Re: [liberationtech] Google keeps the chat history even you enabled the OTR
On 09/05/14 02:31, Anthony Papillion wrote: On 05/08/2014 08:23 PM, Doug Schuler wrote: Realistically we need to develop an entire suite of publicly owned tools. Could the development and implementation be massively distributed? Or is it over? We lost all the other media In just a few short years, starting in 1998, this company has grown to employ almost 50,000 people worldwide, generated sixty billion dollars in revenue last year, and has a current market capitalization of more than 350 billion dollars. Google is not only the biggest search engine in the world, but along with Youtube (the second biggest search engine in the world) it also has the largest video platform, with Chrome the biggest browser, with Gmail the most widely used e-mail provider, and with Android the biggest operating system for mobile devices. From: An open letter to Eric Schmidt: Why we fear Google I fear we've already lost. I used to think that it would just take some sort of major scandal to wake people up to the fact that relinquishing their privacy wasn't such a good idea. Then, I thought, they'd stand up in outrage and take their privacy back with pitchforks. Then Snowden showed up and nothing really happened. Most people didn't actually change the things they do because, well, it's not convenient. I see a future where the world, not just the digital world, is divided into two camps: those who are technically literate and willing to take the sometimes inconvenient steps to protect their privacy and those who aren't. The first group will be in the minority but will enjoy privacy and anonymity while the second group will be pretty much at the mercy of whoever can figure out how to access their data. Please stop moaning and do something about it instead. -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Google keeps the chat history even you enabled the OTR
On 08/05/14 14:05, Nariman Gharib wrote: Hey all, Just I want to remind you, Gmail is keeping your chat history even you enable the OTR on your gmail chat. how? if you going to plus.google.com http://plus.google.com and on the top right side of the page you click on the Hangout, and then select a person who you talked to him recently, you can see your all chat history is come up! you can delete manually your chat history from there too, but too sides should do the same things. I don't know after these things Google will keep our chat history or not!!! but I think this is a bug in Gmail service. Thanks Nariman -- PGP: 084F 95C0 BD1B B15A 129C 90DB A539 6393 6999 CBB6 www.NARIMAN.Tel http://www.NARIMAN.Tel Confusingly, Google Talk's off the record option has NO relation to the end-to-end encrypted OTR that we know about. I am surprised that the chat history is still visible to users, though. To use OTR with Google Talk, you need to use a 3rd-party program like the ones mentioned on http://otr.cypherpunks.ca/ X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] About Telegram
On 02/04/14 22:57, Maxim Kammerer wrote: On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis stevew...@gmail.com wrote: As an epilogue, the Telegram client misused a non-secure random number generator mrand48 for the keys used in their contest. A student, Thijs Alkemade, was able to recover their keys and decrypt the contest message transcripts: https://blog.thijsalkema.de/blog/2014/04/02/breaking-half-of-the-telegram-contest/ Seriously... He took the secret server-side keys published post-contest, and recovered the secret chat key (also published) by exploiting a randomness bug that has been fixed shortly after the context began. No. Moxie had the same randomness problem in his TextSecure code [1] No. — does he also “suck at this”, to quote this student? Or does blindly relying on someone else's POS code and primitives suddenly absolve one of responsibility for one's own software quality? Because that's essentially the spirit that I observe in Telegram's criticism. No. [1] https://github.com/WhisperSystems/TextSecure/commit/b14d9d84 -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] About Telegram
