Tag Archive: Encryption


With This Tiny Box, You Can Anonymize Everything You Do Online

 

 

 

 

 

 

” No tool in existence protects your anonymity on the Web better than the software Tor, which encrypts Internet traffic and bounces it through random computers around the world. But for guarding anything other than Web browsing, Tor has required a mixture of finicky technical setup and software tweaks. Now routing all your traffic through Tor may be as simple as putting a portable hardware condom on your ethernet cable.

  Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the user’s IP address and skirting censorship. It’s also small enough to hide two in a pack of cigarettes. Anonabox’s tiny size means users can carry the device with them anywhere, plugging it into an office ethernet cable to do sensitive work or in a cybercafe in China to evade the Great Firewall. The result, if Anonabox fulfills its security promises, is that it could become significantly easier to anonymize all your traffic with Tor—not just Web browsing, but email, instant messaging, filesharing and all the other miscellaneous digital exhaust that your computer leaves behind online.

 

Wired has more

 

 

 

 

 

 

 

 

 

 

 

 

FBI Not Happy With Apple & Google’s Encryption Policy

 

 

 

 

” Users might have praised the technology companies for efforts to encrypt their latest devices that would prevent law enforcement agencies’ hands on users’ private data, but the FBI is not at all happy with Apple and Google right now.
 
  The Federal Bureau of Investigation director, James Comey, said Thursday he was “very concerned” over Apple and Google using stronger or full encryption in their Smartphones and Tablets that makes it impossible for law enforcement to collar criminals.
  According to Comey, the Silicon Valley tech giants are “marketing something expressly to allow people to place themselves above the law.”

There will come a day – well it comes every day in this business – when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper’s or a terrorist or a criminal’s device,” Comey told reporters.

I just want to make sure we have a good conversation in this country before that day comes. I’d hate to have people look at me and say, ‘Well how come you can’t save this kid,’ ‘How come you can’t do this thing.’” “

Hacker News

Apple Will No Longer Unlock Most iPhones, iPads For Police, Even With Search Warrants

 

 

 

 

 

 

 

” Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.

  The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.

  The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails and recordings. Apple once maintained the ability to unlock some content on devices for legally binding police requests but will no longer do so for iOS 8, it said in the new privacy policy.

“ Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its Web site. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.” “

 

Washington Post

 

 

 

 

 

 

 

 

 

How To Protect Yourself From The Heartbleed Bug

” An encryption flaw called the Heartbleed bug that has exposed a collection of popular websites — from Airbnb and Yahoo to NASA and OKCupid — could be one of the biggest security threats the Internet has ever seen. If you have logged into any of the affected sites over the past two years, your account information could be compromised, allowing cybercriminals to snap up your credit card information or steal your passwords.

  You’re likely either affected directly or indirectly by the bug, which was found by a member of Google‘s security team and a software firm named Codenomicon. The bad news: There’s not a lot you can do about it now. It’s the responsibility of Internet companies to update their servers to deal with Heartbleed, and once they do, you can take action (see below).

The issue involves network software called OpenSSL, which is an open-source set of libraries for encrypting online services. Secure websites — with “https” in the URL (“s” stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. In theory, a cybercriminal could have exploited Heartbleed by making network requests that could piece together your sensitive data. The good news: There isn’t any indication that a hacker caught wind of this; it seems the researchers were the first to locate the problem.”

Read more at Mashable and learn how to save your data

The Newest Privacy Technology In A Cell Phone

 

 

 

 

Encrypted Android Phone Is Only The Beginning For Blackphone And Silent Circle

 

blackphone

 

” Blackphone, the Swiss start-up that’s launching a smartphone with encrypted communications, is planning a series of devices around the same idea, one of the company’s co-founders said on Monday.

“ It’s not the only device we will ever do,” said Jon Callas during an interview at the Mobile World Congress expo in Barcelona. “There’ll be other security and privacy-enhanced mobile devices.”

  The Blackphone handset, which is being unveiled at the event, goes on sale in June for $629. It looks like a typical Android smartphone and is based on a security-hardened version of the OS called “PrivatOS.” Standard applications include secure calling and text messaging, encrypted file transfer and video chat.”

