Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Google-Chrome

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth - 0 views

www.privateinternetaccess.com/...ce-of-privacy-defense-in-depth

surveillance state Google-Chrome Chromium audio-surveillance digital-surveillance

shared by Paul Merrell on 23 Jun 15 - No Cached
  • Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".
  • Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.A brief explanation of the Open-source / Free-software philosophy is needed here. When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source code before that operating system was built into computer-executable binary code, to make it common and open knowledge what the machine actually does instead of trusting corporate statements on what it’s supposed to be doing. Therefore, you don’t install black boxes onto a Debian or Ubuntu system; you use software repositories that have gone through this source-code audit-then-build process. Maintainers of operating systems like Debian and Ubuntu use many so-called “upstreams” of source code to build the final product.Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.
  • This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too.Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.Google had two responses to this. The first was to introduce a practically-undocumented switch to opt out of this behavior, which is not a fix: the default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course):
  • ...4 more annotations...
  • 1) Yes, we’re downloading and installing a wiretapping black-box to your computer. But we’re not actually activating it. We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers, but we would never abuse the same trust in the same way to insert code that activates the eavesdropping-blackbox we already downloaded and installed onto your computer without your consent or knowledge. You can look at the code as it looks right now to see that the code doesn’t do this right now.2) Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. We’re concerned with building Google Chrome, the product from Google. As part of that, we provide the source code for others to package if they like. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely.3) Yes, we deliberately hid this listening module from the users, but that’s because we consider this behavior to be part of the basic Google Chrome experience. We don’t want to show all modules that we install ourselves.
  • If you think this is an excusable and responsible statement, raise your hand now.Now, it should be noted that this was Chromium, the open-source version of Chrome. If somebody downloads the Google product Google Chrome, as in the prepackaged binary, you don’t even get a theoretical choice. You’re already downloading a black box from a vendor. In Google Chrome, this is all included from the start.This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.
  • Of course, people were quick to downplay the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company stealth installs an audio listener that listens to every room in the world it can, and transmits audio data to the mothership when it encounters an unknown, possibly individually tailored, list of keywords – and it’s no big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. This is not something that is the slightest amount of permissible just because it’s hidden in legalese.) “It’s opt-in. It won’t really listen unless you check that box.” (Perhaps. We don’t know, Google just downloaded a black box onto my computer. And it may not be the same black box as was downloaded onto yours. )Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody else dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”.
  • Privacy remains your own responsibility.
  • Paul Merrell on 23 Jun 15
     
    And of course, Google would never succumb to a subpoena requiring it to turn over the audio stream to the NSA. The Tor Browser just keeps looking better and better. https://www.torproject.org/projects/torbrowser.html.en
Paul Merrell

WorldLII - WorldLII: About WorldLII - 0 views

www.worldlii.org/worldlii

shared by Paul Merrell on 21 Sep 16 - No Cached
  • You are here: WorldLII >> About WorldLII   What is WorldLII? The World Legal Information Institute (WorldLII) is a free, independent and non-profit global legal research facility developed collaboratively by the following Legal Information Institutes and other organisations. Australasian Legal Information Institute (AustLII) British and Irish Legal Information Institute (BAILII) Canadian Legal Information Institute (CanLII) Hong Kong Legal Information Institute (HKLII) Legal Information Institute (Cornell) (LII (Cornell)) Pacific Islands Legal Information Institute (PacLII) Wits University School of Law (Wits Law School) For further details, see the WorldLII brochure. The LIIs, meeting in Montreal in October 2002, adopted the Montreal Declaration on public access to law. WorldLII comprises three main facilities: Databases, Catalog and Websearch.
  • WorldLII Databases WorldLII provides a single search facility for databases located on the following Legal Information Institutes: AustLII; BAILII; CanLII; HKLII; LII (Cornell); and PacLII. WorldLII also includes as part of this searchable collection its own databases not found on other LIIs. These include databases of decisions of international Courts and Tribunals, databases from a number of Asian countries, and databases from South Africa (provided by Wits Law School). Over 270 databases from 48 jurisdictions in 20 countries are included in the initial release of WorldLII. Databases of case-law, legislation, treaties, law reform reports, law journals, and other materials are included. WorldLII welcomes enquiries concerning the possible inclusion of other databases on WorldLII or on one of its collaborating LIIs. WorldLII Catalog and Websearch The WorldLII Catalog provides links to over 15,000 law-related web sites in every country in the world. WorldLII's Websearch makes searchable the full text of as many of these sites as WorldLII's web-spider can reach. WorldLII welcomes enquiries from law librarians and other legal experts who are interested to become Contributing Editors to the WorldLII Catalog.
  • Operation of WorldLII The provision of the WorldLII service is coordinated by the Australasian Legal Information Institute (AustLII), which maintains WorldLII's user interface, the WorldLII Catalog and Websearch, and the databases located only on WorldLII. Technical enhancements to WorldLII are being developed jointly by the cooperating Legal Information Institutes. Contacting WorldLII General contact: feedback@worldlii.org AustLII/WorldLII Co-Directors: Professor Andrew Mowbray, UTS <andrew@austlii.edu.au> Professor Graham Greenleaf, UNSW <graham@austlii.edu.au> Philip Chung, AustLII Executive Director <philip@austlii.edu.au> Mail: WorldLII, c/- AustLII, UTS Faculty of Law, PO Box 123 Broadway NSW 2007 Australia Telephone: +61 2 9514 4921 Fax: +61 2 9514 4908 We hope that you enjoy using WorldLII and find it to be a useful service. Feedback (particularly words of encouragement or constructive criticism) are welcome and may be sent to feedback@worldlii.org. WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback URL: http://www.worldlii.org/worldlii/
  • Paul Merrell on 21 Sep 16
     