On 20/03/14 07:55, Maxim Kammerer wrote: On Thu, Mar 20, 2014 at 4:04 AM, Ximin Luo infini...@pwned.gg wrote: Welcome to 2014. Telegram has more of these, more severe, more obvious, and from further in the past. OTR also did not claim they were secure because it was written by a team of PhDs, and a bunch of other disingenuous marketing gimmicks. Thought I would add the precise quote for other butthurt appreciators on this list: “The team behind Telegram, led by Nikolai Durov, consists of six ACM champions, half of them Ph.Ds in math. It took them about two years to roll out the current version of MTProto. Names and degrees may indeed not mean as much in some fields as they do in others, but this protocol is the result of [thoughtful] and prolonged work of professionals.” [1] This whole story is simply priceless. Where else would a bunch of butthurt self-proclaimed “experts” attack a developer and a product for voluntarily offering a contest for breaking a protocol? With an obvious conflict of interest, no less. Moreover, the “brilliant” attack consists of trivial and obvious accusations that the contest cannot cover certain types of weaknesses, whereas the contest organizers later paid half the sum to some guy who found a weakness that was actually not covered by the contest. I am actually laughing while typing this. These points have already been discussed before and dismissed. Repeating them doesn't make it more true. I'll repeat my earlier suggestion that you sound like the butthurt one. Short of laughing, you ought to respect the fact that honest people did not take dishonest people's money under bullshit conditions. The theme of Ph.Ds also reminds me of some QA of Nadim that I watched, where he referred to potential “people with Ph.Ds” performing a product review with such reverence that I thought: “Wait, I thought these guys dismiss education, because they usually don't have any.” I guess it depends on whether you agree with the Ph.Ds! [1] https://news.ycombinator.com/item?id=6916860 He wrote this in a developers' mailing list, without trying to make it sound like a stamp of quality. He did not market this as a major security point to end-users. -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] About Telegram
On 19/03/14 16:14, Maxim Kammerer wrote: On Wed, Mar 19, 2014 at 5:25 PM, Tony Arcieri basc...@gmail.com wrote: Rather than admitting their mistake, Telegram doubled down on their bad crypto, and began making claims that it's the cryptographic community, not themselves, who don't know what they're talking about. Then they published that silly contest which Moxie made a brilliant mockery of. They also “declined [Moxie's] suggestions for collaboration of any kind”, and then some guy who actually got his hands dirty instead of writing brilliant mockeries won $100k from Telegram. I can only imagine the butthurt in the “crypto community” — I laugh every time when rereading this story. It sounds like you are the one butthurt actually. You haven't demonstrated any good grasp of security concepts, yet you cling onto the belief that Telegram is worth your time. Is it just because it looks shiny, they say nice words and sound reasonable, and haven't challenged your opinions? You think it's snobbishness to dismiss stubborn people who over-advertise their abilities far beyond reality, who invite comment and review only so that the real experts do their work and due diligence for them for free? The stuff the developer posted in the other fork of this thread is really something. I wish we had a cryptographic equivalent of funroll-loops.info. This is just the key exchange; not trying to sign or otherwise authenticate here. We were indeed originally using AES and HMAC for the key exchange I'm not sure about the authentication needed here -- can you clarify? I would have assumed that it was a really sophisticated troll, if it were not for the fact they have an entire github repository dedicated to promoting this. X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] About Telegram
On 20/03/14 01:54, Maxim Kammerer wrote: On Thu, Mar 20, 2014 at 3:21 AM, Ximin Luo infini...@pwned.gg wrote: The stuff the developer posted in the other fork of this thread is really something. I wish we had a cryptographic equivalent of funroll-loops.info. This is just the key exchange; not trying to sign or otherwise authenticate here. What if I told you that the original OTR protocol, that most of these “good” chat apps that crypto experts are so happy with are based upon, had a completely trivial MITM in key exchange part [1]? Really something! [1] http://dx.doi.org/10.1145/1102199.1102216 Welcome to 2014. Telegram has more of these, more severe, more obvious, and from further in the past. OTR also did not claim they were secure because it was written by a team of PhDs, and a bunch of other disingenuous marketing gimmicks. X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NSA-GCHQ meeting on Tor (with slides!)
