Skip to main content

Search

Items tagged with: encryption


 
“In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake #Facebook server. When a #target attempts to log in to the social media site, the NSA transmits #malicious data #packets that #trick the target’s #computer into thinking they are being sent from the real Facebook. By concealing its #malware within what looks like an ordinary Facebook page, the NSA is able to #hack into the targeted computer and covertly siphon out data from its hard drive. A #top-secret animation demonstrates the tactic in action.”

#NSA targets users #globally to harvest data, break #encryption and carry out #surveillance - old story bears repeating

 
Einige Staaten fordern eine Hintertür für Behörden in der Verschlüsselung von Kommunikation. Hätten sie vorher nicht inhaltslos geschnüffelt, hätten die Menschen heute kein solches Sicherheitsbedürfnis, sagt Digitalistan-Blogger Jörg Schieb. #Verschlüsselung #Encryption #USA #Geheimdienste #NSA #Sicherheit

 

#FBI director warns #Facebook could become platform of 'child pornographers'


Source: https://uk.reuters.com/article/uk-facebook-security/fbi-director-warns-facebook-could-become-platform-of-child-pornographers-idUKKBN1WJ1N3
Wray steered clear of making any specific proposal, saying that “companies themselves are best placed” to offer a way for #law #enforcement to get around #encryption.
“We’re going to lose the ability to find those kids who need to be rescued,” Wray said. “We’re going to lose the ability to find the bad guys.”
#police #crime #internet #communication #backdoor #politics #usa #news #propaganda #security

 

#FBI director warns #Facebook could become platform of 'child pornographers'


Source: https://uk.reuters.com/article/uk-facebook-security/fbi-director-warns-facebook-could-become-platform-of-child-pornographers-idUKKBN1WJ1N3
Wray steered clear of making any specific proposal, saying that “companies themselves are best placed” to offer a way for #law #enforcement to get around #encryption.
“We’re going to lose the ability to find those kids who need to be rescued,” Wray said. “We’re going to lose the ability to find the bad guys.”
#police #crime #internet #communication #backdoor #politics #usa #news #propaganda #security

 
United States, United Kingdom, and Australia want backdoors on encrypted messages.
🖕🖕🖕
#security #privacy #encryption

 

Cryptomator - Free open-source client-side encryption for your cloud files in Google Drive, Dropbox, etc to stop cloud providers prying into your data


It's a fact most cloud providers' T&C's provide for access to your data to "ensure the terms are not being violated or a crime being committed" or whatever they state. So unless you roll your own Nextcloud hosting, if you are using commercial cloud storage like Google Drive, Dropbox, OneDrive, etc you can use Cryptomator on Windows, Linux, macOS, iOS and Android to provide your own encryption key to protect your data.

There is no vendor lock-in as you always have access to this source code and you can use any cloud provider you want to. It works transparently so no need to change the way your offsite backup works. It operates as a virtual drive and is much the same as if using a USB flash stick.

See https://cryptomator.org/

#encryption #privacy #cryptomator
Cryptomator - Free Cloud Encryption

Image/photo
Free & Open Source client-side encryption for Dropbox, Google Drive, you name it. Protect your cloud files. Free software. No accounts, no backdoors.

https://gadgeteer.co.za/cryptomator-free-open-source-client-side-encryption-your-cloud-files-google-drive-dropbox-etc-stop

 

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries


Facebook and its messaging tool WhatsApp will have to give UK police access to users' encrypted messages under an upcoming treaty with the United States, says a Saturday report by Bloomberg, which cited a confidential source. The treaty, which covers other US-based social media platforms as well, would require the sharing in regard to investigations of serious crimes, such as terrorism and paedophilia, Bloomberg said.

Under the treaty, scheduled to be finalized in October, the US and UK won't investigate each other's citizens, and information obtained from British firms can't be used by the US in death penalty cases, Bloomberg reported.