    The various Legal information Institutes that collaborate on WorldLII have the most advanced, integrated, and largest public legal research databases available on the Internet, searchable through a common interface. Still nothing like a complete university law library because so many legal source materials are copyrighted, this is the combined effort of many law schools. A companion browser extension is available for Chrome and Firefox called Jureeka. That extension causes your pages rendered in the browser to contain hyperlinks to all legal authorities cited on the page that are recognized by the extension, with the links going to case law, regulations, and statues that are in the public domain. https://chrome.google.com/webstore/detail/jureeka/ediidjmindkcaflpfjgabfaibhngadbb?utm_source=chrome-app-launcher-info-dialog Thus far, Jureeka is integrated with all legal materials published by the Legal Information Institute long located at Cornell Law School, as well as the Justia archives of U.S. case law. Rumor has it that the extension will be extended to cover materials published by other Legal Information Institutes at various law schools around the globe.
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

Indictment Looms For Hillary As FBI Declares 22 Home-Server Emails "Top Secret" - 0 views

www.mintpressnews.com/...213241

Auction 2016 Hillary-emails

shared by Paul Merrell on 31 Jan 16 - No Cached
  • Indictment Looms For Hillary As FBI Declares 22 Home-Server Emails “Top Secret” The leaking of the Clinton emails has been compared to as the next “Watergate”. By ZeroHedge.com | January 30, 2016 Share this article! targ
  • The State Department will release more emails from Clinton’s time as secretary of state later Friday. But The Associated Press has learned that 7 email chains are being withheld in full for containing “top secret” material. The 37 pages include messages recently described by a key intelligence official as concerning so-called “special access programs” — a highly restricted subset of classified material that could point to confidential sources or clandestine programs like drone strikes or government eavesdropping. Department officials wouldn’t describe the substance of the emails, or say if Clinton had sent any herself. Spokesman John Kirby tells the AP that no judgment on past classification was made. But the department is looking into that, too.
  • For those that Clinton only read, and didn’t write or forward, she still would have been required to report classification slippages that she recognized. Possible responses for classification infractions include counseling, warnings or other action, State Department officials said, though they declined to say if these applied to Clinton or senior aides who’ve since left the department. The officials weren’t authorized to speak on the matter and spoke on condition of anonymity. However, as we previously noted, the implications are tough for The DoJ – if they indict they crush their own candidate’s chances of the Presidency, if they do not – someone will leak the details and the FBI will revolt… The leaking of the Clinton emails has been compared to as the next “Watergate” by former U.S. Attorney Joe DiGenova this week, if current FBI investigations don’t proceed in an appropriate manner. The revelation comes after more emails from Hilary Clinton’s personal email have come to light. “[The investigation has reached] a critical mass,” DiGenova told radio host Laura Ingraham when discussing the FBI’s still pending investigation. Though Clinton is still yet to be charged with any crime, DiGenova advised on Tuesday that changes may be on the horizon. The mishandling over the classified intelligence may lead to an imminent indictment, with DiGenova suggesting it may come to a head within 60 days.
  • ...1 more annotation...
  • I believe that the evidence that the FBI is compiling will be so compelling that, unless [Lynch] agrees to the charges, there will be a massive revolt inside the FBI, which she will not be able to survive as an attorney general,” he said. “The intelligence community will not stand for that. They will fight for indictment and they are already in the process of gearing themselves to basically revolt if she refuses to bring charges.” The FBI also is looking into Clinton’s email setup, but has said nothing about the nature of its probe. Independent experts say it is highly unlikely that Clinton will be charged with wrongdoing, based on the limited details that have surfaced up to now and the lack of indications that she intended to break any laws. “What I would hope comes out of all of this is a bit of humility” and an acknowledgement from Clinton that “I made some serious mistakes,” said Bradley Moss, a Washington lawyer who regularly handles security clearance matters. Legal questions aside, it’s the potential political costs that are probably of more immediate concern for Clinton. She has struggled in surveys measuring her perceived trustworthiness and an active federal investigation, especially one buoyed by evidence that top secret material coursed through her account, could negate one of her main selling points for becoming commander in chief: Her national security resume.
Gary Edwards

How to Install Remix OS on PC and Laptop as Dual Boot - Tutorial | TechGlobeX - 1 views

www.techglobex.net/...on-windows-os-x-pc-laptop.html

Remix Android Remix-OS

shared by Gary Edwards on 08 May 16 - No Cached
  • Gary Edwards on 08 May 16
     
    "Remix OS is an Android based portable mobile operating system works similar like Windows, OS X and Linux (Ubuntu) desktop operating systems. Remix user interface comes with user-friendly options, features and functions i.e. minimize, maximize and close buttons on every program or software screens, start menu button on desktop home screen, taskbar, windows with title bar, multitasking in multi-windows, notification center, regular software updates etc. Some pre-installed android apps and games such as; Google Play Store, Google Chrome, Microsoft Office, E-Mail App, Twitter, Pinterest, Facebook, Evernote, Keyboard, Advanced File Manager and lots more. Remix OS users can even use mouse similar to Windows, OS X and Linux (Ubuntu) to perform operations like; double-click, left-click or right-click. As currently, Android is officially available for Smartphones and Tablets devices only, being an open-source, Remix OS is very useful for developers, testers and general public users to experience latest Android platform on bigger display screens."
Paul Merrell