On 04/10/13 16:42, Griffin Boyce wrote: There are some questions in my mind as to the legitimacy of this document -- particularly given that a slide is marked 2007, but references 2012. (In particular, neither Torservers nor TorButton existed in 2007). I take it you mean this from the first slide: Derived From: [snip] Dated: 20070108 Dated could refer to the original derived-from document. But that might be stretching the interpretation a bit.. -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 49 Page NSA analysis of Tor
On 05/10/13 16:31, John Adams wrote: On Oct 5, 2013, at 12:17 AM, Andy Isaacson a...@hexapodia.org wrote: I wonder if tor.eff.org has any referer logs from 2006 showing inbound traffic from http://wiki.gchq/ or similar. .gchq isn't an Internet TLD, so That's doubtful. -j Intranet DNS. If they've been sloppy in blanking their referrers, then yes this would show up. -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NYTimes and Guardian on NSA
On 05/09/13 21:10, Richard Brooks wrote: There is a massive difference between cryptanalysis and decade-long, well-funded, and top-secret program to subtly weaken international cryptographic protocols and sabotage industry implementations. Their job is to collect information for the military. That their work is top-secret should be obvious. That they try to weaken the crypto not used by the military and US gov. should also be taken as a given. You missed his point. subtly weaken international cryptographic protocols and sabotage industry implementations would be like selling vehicles / buildings / food with a secret back-channel to the US government to hijack / self-destruct / poison the eventual consumer, during peacetime, and to allies. The NSA does not have a mission to do anything it wants, and you have a fundamental misunderstanding of the world, and ethics, if you think that it does, or that it should. I'm not necessarily in favor of the NSA doing this, I just find some of the shocked outrage silly. It should be obvious that the cryptanalysis people work at breaking codes. (Spying on domestic communications, on the other hand, used to be strictly forbidden for good reasons. Among other things, you do not want intelligence and counter-intelligence to be friends.) (Keeping long-term records of domestic communications, is another thing that you do not want the intelligence service doing. Their are too many temptations for abuse.) -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Announcing Scramble.io
On 23/08/13 09:53, DC wrote: Hi everyone, I'm DC, and I've been lurking here for a few weeks :) Since the NSA leaks, I've been inspired to work on an old dream: end-to-end encrypted email. One difficult problem in public-key encryption is key exchange: how to get a recipient's public key and know it's really theirs. My plan is to make make your email the hash of your public key. For example, my address is *nqkgpx6bqscsl...@scramble.io mailto:nqkgpx6bqscsl...@scramble.io* (I borrowed this idea from Tor Hidden Services.) This does not improve on the properties of PGP, fundamentally. Without a pre-existing secure channel, knowledge of this public hash is just as susceptible to MitM. You can argue well my email address is pasted on so many websites, it's infeasible for an attacker to MitM all of them, but you can say the same thing for PGP keys too. In some senses it's even worse because a human has to remember the hash *exactly*, instead of having PGP manage the email-fingerprint mapping for you. You could write some address book software to improve on this, however. This lets you build an email system with some nice properties: * It's webmail. I want something easy to use and understand, unlike PGP, so that nontechnical people can grok it. * Webmail has an inherent weakness: if push comes to shove, the NSA can compel a Scramble server to serve bad Javascript to their users. I want to give users the option to install the app as a Chrome extension. Same HTML, CSS, and JS, but served locally, so the server is untrusted. * You can look up someone's public key from an untrusted server, and verify that it's actually theirs. * Anyone can run a Scramble server * It's open source * All email between Scramble addresses is encrypted. Both Subject and Body are encrypted via PGP. * With some precautions, it's possible to avoid associating your real identity with your email address at all. This means that even From and To can be anonymous. Feel free to try it out! https://scramble.io/ Here's a more thorough description of my design and my motivations: https://scramble.io/doc/ Finally, here's a more thorough description of the technical details: https://scramble.io/doc/how.html Thoughts? Best DC -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [riseup] Space for dissent