So where does this leave users with end-to-end encryption... does it now fall away, was it was "broken" in the middle? Messages are either end-to-end encrypted or they are not. There is no partial end-to-end encryption. If you can silently add other parties to a conversation then it still can be broken open.

See... Show more...

 

 
Has anyone tested Tok Messenger?

Secure e2e, Distributed p2p, Anonymous, No Censorship, Open Source

https://www.tok.life

Privacy and security of Tok Tok was born with the sole mission of making our communication easier via modern technology. We assume that you would use Tok to share personal or special moments with extreme privacy, so we
... Show more...

 
Has anyone tested Tok Messenger?

Secure e2e, Distributed p2p, Anonymous, No Censorship, Open Source

https://www.tok.life

Privacy and security of Tok Tok was born with the sole mission of making our communication easier via modern technology. We assume that you would use Tok to share personal or special moments with extreme privacy, so we adopt peer-to-peer communication, end-to-end encryption in our application, which ensure your information with absolute privacy.

Do not require any Phone number
Phone number and Email address is not required to generate a Tok account, making sure that your personal information is not traceable through a real-name phone or email.

Invisible IP
Tok hidden all IP addresses through #onion #routing #... Show more...

 

Wire, Mozilla, Cisco, Facebook, Google, INRIA, and Twitter are collaborating towards an enterprise open standards secure messaging protocol called MLS


As the world moves toward end-to-end encryption for personal messaging platforms, businesses are challenged to integrate the same level of security in corporate messaging apps.

Even encryption protocols for person-to-person messaging are still undergoing development. Services want to reduce the amount of sensitive data they store; however, only a few encryption protocols – Signal, for one – have been scrutinized for security.

"In the consumer space there are a few services with end-to-end encryption but in the business space it's very rare," says Raphael Robert, head of security at Wire, which launched in 2014 as a secure messenger primarily built for consumers. Since then, it has repositioned itself to build a secure business collaboration system. Wire is currently in the midst of working to develop Messaging Layer Security (MLS), a new protocol designed to facilitate more secure enterprise messaging platforms.

End-to-end encryption is supposed to exclude any man-in-the-middle attacks or interception at the servers (if implemented properly) but has o... Show more...

 
Mit Web Key Directory (WKD) wird der Schlüsselaustausch stark vereinfacht und E-Mail-Verschlüsselung erleichtert. Via HTTPS-Verzeichnis wird der öffentliche Schlüssel bereitgestellt.

Wer eine eigene Domain betreibt. Einrichten. Jetzt!

#WKD #Enigmail #GnuPG #Encryption

HowTo: https://www.kuketz-blog.de/gnupg-web-key-directory-wkd-einrichten/

 
Bild/Foto
Bild/Foto

#Tox is working really fine, !

The Tox Project

https://tox.chat/index.html



Tox began a few years ago, in the wake of Edward Snowden's leaks regarding NSA spying activity. The idea was to create an instant messaging application that ran without requiring the use of central servers. The system would be distributed, peer-to-peer, and end-to-end encrypted, with no way to disable any of the encryption features; at the same time, the application would be easily usable by the layperson with no practical knowledge of cryptography or distributed systems. During the Summer of 2013 a small group of developer
... Show more...

 
Wir brauchen weder eine solche Debatte noch #Geheimdienste! #Encryption

RT @GCHQ@twitter.com

Our Director, Jeremy Fleming explained how GCHQ will be engaging in the #encryption debate ⬇️

🐦🔗: https://twitter.com/GCHQ/status/1159108936500256771
Bild/Foto

 

The Encryption Debate Is Over - Dead At The Hands Of Facebook who will control the Whatsapp end-to-end encryption on your device


If either user’s device is compromised, unbreakable encryption is of little relevance. This is why surveillance operations typically focus on compromising end devices, bypassing the encryption debate entirely. If a user’s cleartext keystrokes and sc
... Show more...