Speech Recognition is NSA's Best-Kept Open Secret - The Intercept - 0 views

firstlook.org/...cognition-nsa-best-kept-secret

surveillance state NSA voice-to-text

shared by Paul Merrell on 13 May 15 - No Cached
  • Siri can understand what you say. Google can take dictation. Even your new smart TV is taking verbal orders. So is there any doubt the National Security Agency has the ability to translate spoken words into text? But precisely when the NSA does it, with which calls, and how often, is a well-guarded secret. It’s not surprising that the NSA isn’t talking about it. But oddly enough, neither is anyone else: Over the years, there’s been almost no public discussion of the NSA’s use of automated speech recognition.
  • Siri can understand what you say. Google can take dictation. Even your new smart TV is taking verbal orders. So is there any doubt the National Security Agency has the ability to translate spoken words into text? But precisely when the NSA does it, with which calls, and how often, is a well-guarded secret. It’s not surprising that the NSA isn’t talking about it. But oddly enough, neither is anyone else: Over the years, there’s been almost no public discussion of the NSA’s use of automated speech recognition. One minor exception was in 1999, when a young Australian cryptographer named Julian Assange stumbled across an NSA patent that mentioned “machine transcribed speech.”
  • One minor exception was in 1999, when a young Australian cryptographer named Julian Assange stumbled across an NSA patent that mentioned “machine transcribed speech.” Assange, who went on to found WikiLeaks, said at the time: “This patent should worry people. Everyone’s overseas phone calls are or may soon be tapped, transcribed and archived in the bowels of an unaccountable foreign spy agency.” The most comprehensive post-Snowden descriptions of NSA’s surveillance programs are strangely silent when it comes to speech recognition. The report from the President’s Review Group on Intelligence and Communications Technologies doesn’t mention it, and neither does the October 2011 FISA Court ruling, or the detailed reports from the Privacy and Civil Liberties Oversight Board.
  • ...3 more annotations...
  • There is some mention of speech recognition in the “Black Budget” submitted to Congress each year. But there’s no clear sign that anybody on the Hill has ever really noticed. As The Intercept reported on Tuesday, items from the Snowden archive document the widespread use of automated speech recognition by the NSA. The strategic advantage, invasive potential and policy implications of being able to turn spoken words into text are not trivial: Suddenly, voice conversations, historically considered ephemeral and unsearchable, can be scanned, catalogued and archived — not perfectly, but well enough to dramatically increase the effective scope of eavesdropping. Former senior NSA executive turned whistleblower Thomas Drake, who’s seen NSA’s automated speech recognition at work, says the silence is telling.
  • “You’re seeing a black hole,” Drake told The Intercept. “That means there’s something there that’s really significant. You’re seeing some of the fuzzy contours of this whole other program.”
  • Senator Ron Wyden, D-Ore., arguably the foremost congressional critic of NSA overreach, wouldn’t comment directly on the question of speech recognition. But, he said through a spokesperson: “After 14 years on the Intelligence Committee, I’ve learned that senators must be constantly on the lookout for secret interpretations of the law and advances in surveillance that Congress isn’t aware of.” He added: “For centuries, individual privacy was protected in part by the limited resources of governments. It simply wasn’t possible for governments to secretly collect information on every single citizen without investing in massive networks of spies and informants. But in the 21st century mass surveillance is no longer difficult and expensive — it’s increasingly cheap and easy. The only privacy protections that will matter in the future are the ones that are written into law and defended by public demand for freedom and openness.”
  • Paul Merrell on 13 May 15
     
    A "black hole" at the NSA? Voice-to-text is indeed an ultra-powerful intelligence tool, but only if you are gathering verbal conversations. As content, verbal conversations should be off-limits without a court order. But is NSA honoring that limitation? And is the FISA Court enforcing it?
Paul Merrell

Putin orders military to take tough action against threats in Syria - MIDEAST - 0 views

www.hurriyetdailynews.com/against-threats-in-syria-.aspx

war & peace Syria Russia Putin hardball

shared by Paul Merrell on 12 Dec 15 - No Cached
  • Sub Categories: » HOMEPAGE / WORLD/ MIDEASTSaturday,December 12 2015, Your time is 1:49:10 AMMIDEAST >Putin orders military to take tough action against threats in Syria MOSCOW - Agence France-PressePrint Page Send to friend » Share on FacebookRussian President Vladimir Putin addresses the audience during an annual meeting at the Defence Ministry in Moscow, Russia, December 11, 2015. REUTERS PhotoPresident Vladimir Putin on Dec. 11 ordered his forces in Syria to take tough action against any threats, speaking two weeks after Turkey shot down a Russian warplane in the war-torn country."I order you to act as tough as possible," he told a defence meeting in televised remarks.     "Any targets threatening the Russian grouping or our land infrastructure should be immediately destroyed."   "I would like to warn those who would once again try to organise some sort of provocations against our servicemen," he said in a thinly veiled threat to Ankara.
  • Putin's call for a tougher military response is also likely to cause concern among monitors who have repeatedly accused Russia of conducting an indiscriminate bombing campaign and killing civilians in Syria.   Russia has been carrying out air strikes in the war-ravaged nation at the request of President Bashar al-Assad since the end of September, while a US-led coalition is conducting its own campaign targeting the Islamic State of Iraq and the Levant (ISIL).      Earlier this week Russia said it hit IS targets with missiles fired from a submarine in the Mediterranean for the first time since launching the campaign on September 30.     Putin rejected claims that Russia is using the Syrian campaign, which also saw the military fire off cruise missiles from warships in the Caspean Sea, to showcase its top weapons to the West.   "Our actions there are not guided by some unclear abstract geopolitical interests, nor are they guided by a desire to practice and test new weapons systems which is of course important in itself," Putin said at the defence meeting.   "The most important thing is not this. The most important thing is to prevent the threat to Russia itself."   Defence Minister Sergei Shoigu, for his part, said ISIL jihadists now control 70 percent of Syrian territory, putting their number at 60,000.
Paul Merrell

