close
  • Sc chevron_right

    Signal Adds Cryptocurrency Support

    news.movim.eu / Schneier · Wednesday, 14 April - 21:56 · 2 minutes

According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.”

Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations. “There’s a palpable difference in the feeling of what it’s like to communicate over Signal, knowing you’re not being watched or listened to, versus other communication platforms,” Marlinspike told WIRED in an interview. “I would like to get to a world where not only can you feel that when you talk to your therapist over Signal, but also when you pay your therapist for the session over Signal.”

I think this is an incredibly bad idea. It’s not just the bloating of what was a clean secure communications app. It’s not just that blockchain is just plain stupid . It’s not even that Signal is choosing to tie itself to a specific blockchain currency. It’s that adding a cryptocurrency to an end-to-end encrypted app muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI.

And I see no good reason to do this. Secure communications and secure transactions can be separate apps, even separate apps from the same organization. End-to-end encryption is already at risk. Signal is the best app we have out there. Combining it with a cryptocurrency means that the whole system dies if any part dies.

EDITED TO ADD: Commentary from Stephen Deihl:

I think I speak for many technologists when I say that any bolted-on cryptocurrency monetization scheme smells like a giant pile of rubbish and feels enormously user-exploitative. We’ve seen this before, after all Telegram tried the same thing in an ICO that imploded when SEC shut them down, and Facebook famously tried and failed to monetize WhatsApp through their decentralized-but-not-really digital money market fund project.

[…]

Signal is a still a great piece of software. Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. Don’t become a dodgy money transmitter business. This is not the way.

EDITED TO ADD (4/14): Moxie Marlinspike is on the advisory board for MobileCoin, which was designed for the purpose of providing a payment function in Signal.

  • Ga chevron_right

    VeraCrypt offers open source file-encryption with cross-platform capabilities

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Monday, 12 April - 17:04

TrueCrypt eventually closed down, but a replacement project called VeraCrypt quickly sprang up to fill the void. VeraCrypt is based on TrueCrypt 7.1a and features many improvements over the original (including significant algorithm changes for standard encrypted volumes and boot volumes). With VeraCrypt 1.12 and later versions, you can use custom iterations for increased encryption security. Better yet, VeraCrypt can load old TrueCrypt volumes, so if you were a TrueCrypt user, it's easy to transfer them over to VeraCrypt.

Back in the day when we had clients or officials travelling overseas into the then 'Communist' countries I'd recommend they use Truecrypt on a USB key to protect their data. Today we have VeraCrypt, wihich is a big improvement for the reasons stated in the article below. It is a cross-platform product that will work on most storage mediums and provide security and privacy.

The article below gives an overview of how to get going but I don't think it covered the hidden volume feature which is amazing, and helps if you are forced to give up a password.

See https://opensource.com/article/21/4/open-source-encryption

#technology #privacy #encryption #security #opensource #veracrypt

  • Encrypt your files with this open source software

    Many years ago, there was encryption software called TrueCrypt. Its source code was available, although there were no major claims that anyone had ever audited or contributed to it. Its author was (and remains to this day) anonymous. Still, it was cross-platform, easy to use, and really, really useful.

  • favorite

    1 Like

    ericbuijs

  • Ar chevron_right

    OpenSSL fixes high-severity flaw that allows hackers to crash servers

    news.movim.eu / ArsTechnica · Thursday, 25 March - 22:01

Stylized image of a floating padlock.

Enlarge (credit: Getty Images )

OpenSSL, the most widely software library for implementing website and email encryption, has patched a high-severity vulnerability that makes it easy for hackers to completely shut down huge numbers of servers.

OpenSSL provides time-tested cryptographic functions that implement the Transport Layer Security protocol, the predecessor to Secure Sockets Layer that encrypts data flowing between Internet servers and end-user clients. People developing applications that use TLS rely on OpenSSL to save time and avoid programming errors that are common when noncryptographers build applications that use complex encryption.

The crucial role OpenSSL plays in Internet security came into full view in 2014 when hackers began exploiting a critical vulnerability in the open-source code library that let them steal encryption keys, customer information, and other sensitive data from servers all over the world. Heartbleed, as the security flaw was called, demonstrated how a couple lines of faulty code could topple the security of banks, news sites, law firms, and more.

Read 9 remaining paragraphs | Comments

index?i=8Q-VZKCh1eE:CeXHw3AnsQQ:V_sGLiPBpWUindex?i=8Q-VZKCh1eE:CeXHw3AnsQQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Sale of encrypted phones to drug traffickers violated RICO, US alleges

    news.movim.eu / ArsTechnica · Monday, 15 March - 18:46

A man

Enlarge (credit: Getty Images | Tevarak Phanduang | EyeEm )

A US grand jury has indicted the CEO of a Canadian company that sells encrypted phones, alleging that he and an associate violated racketeering and drug laws. On Friday, the federal grand jury "returned an indictment against the Chief Executive Officer and an associate of the Canada-based firm Sky Global on charges that they knowingly and intentionally participated in a criminal enterprise that facilitated the transnational importation and distribution of narcotics through the sale and service of encrypted communications devices," the Department of Justice said in a press release .