 

The Encryption Debate Is Over - Dead At The Hands Of Facebook who will control the Whatsapp end-to-end encryption on your device


If either user’s device is compromised, unbreakable encryption is of little relevance. This is why surveillance operations typically focus on compromising end devices, bypassing the encryption debate entirely. If a user’s cleartext keystrokes and screen captures can be streamed off their device in real-time, it matters little that they are eventually encrypted for transmission elsewhere. Facebook announced earlier this year preliminary results from its efforts to move a global mass surveillance infrastructure directly onto users’ devices where it can bypass the protections of end-to-end encryption.

In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message bef... Show more...

 
Welcome to the future
(but it's inevitable, imo) #encryption #security #future

 
Wenn Du als US-Justizminister sagt, daß Sicherheitslücken bei der Verschlüsselung aus Sicherheitsgründen akzeptiert werden müssen ... und der Ex-Chef des CIA Dir widerspricht...! (Thread)

 

Download #Jami for #Android, #iPhone, #Windows, #Mac or #Linux - it seems it may be the most #secure and #flexible #communications #software yet


... Show more...

 

Latest Google Chrome update draws government and telecom concerns - Encrypted version of the web browser could endanger children's safety online


Critics of the encrypted version of the browser, which is currently available for download but not the default version, argue that it could make it more difficult for companies to block harmful material online as it will bypass most parental control systems.

As it stands now, harmful materials like terrorist propaganda and child-abuse images are blocked by internet companies through filters that scan the web's domain name servers.

I'm still in two minds about this as often agencies use the excuse of terrorism and child porn to impose more of their restrictions on us (their law-abiding citizens). I'd hope everyone is against instigating violence (terrorism can be a very relative term to whatever country you live in) and harm to children but we must also be careful where that is used to unfairly combat genuine freedoms of expression and resisting oppression.

What is also emerging is that with web/cloud services the desktop is becoming irrelevant and control of the browser is becoming paramount. We do also have to be concerned about the companies managing the brows... Show more...

 
#unitoodailynews, #freedom, #freesw, #gnulinux, #duplicity, #software, #backup, #gdpr, #encryption, #googledrive, #dropbox, #mega
Duplicity - Ready to go
Vogliamo condividere un repository dedicato ad una configurazione personalizzabile di duplicity per backup cifrati su Google Drive o altri storage.
https://blog.unitoo.it/2019/04/16/duplicity-ready-to-go.html Duplicity - Ready to go

 
https://framapiaf.org/@debacle/101621305682289111

#OMEMO is a big fish 🐠 in the upcoming #Debian 10 release (#buster) bowl. It hopefully will feature five #XMPP clients with this modern #e2e #encryption: #Gajim, #Dino, #Psi+ (all graphical), #jp (command line), and #primitivus (console), the latter two part of #SalutAToi or #SaT

 
Bild/Foto
Something I love about TechChrunch is that they get straight to the point and don't give a singular fuck.
https://www.techdirt.com/articles/20190306/10271141746/fbi-director-chris-wray-needs-to-shut-fuck-up-about-encryption.shtml
#encryption #crypto #fbi #news

 

Backdoors


I just noticed that the little lock thingy in the address bar had the yellow triangle on it on this site. When you click on it, it says the connection is not secure. Why would that happen even temporarily? Must mean someone is snooping on here or something. Why would it need to change between strong and weak encryption?

#encryption #privacy

 
Reposting deleted post. #privacy #tools #surveillance #encryption

 

Evaluating the GCHQ Exceptional Access Proposal


#backdoors #encryption #gchq #privacy

 

How to Encrypt Your DNS With DNSCrypt on Ubuntu and Debian - Because all your web browsing is an Open Book Otherwise


The topic recently came up again about whether a foreign (anyone outside of your own country... or actually even in your own country) agency is tapping into or mining data from your phone. The easy answer (my opinion only) is that yes if you are being targeted for something specific and if the German Chancellor's phone can be bugged by the USA, anyone can bug your personal phone) but no, they would not go to the trouble for each phone if they are scanning masses of data for patterns or vulnerabilities.