On 23/08/13 00:02, elijah wrote: On 08/22/2013 01:22 AM, Ben Laurie wrote: So where are these radically new services documented? On 08/22/2013 11:50 AM, Sean Alexandre wrote: From what I understand it's this: LEAP Encryption Access Project https://leap.se You are right to be skeptical, given the steady stream of snake oil announced these days. Here is the overview page for email: https://leap.se/en/services/email Technical details can be found in the links on that page. Constructive criticism warmly encouraged. I would say the things that distinguish the LEAP approach: * free software client and free software turn-key infrastructure * we are taking our time to do things the right way * we are not ignoring the hard problems https://leap.se/en/hard-problems -elijah I saw you guys before and remembered being impressed with the docs. The comparison of architecture is nice and shows that you understand how your system fits in to existing state-of-the-art solutions. They look a lot expanded from what I remember from last time. Nice work, keep it up! There is indeed a lot of bullshit bandwagon-jumping solutions that are in fact harming the goal by distracting attention away from good proper efforts that involve hard work and thoughtful research. I'm glad to see LEAP taking the slow and steady approach. Let the recent events inspire you, but don't let them ruin your long-term strategy. Stay on target and don't get distracted by politics. I also hope I can join you some time! X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] In defense of client-side encryption
On 11/08/13 22:28, Nadim Kobeissi wrote: On 2013-08-11, at 10:36 PM, danimoth danim...@cryptolab.net wrote: On 11/08/13 at 01:10pm, Francisco Ruiz wrote: Twice again, privacy has taken a hit across the land. Lavabit and Silent Mail are gone, and to quote Phil Zimmermann, “the writing is on the wall” for any other encrypted email provider located in US territory. This is sure to be repeated for servers located in Europe and other countries. Is this the end of encrypted email? [cut] IMHO you are making big statements, taking a lot of risks, and a lot of people's life on your back, as we're not playing here. Are you sure to have big enough shoulder? First, it is in Javascript. Who needs cryptography, SHOULD NOT use javascript. Google can help you ([1] for example, [2] if you are coming from a 48h non-stop no-sleep marathon). Second, someone posted about your random number generator, and you ignored it. But this is a minor problem, as all things are in Javascript. Third, you use Javascript. But, wait, I need to sleep. Please stop spamming an insecure-by-design product. I think it's a bit short-sighted to criticize encryption because of the programming language it's implemented in. JavaScript encryption doesn't have problems because of the programming language, but because of the APIs, environment and mechanisms surrounding the language. I've investigated many of the challenges surrounding proper implementation in those contexts, and have written a blog post to this effect. I would be interested in hearing some feedback! http://log.nadim.cc/?p=33 How is it possible to defend against timing attacks in JS? Any language theoretically can be complied into anything, but the JS runtime does not give you much control in what the CPU actually executes. The webcrypto WG you linked to looks interesting, if browsers will provide a native crypto API to JS, preinstalled (at least the mathy bits that you need direct execution control over) as opposed to loaded on-demand by a remote server. Did you ever think about having the cryptocat browser extension using a lower-level language? Firefox at least can run binary extensions; I don't know about Chrome. Also I'll note that investigate many is not sufficient to have security confidence; you have to investigate all - i.e. enumerate all parts that can be compromised, and argue convincingly that you haven't missed anything. This involves knowing the JS spec and browser implementations very very well. NK Last thing: People, please, use PGP instead of these circus things. [1] http://www.matasano.com/articles/javascript-cryptography/ [2] https://www.google.it/search?q=why%20is%20bad%20crypto%20javascript -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] In defense of client-side encryption
On 12/08/13 14:02, Ben Laurie wrote: On 12 August 2013 06:14, Ximin Luo infini...@gmx.com wrote: How is it possible to defend against timing attacks in JS? Any language theoretically can be complied into anything, but the JS runtime does not give you much control in what the CPU actually executes. The webcrypto WG you linked to looks interesting, if browsers will provide a native crypto API to JS, preinstalled (at least the mathy bits that you need direct execution control over) as opposed to loaded on-demand by a remote server. Did you ever think about having the cryptocat browser extension using a lower-level language? Firefox at least can run binary extensions; I don't know about Chrome. It is possible to defend against timing attacks by writing inherently constant time code. For example: https://github.com/openssl/openssl/commit/a693ead6dc75455f7f5bbbd631b3a0e7ee457965 is full of such code. But does this still necessarily hold after the JS compiler has had its way with it? I can imagine some optimisers perhaps turning code like return a op b into something like if a == 0: return 0; elif b == 0: return 0; else return a op b X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] In defense of client-side encryption
