The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.
When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.
From my story for Wired about Google’s new encryption plugin for Chrome “End-to-End“:
Google won’t be able to scan encrypted email messages in order to target advertising. Security expert Eleanor Saitta believes this may lead to Google to discourage most users from actively using encryption. She worries that the End-to-End may simply be a publicity stunt designed to keep Google’s engineers happy while scoring points with privacy advocates.
She also points out Google has history of abandoning projects that don’t make the company money, such as iGoogle and Google Reader. If activists come to rely on Google’s encryption tools, but those tools are discontinued, they will be left without crucial protections. “People live and die by the long-term success and failure of communication platforms — I mean that in a very literal sense,” she says. “You cannot put people in a position where they are depending on a software platform for life safety issues and then simply terminate it.”
Her other worry is that the existence of Google’s own plugin may discourage people from building other alternatives, or make it harder for open source encryption projects to raise funds. For example, Mailpile raised over $100,000 last year to build a new open source email client that works with any email provider, including Gmail, and has PGP encryption baked in from the beginning. But it will need more funding eventually, and Saitta worries that potential backers may not be as motivated to contribute.
Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.
SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.
When you use messaging services like these, you’re depending on outside companies to properly encrypt your messages, store them safely, and protect them when the authorities come calling. And they may not be up to the task. The only way to ensure your messages are reasonably safe is to encrypt them yourself, using keys that no one has access to–including your messaging service provider. That way, even if hackers bust into your service provider or the authorities hit it with subpoenas, your messages are protected.
Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.
This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.
Briar is still in alpha and not ready for use for high-risk scenarios. If you’re looking for something immediately, OffTheRecord and TextSecure are worth considering, but of course nothing is perfectly secure.
WikiLeaks remains under a near financial blockade, its founder under effective house arrest after having been granted asylum in the Ecuadorian Embassy in London. The group has yet to release anything as substantial as last year’s “Detainee Policies”—Balkanleaks remains one of the few “leaking sites” still going strong. Its recent insurance-key move comes precisely out of the WikiLeaks playbook.
More than two years ago, a flurry of new WikiLeaks clones sprung up around the world inspired by the world’s most famous transparency-driven organization. They had all kinds of names: QuebecLeaks, BaltiLeaks, EnviroLeaks, and more. PirateLeaks (based in the Czech Republic), BrusselsLeaks (Belgium) and RuLeaks (Russia) all did not respond to Ars’ requests for comments. […]
So how does Balkanleaks thrive where others haven’t?
Tchobanov, the site’s co-founder, boils it down to one word: Tor. It’s the open-source online anonymizing tool that’s become the de facto gold standard for hiding one’s tracks online. Balkanleaks provides instructions in Bulgarian, Serbian, Macedonian, and English, and the submission website is only available on its Tor-enabled server.
If, in 1995, some cypherpunks had published a book about the upcoming “postmodern surveillance dystopia,” most commentators would have shrugged it off as just a wee bit paranoid and ushered them into the Philip K. Dick Reading Room. Now, it is more likely that people will shrug and say, “that ship has already sailed.”
Sharing encryption keys the quantum way is exciting because it promises to be an incredibly secure way of doing encryption. In quantum cryptography, the encryption key is read by measuring the polarization of the photons being sent between computers. And according to Heisenberg’s uncertainty principle, anyone listening in on the communications would have to start messing with that polarization. And that would be detectable.
Up until now, the photons used to exchange quantum keys have been built using external lasers. But this new laser-free technique would be cheaper to mass-produce, says Sven Höfling, a group leader with the applied physics department at Würzburg University. “We can make Quantum key distribution with electrically driven sources,” he says. This is really compatible with standard semiconductor technology, meaning it could be, in principle, very cheap.”
Gawker is running an unbelievable story on website called Silk Road – an open market for mail ordering illegal drugs. And it’s only accessible through TOR:
Mark, a software developer, had ordered the 100 micrograms of acid through a listing on the online marketplace Silk Road. He found a seller with lots of good feedback who seemed to know what they were talking about, added the acid to his digital shopping cart and hit “check out.” He entered his address and paid the seller 50 Bitcoins—untraceable digital currency—worth around $150. Four days later the drugs, sent from Canada, arrived at his house.
“It kind of felt like I was in the future,” Mark said.
The only thing that Jeff Garzik, the Bitcoin developer, forgot to mention are the extremely useful Bitcoin Laundries. They allow you to obscure and obfuscate the origin of a Bitcoin, allowing you to effectively ‘launder’ the Bitcoin so that network analysis would be futile. And they are free, simple, and widely available. They probably “forgot” that because it would make it seem even EASIER than it already is to buy drugs online.