open source community". Since then the [2]GitHub project is literally dead.

Three years earlier, Google had announced that they are building an end-to-end encrypted Chrome plugin to automatically encrypt emails between Gmail users.

Promise to add email encryption tool to Gmail was marketing move

Five years later, we can conclude that promising easy email encryption in Gmail to millions of users was only a marketing move after the Snowden revelations in 2013. While the E2EMail project would have been a great tool for millions of people to automatically adapt end-to-end encryption, it has been buried by Google when they did not see its marketing benefits anymore.

"The real message is that they’re not actively developing this as a Google project anymore,” said cryptography expert Matthew Green [3]to Wired. "It’s definitely a bit of a disappointment, given how much hype Google generated around this project at one point, to see that they’re not pursuing this as a core feature of Gmail," Green says.

Making email encryption easy is hard

Google officially said that they had not abandoned their move towards encryption. However, they explained that developing easy email encryption is much harder than one might think.

It is difficult to make encrypted emails interoperable with different clients as well as to design the key exchange in an easy-to-use fashion. Issues that are already known to any PGP user, and that didnʼt disappear when Google wanted to add a PGP-based plugin to Chrome.

Nevertheless, ending a project that would have brought end-to-end encrypted emails to Gmail users around the world shows where Googleʼs real interests are: Not in protecting their usersʼ private data, but in harvesting it for their own benefit.

No automatic email encryption in Gmail

Google leaves the question on how to encrypt an email to the user. However, adding an option for email encryption to Gmail remains as complicated as with any other email service: Users need to enable PGP support in their email clients, must generate and mange their own keys and make sure that these keys are kept safe on their devices. Even then, mobile email encryption is basically impossible.

Google wants to leave the final decision about whether or not to make use of encryption to the user, but cryptography expert [4]Matthew Green criticizes this harshly via Twitter, calling it a "self-serving decision":
Google in 2007: HTTPS? That should be the userʼs choice. 

 Google in 2017: End-to-end encryption? Really ought to be the userʼs choice.

While easy email encryption is a must to make sure no-one can read your personal information, this option will never become available to Gmail users.

The more people use email encryption, the better

We at Tutanota are disappointed that E2EMail is dead. We believe in our right to privacy and fight for it with automatic email encryption ourselves. If Gmail had adopted automatic end-to-end encryption, this would have made a huge difference to todayʼs level of security online. It would have made the Internet so much more secure to millions of users and would have made illegal mass surveillance online impossible.

Unfortunately, Googleʼs move to abandon E2EMail shows us once again that we should not trust large organizations with our private information. Maybe it was illusional from the start to believe that a company so focused on mining user data and posting targeted ads would suddenly start protecting its usersʼ right to privacy with built-in end-to-end encryption in Gmail.

If we want to really protect our privacy, we have to take matters into our own hands. And this is exactly what we have been doing at Tutanota these past couple of years: Building easy-to-use end-to-end encrypted email, free for anyone. In Tutanota your entire mailbox is encrypted so that no-one - not even our developers - can read your personal emails.

Stop waiting for Google, [5]start using encrypted mail now!

If you want to take back your privacy completely, read our recommendations on [6]how to leave Google behind.

References

Visible links
1. https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html
2. https://github.com/e2email-org/e2email
3. https://www.wired.com/2017/02/3-years-gmails-end-end-encryption-still-vapor
4. https://twitter.com/matthew_d_green/status/836657565794721792/photo/1
5. https://mail.tutanota.com/signup
6. https://tutanota.com/blog/posts/how-to-leave-google-gmail

HackerNewsBot debug: Calculated post rank: 100 - Loop: 100 - Rank min: 100 - Author rank: 44
 
Later posts Earlier posts