Democratic establishment unmasked: prime defenders of NSA bulk spying l Glenn Greenwald... - 0 views

www.guardian.co.uk/...democratic-establishment-nsa

surveillance state NSA bi-partisan obama legislation

shared by Paul Merrell on 25 Jul 13 - No Cached
  • Paul Merrell on 25 Jul 13
     
    Rep. Michelle Bachman needs an education about the First and Fourth Amendments, as do over 200 other members of the U.S. House of Representatives. If you click through on the link to the roll call vote results to see how your member of Congress voted, you may encounter a black-on-black screen if you are using Google Chrome. However, that results page displays just fine in Firefox.   
Gary Edwards

Security, the Edward Snowden Way - Datamation - 0 views

www.datamation.com/...-the-edward-snowden-way-1.html

security Edward-Snowden

shared by Gary Edwards on 25 Jul 14 - No Cached
  • NoScript NoScript is a free extension for Mozilla-based web browsers, including Firefox. It blocks executable web content by default. This blocking includes JavaScript, Java, Flash and Silverlight. You can whitelist sites if you want to use such content on a site-by-site basis. Or, if you choose, you can make all sites active by default and choose to blacklist sites you think might be dangerous. A visual button tells you if active content has been blocked on the current site.
  • PGP In the first chapter of his book “No Place to Hide,” journalist Glenn Greenwald wrote that Edward Snowden contacted him using the alias “Cincinnatus,” and said he would tell Greenwald some highly newsworthy facts, but only if he installed Pretty Good Privacy (PGP) first. (Greenwald didn’t know the magnitude of the scoop being offered to him and didn’t get around to installing PGP for months, thus delaying the leak.) PGP, of course, is a 23-year-old encryption program that can be used for email, as well as files and other things.
  • Tor Tor is a free application that routes your Internet traffic through a global volunteer network of thousands of relays that play a shell game with your data so your location and Internet travels are concealed. Tor, which used to stand for “The Onion router” in a reference to layers of encryption, encrypts data in multiple layers that prevents snoops from being able to figure out any details about your web travels, such as where you are or what you’re looking at. Tor was developed in part by US government funding as a way to enable citizens in repressive countries to communicate safely. And the NSA has a lot of respect for it. But in a recent controversy, two Carnegie Mellon researchers said they would give a talk at the Black Hat USA 2014 conference next month telling how to identify Tor users inexpensively (for only $3,000). The session was cut from the lineup because university lawyers didn’t approve it. The institute that the researchers work for is funded by the Pentagon, but the Department of Homeland Security said they did not request that the talk be cancelled.
  • Gary Edwards on 25 Jul 14
     
    "Whether you think NSA whistleblower Edward Snowden is a hero or a traitor, you have to admit: The guy knows how to keep his information secure. The fact that Snowden isn't sitting in Guantanamo right now with ankle cuffs and a bag over his head demonstrates his ability to avoid detection. Snowden spoke at the Hope X conference in New York this month via a Google+ Hangout from Russia, and called on developers to build privacy and security into everyday products. He also hinted that he planned to work on building such technology. If you look into the details of what's been happening with tracking, surveillance, spying, hacking and global cyber industrial espionage, you can see that Snowden is right. We all need a lot better protection from snoops of all stripes. But how does the non-expert get started? One option is to listen to Snowden himself. Over the past year, Snowden has in one format or another, made specific product recommendations. Here are the products Snowden has explicitly recommended since the trove of documents on the NSA has been publicly revealed. (The list is in alphabetical order.) Ghostery Ghostery, made by a company called Evidon, is a browser extension for Chrome, Firefox, Safari and Internet Explorer. It exists for two purposes. The first is to block tracking code, which makes browsing the web both more private and also faster. The second purpose is, somewhat contradictory -- Evidon collects data from you to help advertisers avoid being blocked. It also enables website owners to gain insights into the tracking code deployed on their site by third-party advertising companies. Note that Snowden recommended Ghostery some time ago. But this month, the Electronic Frontier Foundation launched a competing product that I would imagine Snowden would recommend called Privacy Badger."
  • Paul Merrell on 26 Jul 14
     
    I'd back Snowden in 2016 as a write-in candidate for President.
Paul Merrell

Did Congress's Best Plan for NSA Reform Just Lose Its Teeth? | The Nation - 0 views

www.thenation.com/...nsa-reform-just-lose-its-teeth

surveillance state NSA-reform legislation

shared by Paul Merrell on 09 May 14 - No Cached
  • For the first time since Edward Snowden revealed some of the National Security Agency’s (NSA’s) surveillance programs last June, a congressional committee has voted to send legislation intended to curb the government’s spying power on for a full vote. On Wednesday, the House Judiciary Committee passed a version of the USA Freedom Act, considered by civil liberties advocates to be among the strongest of several competing reform bills. But what lawmakers voted unanimously to approve is a trimmed down version that is narrower in significant ways. The revision is the result of an agreement crafted by members of the Judiciary Committee— including Republican chairman Bob Goodlatte, who voted previously against an attempt to limit the NSA’s reach—in a bid to win wider support. In its compromised form the bill is more specifically focused on the phone records program and the statute that authorizes it, Section 215 of the Patriot Act. Under the amended version of the bill, the government itself would no longer be allowed to hold a database of people’s calling records, and would have to seek a judge’s order before collecting data held by the telecom companies—a change that President Obama has said he would support. The bill would also increase transparency by allowing phone companies to inform the public about the requests for data they receive.
  • Cut out of the amended version is a ban on unauthorized “back door” searches, the practice of mining a database of foreigners’ communications for the emails and phone calls of American citizens. Such searches are made under a different authority, Section 702 of the Foreign Intelligence Surveillance Act (FISA), which lawmakers left untouched during Wednesday’s markup. The amendment also softened reforms to the secret court that authorizes the NSA’s surveillance activities, and preserved the requirement that the government need only prove “reasonable articulable suspicion” that records sought are relevant to an open investigation—the NSA’s preferred relevancy standard.
  • there’s valid concern that the phone records program will turn out to be a sacrificial lamb for the administration, something given up in the hopes that Congress will wash its hands of the rest. The dragnet is not disappearing under the USA Freedom Act; metadata will still be available to the government, if not quite so freely; and a single court order will allow officials to explore phone records two “hops” away from the initial target—potentially millions of records. It’s unclear whether the bill explicitly bars intelligence agencies from collecting the contents of communications under Section 215, a provision that originally distinguished the USA Freedom Act from Rogers’s bill. Though the ban was absent in the version that passed the committee, Lofgren speculated that the omission was due to a clerical error. What’s for sure is that Congress’s ability to truly reform—and oversee— the intelligence community remains unclear.
Paul Merrell