On 11/08/13 20:36, danimoth wrote: On 11/08/13 at 01:10pm, Francisco Ruiz wrote: Twice again, privacy has taken a hit across the land. Lavabit and Silent Mail are gone, and to quote Phil Zimmermann, “the writing is on the wall” for any other encrypted email provider located in US territory. This is sure to be repeated for servers located in Europe and other countries. Is this the end of encrypted email? [cut] IMHO you are making big statements, taking a lot of risks, and a lot of people's life on your back, as we're not playing here. Are you sure to have big enough shoulder? First, it is in Javascript. Who needs cryptography, SHOULD NOT use javascript. Google can help you ([1] for example, [2] if you are coming from a 48h non-stop no-sleep marathon). Second, someone posted about your random number generator, and you ignored it. But this is a minor problem, as all things are in Javascript. Third, you use Javascript. But, wait, I need to sleep. Please stop spamming an insecure-by-design product. I think you forgot to mention the design flaw that it implements crypto in javascript. Last thing: People, please, use PGP instead of these circus things. Hear, hear. I never bought this whole users will never install software argument. Have you seen the sort of crap the typical non-technical user has installed? [1] http://www.matasano.com/articles/javascript-cryptography/ [2] https://www.google.it/search?q=why%20is%20bad%20crypto%20javascript -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [cryptography] a Cypherpunks comeback
+1, especially since we are trying to promote the idea that crypto is *not* just for terrorists. If you are trying to make the point that by the govt's definition we are all terrorists then at least say so somewhere clearly and intelligently (i.e. not a wall of text that everyone will skip), rather than relying on subtle, uh, higher-level, humour that most of us without a literature degree will not understand. X On 22/07/13 08:41, Adam Back wrote: Could you please get another domain name, that name is just ridiculous. It might tickle your humour but I guarantee it does not 99% of potential subscribers... Unless your hidden objective is to drive away potential subscribers. Adam On Sun, Jul 21, 2013 at 11:07:26AM +0200, Eugen Leitl wrote: - Forwarded message from Riad S. Wahby r...@jfet.org - Date: Sat, 20 Jul 2013 12:41:25 -0400 From: Riad S. Wahby r...@jfet.org To: cpunks-recipients-suppres...@proton.jfet.org Subject: a Cypherpunks comeback User-Agent: Mutt/1.5.21 (2010-09-15) tl;dr: I'm writing to invite you back to the Cypherpunks mailing list. If you're interested, you can join via https://al-qaeda.net/mailman/listinfo/cypherpunks Hello, In the past couple days I've exchanged emails with John Young and Eugen Leitl on some brokenness in the Cypherpunks mailing list. This discussion brought us to a discussion of attempting to resurrect the list's wetware, as it were, in addition to its software. At Eugen's request, John dug up a couple Majordomo WHO outputs from about 15 years ago; I tidied up the lists, and now I'm writing to you. So! if you still have an interest in crypto, privacy, and politics, and if you want to discuss that interest with a bunch of like-minded weirdos from the aether, you can subscribe yourself via the web interface above or by sending an email with subscribe in the body to cypherpunks-requ...@al-qaeda.net. (I am aware the provocative choice of domain name may discourage you somewhat. I can only tell you that I've been running a Cypherpunks list of some sort from this domain for a bit over a decade, and I haven't yet been spirited away in a black helicopter. Here's hoping for another helicopter-free decade.) Best regards, and welcome back, preemptively, -=rsw on behalf of jya, eugen, and rsw - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ___ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- GPG: 4096R/5FBBDBCE https://github.com/infinity0 https://bitbucket.org/infinity0 https://launchpad.net/~infinity0 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance
+1 for source. Since crypto is hard to get right, it could definitely do with more eyes fixing things and refining the explanations to be clearer. The cryptoparty handbook[1] shares a similar goal. I have various concerns about the quality of the content with little time to review it properly, which makes it all the more important for there to be a unified effort in producing this sort of document. [1] https://github.com/cryptoparty/handbook On 02/07/13 23:01, Karl Fogel wrote: Micah Lee micahf...@riseup.net writes: Freedom of the Press Foundation just published a whitepaper about how to protect your communications from NSA (or any other) surveillance. Micah, thanks ( nice job). Two quick questions: 1) The CC-BY license info is only visible on the PDF; any reason it's not on the web version? 2) Is the document available in source form (that is, whatever master format you edited to generate both web and PDF versions)? The reason I ask (2) is that if someone wanted to make either an abbreviate or an extended version of this guide, it would be easiest for them to start from that source format. Best, -Karl https://pressfreedomfoundation.org/whitepapers/encryption-works-how-protect-your-privacy-age-nsa-surveillance The whole thing was inspired by this Edward Snowden quote: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. Specifically we go over: * What crypto is and what makes it secure * What sort of software you can trust * Using Tor, and global adversaries * How OTR works and how to use it right * How PGP works and how to use it right * How Tails can help ensure high endpoint security -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- GPG: 4096R/5FBBDBCE https://github.com/infinity0 https://bitbucket.org/infinity0 https://launchpad.net/~infinity0 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech