ProtonMail, a Swiss company that provides an end-to-end encryption email service, today announced the beta launch of ProtonCalendar.
encryption
Defense Department: We Need That Encryption You Want to Break
Everyone from the Department of Justice, the FBI, and politicians like Senator Lindsey Graham are attacking encryption, calling for backdoors for the “public good.” But people who understand security are cautioning against such a move. This week Representative Ro Khanna forwarded a letter to Lindsay Graham from the Defense Department’s Chief Information Officer Dana Deasy.
As the use of mobile devices continues to expand, it is imperative that innovative security techniques, such as advanced encryption algorithms, are constantly maintained and improved to protect DoD information and resources. The Department believes maintaining a domestic climate for state of the art security and encryption is critical to the protection of our national security.
Encryption on iOS, Apple's Fan Allergy – TMO Daily Observations 2019-12-12
John Martellaro and Charlotte Henry join host Kelly Guimont to discuss an iOS security kerfuffle, and Apple’s known allergy to computer fans.
Senator Lindsey Graham to ‘Impose His Will’ on Encryption Backdoors
Apple and Facebook representatives met with lawmakers today where senators pushed for the companies to compromise their users’ security by including encryption backdoors. In particular, Sen. Lindsey Graham said:
My advice to you is to get on with it. Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.
“Encryption backdoors for thee, but not for me.”
DuckDuckGo Smarter Encryption will Serve You HTTPS Sites
The DuckDuckGo Smarter Encryption feature will automatically give you the encrypted HTTPS version of websites as they are available.
It’s available on DuckDuckGo’s mobile browser for Android and iOS, and through the company’s desktop browser extension for Firefox and Chrome. DuckDuckGo is also open sourcing the code behind the feature so other sites and platforms can adopt it as well. First up? Pinterest.
I especially like how they’re open-sourcing it for others to use.
FBI Draft Resolution Calls for End-to-End Encryption Ban
An FBI draft resolution for Interpol calls for a ban on end-to-end encryption. It’s for Interpol’s 37th Meeting of the INTERPOL Specialists Group on Crimes Against Children.
A draft of the resolution viewed by Ars Technica stated that INTERPOL would “strongly urge providers of technology services to allow for lawful access to encrypted data enabled or facilitated by their systems” in the interest of fighting child sexual exploitation. Currently, it is not clear whether Interpol will ultimately issue a statement.
Remember when I mentioned the Four Horses of the Infocalypse? Terrorists, drug dealers, pedophiles, and organized crime. Four fears to use as a way to push their agenda. I know it’s a delicate issue. These groups are definitely ones that the majority of society would want to stop. But removing end-to-end encryption for everyone isn’t the way to do that.
macOS Mail Stores Encrypted Emails in Plain Text
IT specialist Bob Gendler found that macOS Mail was storing encrypted emails in plain text. He first notified Apple on July 29, but only got a temporary fix from the company 99 days later on November 5.
The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it *still* stores unencrypted messages in this database!
Mr. Gendler shard a fix in his blog post.
Encryption (Stance) Evolution, AirPods Pro – TMO Daily Observations 2019-10-28
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss former FBI counsel Jim Baker’s stance on encryption and new AirPods Pro.
New Messaging Standard RCS Won't Have Encryption
Everyone is talking about a new messaging standard the Big Four carriers have agreed upon. It’s called RCS and it’s meant to replace SMS. But your RCS conversations won’t be end-to-end encrypted.
The CCMI neatly fixes both the first and the second problem. Garland says the carriers believe there are some implementation issues with the Universal Profile that the CCMI can address more elegantly, but it will follow the standard to ensure interoperability.
As for encryption, Garland wouldn’t commit. He emphasizes that the CCMI intends to make sure that the chats are “private” and that the app it’s making is “an experience [customers] can trust.”
Having Apple join the project would certainly legitimize RCS, but if it doesn’t have encryption I don’t think Apple will partake.
Comcast Lobbies to Keep Spying on Your Browsing History
A leak shows that Comcast is lobbying against plans to encrypt web traffic that would make it harder to collect your browsing history.
Encryption Hasn't Stopped the FBI From Fighting Child Porn
Despite arguments from governments that encryption would hinder their ability to fight criminals, this clearly isn’t the case. In a recent example one of the biggest child porn sites on the dark web was recently taken down.
No backdoors were needed to track down the owner of the server or hundreds of the site’s visitors. For that matter, the FBI didn’t even need a warrant. The FBI did not deploy its infamous NIT (Network Investigative Technique) to track down site users. The flaw was the payment system linked to the site. Users may have thought their Bitcoin transactions couldn’t be traced back to them, but they were wrong.
The Four Horsemen of the Infocalypse: Terrorists, pedophiles, drug dealers, organized crime.
