Proton Is Trying to Become Google—Without Your Data

May 27, 2022May 27, 2022 ~ cafebedouin

“These days, all Google and Apple and Big Tech talk about is privacy, so the best way to give our definition is to give the contrast. The way Google defines privacy is, “Nobody can exploit your data, except for us.” Our definition is cleaner, more simple, and more authentic: Nobody can exploit your data—period. We literally want to build things that give us access to as little data as possible. The use of end-to-end encryption and zero-access encryption allows that. Because fundamentally, we believe the best way to protect user data is to not have it in the first place.
-Gilad Edelman, “Proton Is Trying to Become Google—Without Your Data.” Wired. May 25, 2022

I’ve used the Protonmail app for Android and the Protonmail website. There is a free tier with 1 GB of storage. For €120/year, you can get a VPN, file storage and an encrypted calendar. While you can get it slightly less expensively if you buy it in pieces from elsewhere, this is a very reasonable solution. Recommended.

Session, Encrypted Messenger

July 23, 2020July 22, 2020 ~ cafebedouin

“Session is an end-to-end encrypted messenger that removes sensitive metadata collection, and is designed for people who want privacy and freedom from any forms of surveillance.”
https://getsession.org/

Session is a fork of Signal that is trying to remove the need for a phone number and centralized servers.

CryptoHack.org

April 8, 2020April 8, 2020 ~ cafebedouin

“CryptoHack is a fun platform for learning cryptography. The emphasis is on breaking bad implementations of “modern” crypto, such as AES, RSA, and Elliptic-curve. The format is a series of puzzles that teach small lessons and motivate further research.”
–cryptohack.org

Not hard enough? Try CryptoPals.com.

Exceptional Access to Encrypted Communications

August 8, 2019August 5, 2019 ~ cafebedouin

Bob Barr has recently added his voice to the ongoing call of law enforcement to provide exceptional access to encrypted communications. Here’s why that’s not going to work.

“Exceptional access — as governments propose — is the problem of making a system selectively secure. I can tell you, it’s hard enough to make a secure system. It’s vastly harder to make a system secure except for governments, and only available to governments that consist of ‘democratically elected representatives and [a] judiciary’ as the GCHQ authors imagine.”
—Jon Callas, “The ‘Ghost User’ Ploy to Break Encryption Won’t Work.” DavisVanguard.org. July 24,2019.

Is being able to access the encrypted communications of everyone enough? Between the drone’s Gorgon Stare above, the Ring camera on every other front door for police to access, televisions tracking every show being watched, phones and digital assistants listening in on conversations, fitness trackers as evidence in court cases, Stringray and other technology for phone tracking, license plate readers to track vehicle movement over time, surveillance balloons and so on, it feels to me like the police and military are a little under-powered these days.

I was promised a camera in my television watching my every move, a Room 101 for not sufficiently toeing the line and a boot stomping on a face of humanity forever. Was Uncle Orwell lying to me?

A (Relatively Easy to Understand) Primer on Elliptic Curve Cryptography | Ars Technica

July 20, 2019 ~ cafebedouin ~ 1 Comment

“If you just want the gist, here’s the TL;DR version: [Elliptical Curve Crytography,] ECC is the next generation of public key cryptography, and based on currently understood mathematics, it provides a significantly more secure foundation than first-generation public key cryptography systems like RSA. If you’re worried about ensuring the highest level of security while maintaining performance, ECC makes sense to adopt. If you’re interested in the details, read on.”

—Nick Sullivan. ” A (relatively easy to understand) primer on elliptic curve cryptography.” Ars Technica. October 24, 2013.

Standard Notes | A Simple And Private Notes App

March 30, 2019March 28, 2019 ~ cafebedouin

“Standard Notes is a safe place for your notes, thoughts, and life’s work.

Free, open-source, and completely encrypted.”

—https://standardnotes.org/

How to Boost Your Data Privacy With a Virtual Private Network

November 8, 2018November 2, 2018 ~ cafebedouin ~ 1 Comment

“Data privacy matters, and we all deserve respect and consideration from those we visit on the internet. As shown by the numerous data breaches that have affected companies and individual users around the world, individuals and governments, however, we must also look out for our own personal data and privacy. Using a VPN to obfuscate your location and encrypt data is a powerful way to prevent the tracking, stalking and theft of personal and private data.”

—Eric Jeffrey, “How to Boost Your Data Privacy With a Virtual Private Network.” Security Intelligence. November 2, 2018.

A layman’s explanation of VPNs and why you should be using them. I’ve mentioned VPNs before. If interested in using one, check this website for a comparison of different services.

Intra

October 12, 2018October 5, 2018 ~ cafebedouin

“Intra protects you from DNS manipulation, a cyber attack used to block access to news sites, social media platforms and messaging apps.”

—https://getintra.org/#!/

An app from Google’s Jigsaw Team that incorporates encrypted DNS lookups that come stock in 9 into older versions of Android. Not as good as using a VPN, but better than nothing.

Click Here to Kill Everybody – Bruce Schneider

September 9, 2018September 7, 2018 ~ cafebedouin

“There is simply no way to secure US networks while at the same time leaving foreign networks open to eavesdropping and attack. There’s no way to secure our phones and computers from criminals and terrorists without also securing the phones and computers of those criminals and terrorists. On the generalized worldwide network that is the Internet, anything we do to secure its hardware and software secures it everywhere in the world. And everything we do to keep it insecure similarly affects the entire world.

This leaves us with a choice: either we secure our stuff, and as a side effect also secure their stuff; or we keep their stuff vulnerable, and as a side effect keep our own stuff vulnerable. It’s actually not a hard choice. An analogy might bring this point home. Imagine that every house could be opened with a master key, and this was known to the criminals. Fixing those locks would also mean that criminals’ safe houses would be more secure, but it’s pretty clear that this downside would be worth the tradeoff of protecting everyone’s house. With the Internet+ increasing the risks from insecurity dramatically, the choice is even more obvious. We must secure the information systems used by our elected officials, our critical infrastructure providers, and our businesses.

Yes, increasing our security will make it harder for us to eavesdrop, and attack, our enemies in cyberspace. (It won’t make it impossible for law enforcement to solve crimes; I’ll get to that later in this chapter.) Regardless, it’s worth it. If we are ever going to secure the Internet+, we need to prioritize defense over offense in all of its aspects. We’ve got more to lose through our Internet+ vulnerabilities than our adversaries do, and more to gain through Internet+ security. We need to recognize that the security benefits of a secure Internet+ greatly outweigh the security benefits of a vulnerable one.”

—Bruce Schneider. “Five-Eyes Intelligence Services Choose Surveillance Over Security.” Schneider.com. September 8, 2018.