Spy Chief James Clapper Wins Rosemary Award - 0 views

www2.gwu.edu/...20140324

surveillance state NSA Rosemary-Award Obama Clapper Alexander

shared by Paul Merrell on 24 Mar 14 - No Cached
  • Director of National Intelligence James Clapper has won the infamous Rosemary Award for worst open government performance in 2013, according to the citation published today by the National Security Archive at www.nsarchive.org. Despite heavy competition, Clapper's "No, sir" lie to Senator Ron Wyden's question: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" sealed his receipt of the dubious achievement award, which cites the vastly excessive secrecy of the entire U.S. surveillance establishment. The Rosemary Award citation leads with what Clapper later called the "least untruthful" answer possible to congressional questions about the secret bulk collection of Americans' phone call data. It further cites other Clapper claims later proved false, such as his 2012 statement that "we don't hold data on U.S. citizens." But the Award also recognizes Clapper's fellow secrecy fetishists and enablers, including:
  • Gen. Keith Alexander, director of the NSA, for multiple Rose Mary Woods-type stretches, such as (1) claiming that the secret bulk collection prevented 54 terrorist plots against the U.S. when the actual number, according to the congressionally-established Privacy and Civil Liberties Oversight Board (PCLOB) investigation (pp. 145-153), is zero; (2) his 2009 declaration to the wiretap court that multiple NSA violations of the court's orders arose from differences over "terminology," an explanation which the chief judge said "strains credulity;" and (3) public statements by the NSA about its programs that had to be taken down from its website for inaccuracies (see Documents 78, 85, 87 in The Snowden Affair), along with public statements by other top NSA officials now known to be untrue (see "Remarks of Rajesh De," NSA General Counsel, Document 53 in The Snowden Affair).
  • Robert Mueller, former FBI director, for suggesting (as have Gen. Alexander and many others) that the secret bulk collection program might have been able to prevent the 9/11 attacks, when the 9/11 Commission found explicitly the problem was not lack of data points, but failing to connect the many dots the intelligence community already had about the would-be hijackers living in San Diego. The National Security Division lawyers at the Justice Department, for misleading their own Solicitor General (Donald Verrilli) who then misled (inadvertently) the U.S. Supreme Court over whether Justice let defendants know that bulk collection had contributed to their prosecutions. The same National Security Division lawyers who swore under oath in the Electronic Frontier Foundation's Freedom of Information Act lawsuit for a key wiretap court opinion that the entire text of the opinion was appropriately classified Top Secret/Sensitive Compartmented Information (release of which would cause "exceptionally grave damage" to U.S. national security). Only after the Edward Snowden leaks and the embarrassed governmental declassification of the opinion did we find that one key part of the opinion's text simply reproduced the actual language of the 4th Amendment to the U.S. Constitution, and the only "grave damage" was to the government's false claims.
  • ...9 more annotations...
  • President Obama for his repeated misrepresentations about the bulk collection program (calling the wiretap court "transparent" and saying "all of Congress" knew "exactly how this program works") while in effect acknowledging the public value of the Edward Snowden leaks by ordering the long-overdue declassification of key documents about the NSA's activities, and investigations both by a special panel and by the Privacy and Civil Liberties Oversight Board. The PCLOB directly contradicted the President, pointing out that "when the only means through which legislators can try to understand a prior interpretation of the law is to read a short description of an operational program, prepared by executive branch officials, made available only at certain times and locations, which cannot be discussed with others except in classified briefings conducted by those same executive branch officials, legislators are denied a meaningful opportunity to gauge the legitimacy and implications of the legal interpretation in question. Under such circumstances, it is not a legitimate method of statutory construction to presume that these legislators, when reenacting the statute, intended to adopt a prior interpretation that they had no fair means of evaluating." (p. 101)
  • Even an author of the Patriot Act, Rep. Jim Sensenbrenner (R-WI), was broadsided by the revelation of the telephone metadata dragnet. After learning of the extent of spying on Americans that his Act unleashed, he wrote that the National Security Agency "ignored restrictions painstakingly crafted by lawmakers and assumed plenary authority never imagined by Congress" by cloaking its actions behind the "thick cloud of secrecy" that even our elected representatives could not breech. Clapper recently conceded to the Daily Beast, "I probably shouldn't say this, but I will. Had we been transparent about this [phone metadata collection] from the outset … we wouldn't have had the problem we had." The NSA's former deputy director, John "Chris" Inglis, said the same when NPR asked him if he thought the metadata dragnet should have been disclosed before Snowden. "In hindsight, yes. In hindsight, yes." Speaking about potential (relatively minimal) changes to the National Security Agency even the president acknowledged, "And all too often new authorities were instituted without adequate public debate," and "Given the unique power of the state, it is not enough for leaders to say: Trust us. We won't abuse the data we collect. For history has too many examples when that trust has been breached." (Exhibit A, of course, is the NSA "watchlist" in the 1960's and 1970's that targeted not only antiwar and civil rights activists, but also journalists and even members of Congress.)
  • The Archive established the not-so-coveted Rosemary Award in 2005, named after President Nixon's secretary, Rose Mary Woods, who testified she had erased 18-and-a-half minutes of a crucial Watergate tape — stretching, as she showed photographers, to answer the phone with her foot still on the transcription pedal. Bestowed annually to highlight the lowlights of government secrecy, the Rosemary Award has recognized a rogue's gallery of open government scofflaws, including the CIA, the Treasury Department, the Air Force, the FBI, the Federal Chief Information Officers' Council, and the career Rosemary leader — the Justice Department — for the last two years. Rosemary-winner James Clapper has offered several explanations for his untruthful disavowal of the National Security Agency's phone metadata dragnet. After his lie was exposed by the Edward Snowden revelations, Clapper first complained to NBC's Andrea Mitchell that the question about the NSA's surveillance of Americans was unfair, a — in his words — "When are you going to stop beating your wife kind of question." So, he responded "in what I thought was the most truthful, or least untruthful, manner by saying 'no.'"
  • After continuing criticism for his lie, Clapper wrote a letter to Chairman of the Senate Select Committee on Intelligence Dianne Feinstein, now explaining that he misunderstood Wyden's question and thought it was about the PRISM program (under Section 702 of the Foreign Intelligence Surveillance Act) rather than the telephone metadata collection program (under Section 215 of the Patriot Act). Clapper wrote that his staff "acknowledged the error" to Senator Wyden soon after — yet he chose to reject Wyden's offer to amend his answer. Former NSA senior counsel Joel Brenner blamed Congress for even asking the question, claiming that Wyden "sandbagged" Clapper by the "vicious tactic" of asking "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" Meanwhile, Steve Aftergood of the Federation of American Scientists countered that "it is of course wrong for officials to make false statements, as DNI Clapper did," and that in fact the Senate Intelligence Committee "became complicit in public deception" for failing to rebut or correct Clapper's statement, which they knew to be untruthful. Clapper described his unclassified testimony as a game of "stump the chump." But when it came to oversight of the National Security Agency, it appears that senators and representatives were the chumps being stumped. According to Representative Justin Amash (R-Mich), the House Intelligence Committee "decided it wasn't worthwhile to share this information" about telephone metadata surveillance with other members of Congress. Classified briefings open to the whole House were a "farce," Amash contended, often consisting of information found in newspapers and public statutes.
  • The Emmy and George Polk Award-winning National Security Archive, based at the George Washington University, has carried out thirteen government-wide audits of FOIA performance, filed more than 50,000 Freedom of Information Act requests over the past 28 years, opened historic government secrets ranging from the CIA's "Family Jewels" to documents about the testing of stealth aircraft at Area 51, and won a series of historic lawsuits that saved hundreds of millions of White House e-mails from the Reagan through Obama presidencies, among many other achievements.
  • Director Clapper joins an undistinguished list of previous Rosemary Award winners: 2012 - the Justice Department (in a repeat performance, for failure to update FOIA regulations for compliance with the law, undermining congressional intent, and hyping its open government statistics) 2011- the Justice Department (for doing more than any other agency to eviscerate President Obama's Day One transparency pledge, through pit-bull whistleblower prosecutions, recycled secrecy arguments in court cases, retrograde FOIA regulations, and mixed FOIA responsiveness) 2010 - the Federal Chief Information Officers' Council (for "lifetime failure" to address the crisis in government e-mail preservation) 2009 - the FBI (for having a record-setting rate of "no records" responses to FOIA requests) 2008 - the Treasury Department (for shredding FOIA requests and delaying responses for decades) 2007 - the Air Force (for disappearing its FOIA requests and having "failed miserably" to meet its FOIA obligations, according to a federal court ruling) 2006 - the Central Intelligence Agency (for the biggest one-year drop-off in responsiveness to FOIA requests yet recorded).   ALSO-RANS The Rosemary Award competition in 2013 was fierce, with a host of government contenders threatening to surpass the Clapper "least untruthful" standard. These secrecy over-achievers included the following FOI delinquents:
  • Admiral William McRaven, head of the Special Operations Command for the raid that killed Osama Bin Laden, who purged his command's computers and file cabinets of all records on the raid, sent any remaining copies over to CIA where they would be effectively immune from the FOIA, and then masterminded a "no records" response to the Associated Press when the AP reporters filed FOIA requests for raid-related materials and photos. If not for a one-sentence mention in a leaked draft inspector general report — which the IG deleted for the final version — no one would have been the wiser about McRaven's shell game. Subsequently, a FOIA lawsuit by Judicial Watch uncovered the sole remaining e-mail from McRaven ordering the evidence destruction, in apparent violation of federal records laws, a felony for which the Admiral seems to have paid no price. Department of Defense classification reviewers who censored from a 1962 document on the Cuban Missile Crisis direct quotes from public statements by Soviet Premier Nikita Khrushchev. The quotes referred to the U.S. Jupiter missiles in Turkey that would ultimately (and secretly) be pulled out in exchange for Soviet withdrawal of its missiles in Cuba. The denials even occurred after an appeal by the National Security Archive, which provided as supporting material the text of the Khrushchev statements and multiple other officially declassified documents (and photographs!) describing the Jupiters in Turkey. Such absurd classification decisions call into question all of the standards used by the Pentagon and the National Declassification Center to review historical documents.
  • Admiral William McRaven memo from May 13, 2011, ordering the destruction of evidence relating to the Osama bin Laden raid. (From Judicial Watch)
  • The Department of Justice Office of Information Policy, which continues to misrepresent to Congress the government's FOIA performance, while enabling dramatic increases in the number of times government agencies invoke the purely discretionary "deliberative process" exemption. Five years after President Obama declared a "presumption of openness" for FOIA requests, Justice lawyers still cannot show a single case of FOIA litigation in which the purported new standards (including orders from their own boss, Attorney General Eric Holder) have caused the Department to change its position in favor of disclosure.
Paul Merrell