The easier way is to spend some effort on hacking a treasure trove of information that is more publicly accessible. So think DNS (domain name lookups) for all sites you and everyone else visits and these are in open text (usually), or hacking Facebook (or just spending money and buying private data from Facebook or similar), or hacking a major ISP where thousands of people's data pass through every day. They go where they can get the most information for the least effort. That's the plain economics of hacking.

DNS (a very old Internet technology) is but one area where you... Show more...

 
Australia just made Man-In-The-Middle attacks required by law. They call it "the ghost" and every #encryption connection has to be open to the government.

Good luck with that.

#eff

 
Under the new laws, security agencies have greater powers to get at the encrypted messages of criminal suspects — in some cases they can demand companies build new capabilities to allow them access. Labor members called the bill flawed during debate on Thursday, but the Opposition later pulled its amendments at the last minute and voted to support the Government.
#Australia #ScienceandTechnology #InformationandCommunication #ComputersandTechnology #InternetTechnology #SmallBusiness #Business #EconomicsandFinance #GovernmentandPolitics #encryption #assistanceandaccessbill #pjcis #technologyindustry #start-ups #telecommunications

 

Australia passes new law to thwart strong encryption


On Thursday, the Australian parliament approved a measure that critics say will weaken encryption in favor of law enforcement and the demands of government.

The new law, which has been pushed for since at least 2017, requires that companies provide a way to get at encrypted communications and data via a warrant process. It also imposes fines of up to A$10 million for companies that do not comply and A$50,000 for individuals who do not comply. In short, the law thwarts (or at least tries to thwart) strong encryption.

Companies who receive one of these warrants have the option of either complying with the government or waiting for a court order. However, by default, the orders are secret, so companies would not be able to tell the public that they had received one.

However, the law as currently written seems to contain what some view as a loophole. The statute says that companies cannot be compelled to introduce a "systemic weakness" or a "systemic vulnerability" into their software or hardware to satisfy government demands.

"Some suggest that exceptions can... Show more...

 
Some SSDs have had their full-disk encryption password be 32 NULL bytes, no matter your input 🤦‍♂️ https://www.ru.nl/publish/pages/909282/draft-paper.pdf (PDF) #encryption #fail https://t.co/1XCQWplJv7
Image/photo
Image/photo

 
Posted on #Mastodon by @cathal@social.coop:
#NSA’s New Weak, ISO-Rejected, Poorly Documented "Encryption" #Algorithm #Speck now in #Linux #Kernel 4.17
https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/
#backdoor #privacy #iot #idiocy #Google #Encryption
NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community

 
#vista10 is a keylogger with back doors. It means that no matter what client-side or server-side #encryption is used, whenever entering a password in #microsoft #windows or even #WSL both Microsoft and the #nsa etc. will be able to record it. Windows is unfit for purpose.

 

Australians who won’t unlock their phones could face 10 years in jail


The Australian government wants to force companies to help it get at suspected criminals’ data. If they can’t, it would jail people for up to a decade if they refuse to unlock their phones.

The country’s Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia’s existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn’t strong enough.

The Bill takes a multi-pronged approach to accessing a suspect’s data by co-opting third parties to help the authorities. New rules apply to “communication service providers”, which is a definition with a broad scope. It covers not only telcos, but also device vendors and application publishers, as long as they have “a nexus to Australia”.

This follows a bit in the footsteps of the US CLOUD Act but extends to the individual too. T... Show more...

 
Cryptomator Secures Your Cloud Storage Data (Open Source, Multi-Platform Client-Side Encryption Tool) #security #encryption #cloud #privacy #linux #opensource

 

EncryptPad: Encrypted Text Editor For Your Secrets #linux #Security #encryption