Sky Global CEO Jean-Francois Eap and Thomas Herdman, a former distributor of Sky Global devices, were charged with a conspiracy to violate the Racketeer Influenced and Corrupt Organizations Act (RICO), a law designed to punish organized crime. They were also charged with a conspiracy to distribute illegal drugs and aiding and abetting. The racketeering and drug counts each carry maximum penalties of life in prison, the DOJ said. The US is seeking criminal convictions and forfeiture of "at least $100,000,000" worth of assets.

The indictment is available in this Motherboard article .

Read 12 remaining paragraphs | Comments

index?i=NKC7Xslk-us:0SvxC-hqHFo:V_sGLiPBpWUindex?i=NKC7Xslk-us:0SvxC-hqHFo:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Be chevron_right

    Year of the OX: OpenPGP for XMPP

    debacle · pubsub.movim.eu / berlin-xmpp-meetup · Monday, 1 February - 02:02 edit

In February 2021, this month, starts the year of the ox. At Berlin XMPP meetup, we will celebrate the new year with an introductionary talk about "XEP-0373: OpenPGP for XMPP" and "XEP-0374: OpenPGP for XMPP Instant Messaging" and the panel of experts:

  • DebXWoody (implementor of OX in Profanity)
  • defanor (implementor of OX in rexmpp)
  • Florian (co-author of the OX standards)
  • lovetox (implementor of OX for Gajim)
  • Paul (implementor of OX in Smack)

When? Wednesday, 2021-02-10 18:00 CET (always 2ⁿᵈ Wednesday of every month)

Where? Online, via our MUC (xmpp:berlin-meetup@conference.conversations.im?join). A Jitsi video conference will be announced there.

See you then!

#yearoftheox #openpgp #xmpp #ox #jabber #encryption #e2ee #privacy #omemo #🐂️ #berlin #meetup #community #profanity #rexmpp #gajim #smack

  • favorite

    3 Like

    DebXWoody , ed00 , Holger Weiß

  • Ga chevron_right

    How law enforcement gets around your smartphone’s encryption: Openings provided by iOS and Android security are there for those with the right tools

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Saturday, 16 January - 13:04

It's ironic that it's still unpatched vulnerabilities that catch users and corporations out. And we've seen these on an ongoing basis even with the likes of Cisco, Microsoft, and all the big names. These known exploits lie unpatched often for very long periods as end users and admins don't run patch updates.

Mobile phones are probably worse as they stop receiving updates after relatively short periods of 2 years or more. So even shutting down your phone after each time you use it, the chances are you are not getting all the security patches and updates you should be receiving. Average users just have to go with what they've got, and it all depends on the state of your data at rest on the phone after it is unlocked and in use. Most users want speed and convenience and those are at odds with greater security.

See https://arstechnica.com/information-technology/2021/01/how-law-enforcement-gets-around-your-smartphones-encryption/

#technology #encryption #security #privacy #mobile

  • Ar chevron_right

    How law enforcement gets around your smartphone’s encryption

    news.movim.eu / ArsTechnica · Friday, 15 January - 17:54 · 1 minute

Uberwachung, Symbolbild, Datensicherheit, Datenhoheit

Enlarge / Uberwachung, Symbolbild, Datensicherheit, Datenhoheit (credit: Westend61 | Getty Images)

Lawmakers and law enforcement agencies around the world, including in the United States , have increasingly called for backdoors in the encryption schemes that protect your data , arguing that national security is at stake . But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade's worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools. The researchers have dug into the current mobile privacy state of affairs and provided technical recommendations for how the two major mobile operating systems can continue to improve their protections.

“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research. “Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”

Read 19 remaining paragraphs | Comments

index?i=BL12mfP-nC8:eVi6ShRu6C0:V_sGLiPBpWUindex?i=BL12mfP-nC8:eVi6ShRu6C0:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    WhatsApp users must share their data with Facebook or stop using the app

    news.movim.eu / ArsTechnica · Wednesday, 6 January - 20:29

In this photo illustration a Whatsapp logo seen displayed on

Enlarge (credit: Getty Images )

WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.

The requirement is being delivered through an in-app alert directing users to agree to sweeping changes in the WhatsApp terms of service. Those who don’t accept the revamped privacy policy by February 8 will no longer be able to use the app.

Image-from-iOS-640x1386.png

Share and share alike

Shortly after Facebook acquired WhatsApp for $19 billion in 2014, its developers built state-of-the-art end-to-end encryption into the messaging app. The move was seen as a victory for privacy advocates because it used the Signal Protocol, an open source encryption scheme whose source code has been reviewed and audited by scores of independent security experts.

Read 8 remaining paragraphs | Comments

index?i=qdQ4vxp-l4Q:_1rRNTcb1ps:V_sGLiPBpWUindex?i=qdQ4vxp-l4Q:_1rRNTcb1ps:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA