Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Interview with Hanna from Tutanota
Interview with Hanna from Tutanota about the importance of encryption in email, some of Tutanota's offerings and more.
https://www.youtube.com/watch?v=vLvxf6IxhPQ
#tutanota #encryption #email #interview #video
📡 @nogoolag 📡 @blackbox_archiv
Interview with Hanna from Tutanota about the importance of encryption in email, some of Tutanota's offerings and more.
https://www.youtube.com/watch?v=vLvxf6IxhPQ
#tutanota #encryption #email #interview #video
📡 @nogoolag 📡 @blackbox_archiv
Forwarded from BlackBox (Security) Archiv
Octopus - an alternate OpenPGP backend for Thunderbird built on top of Sequoia
We are thrilled to release the first version of the Octopus, an alternate OpenPGP backend for Thunderbird built on top of Sequoia.
The Octopus is a drop-in replacement for RNP, the OpenPGP library shipped with Thunderbird 78. In addition to providing all of the RNP functionality that Thunderbird uses, the Octopus also includes a number of enhancements. These fall into several categories. The Octopus restores some functionality that was present in Enigmail, but removed or has not yet been reimplemented in Thunderbird’s OpenPGP integration. In particular, the Octopus uses GnuPG’s keystore, interacts with gpg-agent, integrates GnuPG’s web of trust information, and updates certificates in the background.
The Octopus includes a number of security fixes and improvements. For instance, it fixes Thunderbird’s insecure message composition, and automatically encrypts in-memory secret key material at rest. The Octopus adds a few performance improvements, such as, parsing the keyring in the background and using multiple threads. And, the Octopus has better support for parsing less usual, but not necessarily esoteric, certificates and keys.
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird/
#thunderbird #octopus #sequoia #OpenPGP #GnuPG #encryption #backend
📡 @nogoolag 📡 @blackbox_archiv
We are thrilled to release the first version of the Octopus, an alternate OpenPGP backend for Thunderbird built on top of Sequoia.
The Octopus is a drop-in replacement for RNP, the OpenPGP library shipped with Thunderbird 78. In addition to providing all of the RNP functionality that Thunderbird uses, the Octopus also includes a number of enhancements. These fall into several categories. The Octopus restores some functionality that was present in Enigmail, but removed or has not yet been reimplemented in Thunderbird’s OpenPGP integration. In particular, the Octopus uses GnuPG’s keystore, interacts with gpg-agent, integrates GnuPG’s web of trust information, and updates certificates in the background.
The Octopus includes a number of security fixes and improvements. For instance, it fixes Thunderbird’s insecure message composition, and automatically encrypts in-memory secret key material at rest. The Octopus adds a few performance improvements, such as, parsing the keyring in the background and using multiple threads. And, the Octopus has better support for parsing less usual, but not necessarily esoteric, certificates and keys.
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird/
#thunderbird #octopus #sequoia #OpenPGP #GnuPG #encryption #backend
📡 @nogoolag 📡 @blackbox_archiv
sequoia-pgp.org
Sequoia: Super Powering End-to-End Email Encryption in Mozilla Thunderbird
Sequoia is a modular OpenPGP implementation in Rust.
Forwarded from BlackBox (Security) Archiv
Strategic autonomy in danger: European Tech companies warn of lowering data protection levels in the EU.
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Today we are sending an open letter to the European Commission together with #Boxcryptor, #Cryptomator, mail.de, #Mailfence, #Praxonomy, and #Tresorit to draw attention to the dangers of undermining encryption and people's privacy. Mass surveillance will not stop terrorism or child sexual abuse.
Joint open letter for right to privacy
In the course of the initiative "Fighting child sexual abuse: detection, removal, and reporting of illegal content", the European Union plans to abolish the digital privacy of correspondence. In order to automatically detect illegal content, all private chat messages are to be screened in the future. This should also apply to content that has so far been protected with strong end-to-end encryption. If this initiative is implemented according to the current plan it would enormously damage our European ideals and the indisputable foundations of our democracy, namely freedom of expression and the protection of privacy (see EDRi letter). The initiative would also severely harm Europe’s strategic autonomy and thus EU-based companies.
Europe as a global technology leader is respected internationally for its high level of data protection, notably due to the exemplary effect of the GDPR. In an internationally very competitive market, European companies are in first position when it comes to data protection. The EU initiative could now endanger this unique selling point of European IT companies.
https://tutanota.com/blog/posts/european-autonomy-in-danger/
#tutanota #surveillance #gdpr #eu #encryption #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Today we are sending an open letter to the European Commission together with #Boxcryptor, #Cryptomator, mail.de, #Mailfence, #Praxonomy, and #Tresorit to draw attention to the dangers of undermining encryption and people's privacy. Mass surveillance will not stop terrorism or child sexual abuse.
Joint open letter for right to privacy
In the course of the initiative "Fighting child sexual abuse: detection, removal, and reporting of illegal content", the European Union plans to abolish the digital privacy of correspondence. In order to automatically detect illegal content, all private chat messages are to be screened in the future. This should also apply to content that has so far been protected with strong end-to-end encryption. If this initiative is implemented according to the current plan it would enormously damage our European ideals and the indisputable foundations of our democracy, namely freedom of expression and the protection of privacy (see EDRi letter). The initiative would also severely harm Europe’s strategic autonomy and thus EU-based companies.
Europe as a global technology leader is respected internationally for its high level of data protection, notably due to the exemplary effect of the GDPR. In an internationally very competitive market, European companies are in first position when it comes to data protection. The EU initiative could now endanger this unique selling point of European IT companies.
https://tutanota.com/blog/posts/european-autonomy-in-danger/
#tutanota #surveillance #gdpr #eu #encryption #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Tutanota
Strategic autonomy in danger: European Tech companies warn of lowering data protection levels in the EU.
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Forwarded from BlackBox (Security) Archiv
Facebook Pushes Ahead with Plans for Full End-to-End Encryption of its Messaging Tools
Despite ongoing concerns about the proposal among various authorities, Facebook is pushing ahead with its plan to implement full end-to-end encryption by default within all of its messaging tools.
Within an overview of a recent virtual workshop Facebook held with experts in privacy, safety, human rights and consumer protection, the company noted that:
"We’re working hard to bring default end-to-end encryption to all of our messaging services. This will protect people’s private messages and mean only the sender and recipient, not even us, can access their messages. While we expect to make more progress on default end-to-end encryption for Messenger and Instagram Direct this year, it’s a long-term project and we won’t be fully end-to-end encrypted until sometime in 2022 at the earliest."
The news of Facebook's continued work on this front will please privacy advocates - but as noted, various authorities have raised significant concerns with the plan, with respect to how such a process could be used to hide criminal activity, with no way for authorities to track such exchanges.
https://telegra.ph/Facebook-Pushes-Ahead-with-Plans-for-Full-End-to-End-Encryption-of-its-Messaging-Tools-05-01
via www.socialmediatoday.com
#facebook #DeleteFacebook #encryption #messaging
📡 @nogoolag 📡 @blackbox_archiv
Despite ongoing concerns about the proposal among various authorities, Facebook is pushing ahead with its plan to implement full end-to-end encryption by default within all of its messaging tools.
Within an overview of a recent virtual workshop Facebook held with experts in privacy, safety, human rights and consumer protection, the company noted that:
"We’re working hard to bring default end-to-end encryption to all of our messaging services. This will protect people’s private messages and mean only the sender and recipient, not even us, can access their messages. While we expect to make more progress on default end-to-end encryption for Messenger and Instagram Direct this year, it’s a long-term project and we won’t be fully end-to-end encrypted until sometime in 2022 at the earliest."
The news of Facebook's continued work on this front will please privacy advocates - but as noted, various authorities have raised significant concerns with the plan, with respect to how such a process could be used to hide criminal activity, with no way for authorities to track such exchanges.
https://telegra.ph/Facebook-Pushes-Ahead-with-Plans-for-Full-End-to-End-Encryption-of-its-Messaging-Tools-05-01
via www.socialmediatoday.com
#facebook #DeleteFacebook #encryption #messaging
📡 @nogoolag 📡 @blackbox_archiv
Telegraph
Facebook Pushes Ahead with Plans for Full End-to-End Encryption of its Messaging Tools
Despite ongoing concerns about the proposal among various authorities, Facebook is pushing ahead with its plan to implement full end-to-end encryption by default within all of its messaging tools. Within an overview of a recent virtual workshop Facebook held…
Australian Crime Commission: Only Criminals Use Encrypted Communications
https://www.techdirt.com/articles/20210509/10235546763/australian-crime-commission-only-criminals-use-encrypted-communications.shtml
#australia #encryption #gov #why
https://www.techdirt.com/articles/20210509/10235546763/australian-crime-commission-only-criminals-use-encrypted-communications.shtml
#australia #encryption #gov #why
Techdirt
Australian Crime Commission: Only Criminals Use Encrypted Communications
Well, someone finally said the quiet part loud: some government officials actually believe the only people who need, want, or use...
https://searx.monicz.pl/morty/?mortyurl=https%3A%2F%2Fwww.nytimes.com%2F2021%2F05%2F17%2Ftechnology%2Fapple-china-censorship-data.html
https://nitter.fdn.fr/matthew_d_green/status/1394389869540089856
#apple #china #encryption
https://nitter.fdn.fr/matthew_d_green/status/1394389869540089856
#apple #china #encryption
Nitter
Matthew Green (@matthew_d_green)
Interesting story about how Apple is moving encryption keys to China. https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>_GJ06)
The Draft EU Drugs Action Plan 2021-25 is heading to the Council for approval, and amongst other things includes an action to "improve possibilities to tackle encryption," as well as the use of new technologies (including the near-ubiquitous "artificial intelligence") for "monitoring suspicious postal items... while preserving the fundamental right of privacy of correspondence." https://www.statewatch.org/news/2021/june/eu-drugs-strategy-includes-actions-to-tackle-encryption-and-postal-snooping/
#Encryption #EU #AI
#Encryption #EU #AI
Backdoor found in 2G mobile data encryption standard
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
AP NEWS
Security flaw found in 2G mobile data encryption standard
BERLIN (AP) — Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Telegraph
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More → A weakness in the algorithm used to encrypt cellphone data in the 1990s and 2000s allowed hackers to spy on some internet…
Facebook wants to analyze encrypted WhatsApp messages "for ads"
TL;DR
Facebook has hired a team of researchers for the purpose of analyzing WhatsApp encryption.
The goal would be to have ways to data-mine WhatsApp messages without actually decrypting them.
One report alleges that Facebook is doing this for ad purposes.
https://www.androidauthority.com/whatsapp-encryption-ads-2728774/
#WhatsApp #Facebook #fb #encryption
TL;DR
Facebook has hired a team of researchers for the purpose of analyzing WhatsApp encryption.
The goal would be to have ways to data-mine WhatsApp messages without actually decrypting them.
One report alleges that Facebook is doing this for ad purposes.
https://www.androidauthority.com/whatsapp-encryption-ads-2728774/
#WhatsApp #Facebook #fb #encryption
Android Authority
Report: Facebook wants to analyze encrypted WhatsApp messages for ads
Facebook has hired a team of researchers to "crack" WhatsApp encryption without actually decrypting it. Why? For ads, according to a report.