 

PCWorld has more

 

 

 

 

 

 

NSA Seeks To Build Quantum Computer That Could Crack Most Types Of Encryption

 

 

” In room-size metal boxes ­secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world.

  According to documents provided by former NSA contractor Edward Snowden, the effort to build “a cryptologically useful quantum computer” — a machine exponentially faster than classical computers — is part of a $79.7 million research program titled “Penetrating Hard Targets.” Much of the work is hosted under classified contracts at a laboratory in College Park, Md.”

 

 

Washington Post has the story

 

 

 

 

 

 

 

 

Twitter Takes Steps To Frustrate NSA, Other Government Snoops

 

 

Up Yours NSA

 

 

” Twitter announced Friday that it’s joining other tech companies in implementing “perfect forward secrecy.” While many online services already encrypt user communications and other data, this form of encryption ensures that snoops—we’re looking at you, National Security Agency—who break through the encryption get access to only a snippet of data, rather than everything belonging to a user. Even where a warrant is involved, perfect forward secrecy has the potential to limit intrusions, rather than acting as an open-ended skeleton key.

The Electronic Frontier Foundation’s Parker Higgins describes how perfect forward secrecy works:

 How can perfect forward secrecy help protect user privacy against that kind of threat? In order to understand that, it’s helpful to have a basic idea of how HTTPS works in general. Every Web server that uses HTTPS has its own secret key that it uses to encrypt data that it sends to users. Specifically, it uses that secret key to generate a new “session key” that only the server and the browser know. Without that secret key, the traffic traveling back and forth between the user and the server is incomprehensible, to the NSA and to any other eavesdroppers.”

 

 

 

 

 

 

 

 

EFF Has Lavabit’s Back In Contempt Of Court Appeal

 

 

 

” For nearly two decades, secure Internet communication has relied on HTTPS, a encryption system in which there are two keys: A public key that anyone can use to encrypt communications to a service provider, and a private key that only the service provide can use to decrypt the messages.

In July, the Department of Justice demanded Lavabit’s private key—first with a subpoena, then with a search warrant. Although the government was investigating a single user, having access to the private key means the government would have the power to read all of Lavabit’s customers’ communications. The target of the investigation has not been named, but journalists have noted that the requests came shortly after reports that NSA whistleblower Edward Snowden used a Lavabit email account to communicate.

“Obtaining a warrant for a service’s private key is no different than obtaining a warrant to search all the houses in a city to find the papers of one suspect,” EFF Senior Staff Attorney Jennifer Lynch said. “This case represents an unprecedented use of subpoena power, with the government claiming it can compel a disclosure that would, in one fell swoop, expose the communications of every single one of Lavabit’s users to government scrutiny.” “

 

 

 

 

 

 

 

Growing Backlash To Government Surveillance

 

 

 

 

” From Silicon Valley to the South Pacific, counterattacks to revelations of widespread National Security Agency surveillance are taking shape, from a surge of new encrypted email programs to technology that sprinkles the Internet with red flag terms to confuse would-be snoops.”

 

 

 

 

” Policy makers, privacy advocates and political leaders around the world have been outraged at the near weekly disclosures from former intelligence contractor Edward Snowden that expose sweeping U.S. government surveillance programs.”

 

 

 

 

” “Until this summer, people didn’t know anything about the NSA,” said Center for International Security and Cooperation at Stanford University co-director Amy Zegart. “Their own secrecy has come back to bite them.”

Activists are fighting back with high-tech civil disobedience, entrepreneurs want to cash in on privacy concerns, Internet users want to keep snoops out of their computers and lawmakers want to establish stricter parameters.”

 

 

 

 

 

 

 

 

 

Security Hardware For The Masses

 

 

 

” Securing your computer and phone are something that is increasingly important, especially in light of all of the stories about privacy intrusions we’ve been discussing the past few months. For the most part, the average person has tended to rely on software-based security offerings, rather than hardware. While company may invest in hardware solutions, that’s always seemed to be a bit too much for the average consumer. However, perhaps that’s changing. This week’s awesome stuff covers three crowdfunding campaigns, looking to build different types of secure hardware for the mass market.

  • First up, we’ve got the amusingly named, Don’t Snoop Me Bro (or DMSB for short). It’s a VPN in a box. You hook it up to your network and turn the key (literally, it has a physical key) and it turns on a VPN tunnel via a VPN service routing your data through another country. These guys sent me a prototype to check out, and it looks interesting (though won’t work with my network setup). They’re still deciding what VPN service provider it will use, and it seems like that’s something that could make a difference in terms of overall usefulness. Of course, you can already pay for a VPN service that just runs on your computer (I’ve got a couple), but the DSMB guys properly note that those aren’t always the most user friendly and they only secure the one device, rather than the entire network (of course, they also work outside of your home/office). Still, if you’re looking to VPN tunnel your home network, this is an interesting project to check out:

FOX NEWS: Keeping Private Stuff Private

Published on Jun 19, 2013

” Technology to the rescue! A look at one new way to thwart government snoops.

http://www.LibertyPen.com

 

 

 

 

 

 

Or At Least Make It More Difficult

 

 

 

 

 

Assuming that your data is being watched, what might you do to hide it?

 

First, consider not putting so much stuff out there in the first place. Wuergler devised a program he calls Stalker that can siphon off nearly all of your digital information to put together an amazingly complete portrait of your life and pretty much find out where you are at all times. Use Facebook if you must, but realize you’re making it easy for the government to track and find you when they choose to do so.

A second step toward increased privacy is to use a browser like DuckDuckGo, which does not collect the sort of information—say, your IP address—that can identify you with your Internet searches. Thus, if the government bangs on their doors to find out what you’ve been up to, DuckDuckGo has nothing to hand over. I have decided to make DuckDuckGo my default for general browsing, turning to Google only for items such as breaking news and scholarly articles. (Presumably, the NSA would be able to tap into my searches on DuckDuckGo in real time.)

Third, TOR offers free software and a network of relays that can shield your location from prying eyes. TOR operates by bouncing your emails and files around the Internet through encrypted relays. Anyone intercepting your message once it exits a TOR relay cannot trace it back to your computer and your physical location. TOR is used by dissidents and journalists around the world. On the downside, in my experience it operates more slowly than, say, Google.” 

 

 

 

 

 

 

 

 

 

 

5 WAYS TO THWART THE NSA AND GOV’T FROM SPYING ON YOU

 

 

 

 

” Those concerned about their communication privacy — be it over the phone or on the Web — may then be wondering: Is there anything to be done? Is full privacy even possible?

We went searching and found a few answers. Here are a few tips:

1. Go off the grid:

2. Keep your browsing quiet:

3. Encrypt. Encrypt. Encrypt:

4. Secure phone conversations:

5. Avoid cellphone tracking:

Is full privacy even possible?

Tech experts say even some encryption services have left backdoors for law enforcement purposes. And Smith said completely preventing metadata being collected from phone communications isn’t entirely possible either. The tips mentioned above are just a few ideas to increase privacy.

Zaborszky said unless one isolates oneself from how the rest of society uses technology, it’s not possible to avoid all snooping.

“But it is important to know that it’s not the technical side of things that is the weak link, but the legal side and the fact that most of these companies are based in the USA and are bound by US laws,” he noted.”

    Each of the headings is filled with tips , links to useful software sites , videos and further elaboration on minimizing your web presence . Well worth the read .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

—-

Meet The Groundbreaking New Encryption App Set To Revolutionize Privacy And Freak Out The Feds.

” For the past few months, some of the world’s leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they’ve decided it’s time to tell all.

Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button. (For now, it’s just being released for iPhones and iPads, though Android versions should come soon.) That means photographs, videos, spreadsheets, you name it—sent scrambled from one person to another in a matter of seconds.

“This has never been done before,” boasts Mike Janke, Silent Circle’s CEO. “It’s going to revolutionize the ease of privacy and security.”

Just in time for the revolution … truly secure comms

HT/Instapundit