NSA contracted French cyber-firm for hacking help - RT USA - 0 views

rt.com/...nsa-vupen-exploit-hack-978

surveillance state NSA NSA-methods exploit-purchases

shared by Paul Merrell on 28 Mar 14 - No Cached
  • The latest revelation regarding the National Security Agency doesn't come courtesy of Edward Snowden. A Freedom of Information Act request has confirmed the NSA contracted a French company that makes its money by hacking into computers. It's no secret that the United States government relies on an arsenal of tactics to gather intelligence and wage operations against its adversaries, but a FOIA request filed by Muckrock's Heather Akers-Healy has confirmed that the list of Uncle Sam's business partners include Vupen, a French-based security company that specializes in selling secret codes used to crack into computers. Documents responsive to my request to #NSA for contracts with VUPEN, include 12/month exploit subscription https://t.co/x3qJbqSUpa — Heather Akers-Healy (@abbynormative) September 16, 2013 Muckrock published on Monday a copy of a contract between the NSA and Vupen in which the US government is shown to have ordered a one-year subscription to the firm's “binary analysis and exploits service” last September.
  • That service, according to the Vupen website, is sold only to government entities, law enforcement agencies and computer response teams in select countries, and provides clients with access to so-called zero-day exploits: newly-discovered security vulnerabilities that the products' manufacturers have yet to discover and, therefore, have had zero days to patch-up. “Major software vendors such as Microsoft and Adobe usually take 6 to 9 months to release a security patch for a critical vulnerability affecting their products, and this long delay between the discovery of a vulnerability and the release of a patch creates a window of exposure during which criminals can rediscover a previously reported but unpatched vulnerability, and target any organization running the vulnerable software,” Vupen says elsewhere on their website. Last year, Vupen researchers successfully cracked Google's Chrome browser, but declined to show developers how they did so — even for an impressive cash bounty. “We wouldn’t share this with Google for even $1 million,” Vupen CEO Chaouki Bekrar told Forbes' Andy Greenberg of the Chrome hack in 2012. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”
  • And why the NSA and other clients may benefit from being privy to these vulnerabilities, knowing how to exploit security holes in adversarial systems is a crucial component to any government's offensive cyber-operations. Last month, the Washington Post published excerpts from the previously secretive “black budget,” a closely guarded ledger listing the funding requests made by America's intelligence community provided by NSA leaker Edward Snowden. According to that document, a substantial goal of the US in fiscal year 2013 was to use a portion of $52.6 billion in secretive funding towards improving offensive cyber-operations.
  • ...1 more annotation...
  • The portion of the contract obtained by Muckrock where the cost of the subscription is listed has been redacted, but a Vupen hacker who spoke to Greenberg last year said deals in the five-figures wasn't uncommon. "People seem surprised to discover that major government agencies are acquiring Vupen's vulnerability intelligence," Bekrar wrote in an email to Information Week's Matthew Schwartz after the NSA contract with his signature was published. "There is no news here, governments need to leverage the most detailed and advanced vulnerability research to protect their infrastructures and citizens against adversaries." Critics of Vupen and its competitors see government-waged cyber-operations in a different light, however. Christopher Soghoian of the American Civil Liberties Union's Speech, Privacy and Technology Project has spoken outright against companies that sell exploits and have equated the computer codes being sold for big money as a new sort of underground arms trade fueling an international, online battle. To Greenberg last year, Soghoian described Vupen as  a “modern-day merchant of death” selling “the bullets for cyberwar," and upon publishing of the NSA contract called the company a “cyber weapon merchant.” The NSA is a customer of French 0-day cyber weapon merchant VUPEN, FOIA docs reveal: (via @ramdac & @MuckRockNews) https://t.co/OPJ82miK3c — Christopher Soghoian (@csoghoian) September 16, 2013
Paul Merrell

Pepe Escobar - The real November surprise -- Puppet Masters -- Sott.net - 0 views

www.sott.net/...bar-The-real-November-surprise

Auction 2016 Powers-that-Be Hillary Trump

shared by Paul Merrell on 03 Nov 16 - No Cached
  • "As bad as it is the folks above the President make the decisions. They may have decided on Trump. These things do not happen by accident." Thus spoke a high-level US business mover and shaker with secure transit in rarified Masters of the Universe-related circles, amidst the utter political chaos provoked by head of the FBI James Comey's latest bombshell. It's virtually established by now that US Attorney General Loretta Lynch told Comey not to release his letter to Congress. But Comey did it anyway. If he had not, and a scandal would - inevitably - spring up after the US presidential election, Lynch would be perfectly positioned to deny she knew anything, and Comey would be on the firing line. Lynch is a certified Clinton machine asset. In 1999 then-President Bill Clinton appointed her to run the Brooklyn US Attorney's office. She left in 2002, taking the private practice revolving door. She was back to the Brooklyn office in 2010, urged by Obama. Five years later she became the 83rd US Attorney General, replacing the dodgy Eric Holder. A plausible case has been made that Comey took his fateful decision based on a serious internal revolt at the FBI - led by key people he trusts — as well as being egged-on by his wife. Yet one of the key questions that refuse to go away is why the FBI waited until 11 days before the US presidential election to supposedly "find" an email trove on certified sexting pervert Anthony Weiner's laptop.
  •      "As bad as it is the folks above the President make the decisions. They may have decided on Trump. These things do not happen by accident." Thus spoke a high-level US business mover and shaker with secure transit in rarified Masters of the Universe-related circles, amidst the utter political chaos provoked by head of the FBI James Comey's latest bombshell. It's virtually established by now that US Attorney General Loretta Lynch told Comey not to release his letter to Congress. But Comey did it anyway. If he had not, and a scandal would - inevitably - spring up after the US presidential election, Lynch would be perfectly positioned to deny she knew anything, and Comey would be on the firing line. Lynch is a certified Clinton machine asset. In 1999 then-President Bill Clinton appointed her to run the Brooklyn US Attorney's office. She left in 2002, taking the private practice revolving door. She was back to the Brooklyn office in 2010, urged by Obama. Five years later she became the 83rd US Attorney General, replacing the dodgy Eric Holder. A plausible case has been made that Comey took his fateful decision based on a serious internal revolt at the FBI - led by key people he trusts — as well as being egged-on by his wife. Yet one of the key questions that refuse to go away is why the FBI waited until 11 days before the US presidential election to supposedly "find" an email trove on certified sexting pervert Anthony Weiner's laptop.
  • The business source, although unsympathetic to the Clinton machine, especially in foreign policy, is a realpolitik practitioner, not a conspiracy theorist. He is adamant that, "the FBI reversal could not have happened without orders above the President. If the Masters [of the Universe] have changed their mind, then they will destroy Hillary." He adds, "they can make a deal with Donald just like anyone else; Donald wins; the Masters win; the people think that their voice has been heard. And then there will be some sort of (controlled) change." What's paramount in the whole soap opera is that faith in the US political system — as corrupt as it may be — must endure. That mirrors the faith in the US dollar; if confidence in the US dollar fails, the US as a hegemonic financial power is no more. The source is equally adamant that, "it is almost unprecedented to see a cover-up as extensive as Hillary's. A secret meeting between Bill Clinton and the Attorney General; the FBI ignoring all evidence and initially clearing Hillary to near rebellion of the whole of the FBI, attested to by Rudolf Giuliani whose reputation as a federal prosecutor is unquestioned; the Clinton "pay for play" foundation. The Masters are troubled that this is getting out of hand." The record shows that "the Masters do not usually have to go to such lengths to protect their own. They did manage to save Bill Clinton from the Monica Lewinsky perjury and keep him in the presidency. The Masters were not attacked in this case. They even got away with the 1987 cash settlement crash and the theft surrounding the Lehman debacle. In all these cases there were no overarching challenges to their control, as we see now open to the public by Trump. They antagonized and insulted the wrong man."
Paul Merrell

HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review | Electronic Frontier Foun... - 0 views

www.eff.org/...g-leaps-and-bounds-2016-review

surveillance state https web-encryption stats

shared by Paul Merrell on 06 Jan 17 - No Cached
  • This was a great year for adoption of HTTPS encryption for secure connections to websites. HTTPS is an essential technology for security and privacy on the Web, and we've long been asking sites to turn it on to protect their users from spying (and from censorship and tampering with site content). This year, lots of factors came together to make it happen, including ongoing news about surveillance, advances in Web server capacity, nudges from industry, government, and Web browsers, and the Let's Encrypt certificate authority. By some measures, more than half of page loads in Firefox and in Chrome are now secured with HTTPS—the first time this has ever happened in the Web's history. That's right: for the first time ever, most pages viewed on the Web were encrypted! (As another year-in-review post will discuss, browsers are also experimenting with and rolling out stronger encryption technologies to better protect those connections.)
  • Sites large and small took turned on HTTPS in 2016, often using certificates from the Let's Encrypt certificate authority (sometimes with EFF's Certbot software, or a range of other options). In just a single year of broad public availability, Let's Encrypt has now helped enable secure connections for over 21 million websites, most of which never had certificates before.
  • A sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others. Sites they host, and visitors to those sites, can get a boost in security without having to do anything. (And we're getting ongoing benefits from providers like CloudFlare who made the switch in previous years.) A single hosting provider's decision can result in enabling encryption for hundreds of thousands or millions of customers; we hope others will take the plunge too! U.S. government sites also made significant progress adopting HTTPS this year, responding to the administration's guidance in support of HTTPS—a clear and practical explanation of why secure connections should be the default. A caveat: data from Google shows that use of HTTPS varies significantly from country to country, remaining especially uncommon in Japan. We've also heard that it's still uncommon across much of East and Southeast Asia. Next year, we'll have to find ways to bridge those gaps.
Paul Merrell

Yahoo to begin offering PGP encryption support in Yahoo Mail service | Ars Technica - 0 views

arstechnica.com/...-support-in-yahoo-mail-service

surveillance state NSA-reform NSA-blowback Yahoo! email

shared by Paul Merrell on 08 Aug 14 - No Cached
  • Yahoo Chief Information Security Officer Alex Stamos announced today at Black Hat 2014 that starting in the fall of this year, the purple-hued company will begin giving users the option of seamlessly wrapping their e-mails in PGP encryption. According to Kashmir Hill at Forbes, the encryption capability will be offered through a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail. The announcement was tweeted by Yan Zhu, who has reportedly been hired by Yahoo to adapt End-to-End for use with Yahoo Mail. Zhu formerly worked as an engineer at the Electronic Frontier Foundation, an organization that has consistently been outspoken in its call for the widespread use of encryption throughout the Web and the Internet in general.
1 - 15 of 15
Showing 20 items per page