Governments Urge Facebook to Give Backdoor to End-to-End Encryption
The U.S and UK governments signed a major data access agreement and urged Facebook to provide a backdoor to end-to-end encryption.
Securely Store and Access Your Files with E2E Encrypted Cloud Storage: $99
We have a deal on a 1-year subscription to MEGA Cloud Storage PRO, a cloud storage platform using end-to-end encryption. The service encrypts what you upload before you upload it—and, you control the keys. You can store, access or share your files from within your web browser, or through dedicated Android, iOS, or Windows Phone apps. Our deal has three levels of storage, starting with 1TB at $99 per year.
Facebook Plans Don't Include End-to-End Encryption
Unsurprisingly, Facebook’s messaging apps won’t have true end-to-end encryption, with messages scanned before being encrypted.
In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.
The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service.
Unlike Forbes‘ clickbait headline, the “encryption debate” certainly isn’t over or dead. Now it’s about trying to convince the government that encryption backdoors don’t work. There are also plenty of Facebook alternatives.
William Barr Wants You to Accept Encryption Backdoor Security Risks
U.S. Attorney General William Barr suggested that Americans should just accept encryption backdoor security risks (via TechCrunch). Encryption Backdoor Risks In a speech today, William Barr called on tech companies to help the federal government to access devices with a lawful order. In other words, ignore the security risks and put a backdoor into their…
Trump Administration Talking About Banning Encryption
Politico reports that the Trump administration is in talks about banning encryption, or at least certain forms of it that law enforcement can’t crack.
The encryption challenge, which the government calls “going dark,” was the focus of a National Security Council meeting Wednesday morning that included the No. 2 officials from several key agencies, according to three people familiar with the matter…Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it…
Great. I can’t wait for Russia and China to intercept all of our insecure communications.
Security 101: What is a Threat Model, and How Do I Create One?
If you hang around privacy or security forums long enough, you’ll eventually come across the term “threat model.” Here’s what they mean.
Security Tool YubiKeys Recalled Over Firmware Flaw
Yubico is recalling its line of YubiKeys, tools used for two-factor authentication that generate one-time passcodes.
Google Builds HTTPS Directly Into Top Level Domains
More websites have encrypted their traffic than ever, but there is a loophole. Some use a mixture of HTTPS and unsecure HTTP. Google is closing this by building HTTPS protection directly into certain top level domains.
Which means that today, when you register a site through Google that uses “.app,” “.dev,” or “.page,” that page and any others you build off it are automatically added to a list that all mainstream browsers, including Chrome, Safari, Edge, Firefox, and Opera, check when they’re setting up encrypted web connections. It’s called the HTTPS Strict Transport Security preload list, or HSTS, and browsers use it to know which sites should only load as encrypted HTTPS automatically, rather than falling back to unencrypted HTTP in some circumstances. In short, it fully automates what can otherwise be a tricky scheme to set up.
Governments Are Terrible at Securing Data
It absolutely infuriates me when agencies like the FBI, and governments like Australia, the U.S., Germany, and more want us to break encryption or circumvent it with a back door. As Mathew Gault writes, they are completely inept at securing data. Even the NSA, which likes to think it’s the “world leader in cryptology” got hacked.
Regular phone and internet users remain vulnerable, forced to take individual protective measures, like a poor wage-worker without health insurance who’s told to secure her nest egg by cutting out morning lattes.
GCHQ Officials' Encryption-Bypassing Idea Criticised in Letter Signed by Apple
Apple, Google, Microsoft, and WhatsApp signed an open letter criticizing proposals to bypass encryption made by GCHQ officials.
4 Privacy Features Apple Should Add
Apple has made a good start when it comes to privacy, but there are more private features the company can add. Here are four.
…based on Apple’s marketing focus as of late, which has centered on privacy, it’s reasonable to assume that the company will unveil additional privacy protections for users and their data in its next operating systems. What those privacy protections might be is anyone’s guess–but here are my hopes.
End-to-end encryption for iCloud backups is definitely on my wish list. But it should remain optional, because people who forget their password would be unable to access this kind of backup.
Firefox Send Lets You Share Big Encrypted Files
Firefox Send is a free tool that lets you send encrypted files up to 1GB in size, or 2.5GB if you sign in with a Firefox account.
What sets Send apart is its ease of use. It works in any browser; just go to send.firefox.com. Upload or drag and drop files, and Send will generate a link that you can set to expire after a certain number of downloads—up to 100—or a certain amount of time, ranging from five minutes to seven days.
Being able to use any browser is probably the best part about this tool.
Be Sure to Properly Remove Data from Devices
David Nield implores us to make sure we properly remove data from our devices before we get rid of them.
Your personal data—be it financial spreadsheets or web searches—is not something you want to be leaving behind for other people to find, and totally wiping your activity off devices or the web takes a few more steps than you might have realized. Don’t worry though, as we’re going to walk you through the process.