Group items tagged

Change.gov, the website created by the Obama transition team in 2008, has effectively disappeared sometime over the last month. While the front splash page for Change.gov has linked to the main White House website for years, until recently, you could still continue on to see the materials and agenda laid out by the administration. This was a particularly helpful resource for those looking to compare Obama's performance in office against his vision for reform, laid out in detail on Change.gov. According to the Internet Archive, the last time that content (beyond the splash page) was available was June 8th -- last month.

Here's one possibility, from the administration's ethics agenda: Protect Whistleblowers: Often the best source of information about waste, fraud, and abuse in government is an existing government employee committed to public integrity and willing to speak out. Such acts of courage and patriotism, which can sometimes save lives and often save taxpayer dollars, should be encouraged rather than stifled. We need to empower federal employees as watchdogs of wrongdoing and partners in performance. Barack Obama will strengthen whistleblower laws to protect federal workers who expose waste, fraud, and abuse of authority in government. Obama will ensure that federal agencies expedite the process for reviewing whistleblower claims and whistleblowers have full access to courts and due process.

The scientists at DARPA say the current methods of searching the Internet for all manner of information just won't cut it in the future. Today the agency announced a program that would aim to totally revamp Internet search and "revolutionize the discovery, organization and presentation of search results." Specifically, the goal of DARPA's Memex program is to develop software that will enable domain-specific indexing of public web content and domain-specific search capabilities. According to the agency the technologies developed in the program will also provide the mechanisms for content discovery, information extraction, information retrieval, user collaboration, and other areas needed to address distributed aggregation, analysis, and presentation of web content.

Memex also aims to produce search results that are more immediately useful to specific domains and tasks, and to improve the ability of military, government and commercial enterprises to find and organize mission-critical publically available information on the Internet. "The current one-size-fits-all approach to indexing and search of web content limits use to the business case of web-scale commercial providers," the agency stated. 

The Memex program will address the need to move beyond a largely manual process of searching for exact text in a centralized index, including overcoming shortcomings such as: Limited scope and richness of indexed content, which may not include relevant components of the deep web such as temporary pages, pages behind forms, etc.; an impoverished index, which may not include shared content across pages, normalized content, automatic annotations, content aggregation, analysis, etc. Basic search interfaces, where every session is independent, there is no collaboration or history beyond the search term, and nearly exact text input is required; standard practice for interacting with the majority of web content, which remains one-at-a-time manual queries that return federated lists of results. Memex would ultimately apply to any public domain content; initially, DARPA  said it intends to develop Memex to address a key Defense Department mission: fighting human trafficking. Human trafficking is a factor in many types of military, law enforcement and intelligence investigations and has a significant web presence to attract customers. The use of forums, chats, advertisements, job postings, hidden services, etc., continues to enable a growing industry of modern slavery. An index curated for the counter-trafficking domain, along with configurable interfaces for search and analysis, would enable new opportunities to uncover and defeat trafficking enterprises.

Launched by the Institute for Public Accuracy in June 2014, ExposeFacts.org represents a new approach for encouraging whistleblowers to disclose information that citizens need to make truly informed decisions in a democracy. From the outset, our message is clear: “Whistleblowers Welcome at ExposeFacts.org.” ExposeFacts aims to shed light on concealed activities that are relevant to human rights, corporate malfeasance, the environment, civil liberties and war. At a time when key provisions of the First, Fourth and Fifth Amendments are under assault, we are standing up for a free press, privacy, transparency and due process as we seek to reveal official information—whether governmental or corporate—that the public has a right to know. While no software can provide an ironclad guarantee of confidentiality, ExposeFacts—assisted by the Freedom of the Press Foundation and its “SecureDrop” whistleblower submission system—is utilizing the latest technology on behalf of anonymity for anyone submitting materials via the ExposeFacts.org website. As journalists we are committed to the goal of protecting the identity of every source who wishes to remain anonymous.

The seasoned editorial board of ExposeFacts will be assessing all the submitted material and, when deemed appropriate, will arrange for journalistic release of information. In exercising its judgment, the editorial board is able to call on the expertise of the ExposeFacts advisory board, which includes more than 40 journalists, whistleblowers, former U.S. government officials and others with wide-ranging expertise. We are proud that Pentagon Papers whistleblower Daniel Ellsberg was the first person to become a member of the ExposeFacts advisory board. The icon below links to a SecureDrop implementation for ExposeFacts overseen by the Freedom of the Press Foundation and is only accessible using the Tor browser. As the Freedom of the Press Foundation notes, no one can guarantee 100 percent security, but this provides a “significantly more secure environment for sources to get information than exists through normal digital channels, but there are always risks.” ExposeFacts follows all guidelines as recommended by Freedom of the Press Foundation, and whistleblowers should too; the SecureDrop onion URL should only be accessed with the Tor browser — and, for added security, be running the Tails operating system. Whistleblowers should not log-in to SecureDrop from a home or office Internet connection, but rather from public wifi, preferably one you do not frequent. Whistleblowers should keep to a minimum interacting with whistleblowing-related websites unless they are using such secure software.

Thanks to China, Christine Lagarde of the International Monetary Fund, Jim Yong Kim of the World Bank and Takehiko Nakao of the Asian Development Bank may no longer have much meaningful work to do. Beijing's move to bail out Russia, on top of its recent aid for Venezuela and Argentina, signals the death of the post-war Bretton Woods world. It’s also marks the beginning of the end for America's linchpin role in the global economy and Japan's influence in Asia. What is China's new Asian Infrastructure Investment Bank if not an ADB killer? If Japan, ADB's main benefactor, won't share the presidency with Asian peers, Beijing will just use its deep pockets to overpower it. Lagarde's and Kim’s shops also are looking at a future in which crisis-wracked governments call Beijing before Washington. 

China stepping up its role as lender of last resort upends an economic development game that's been decades in the making. The IMF, World Bank and ADB are bloated, change-adverse institutions.  When Ukraine received a $17 billion IMF-led bailout this year it was about shoring up a geopolitically important economy, not geopolitical blackmail. Chinese President Xi Jinping's government doesn't care about upgrading economies, the health of tax regimes or central bank reserves. It cares about loyalty. The quid pro quo: For our generous assistance we expect your full support on everything from Taiwan to territorial disputes to deadening the West’s pesky focus on human rights.

This may sound hyperbolic; Russia, Argentina and Venezuela are already at odds with the U.S. and its allies. But what about Europe? In 2011 and 2012, it looked to Beijing to save euro bond markets through massive purchases. Expect more of this dynamic in 2015 should fresh turmoil hit the euro zone, at which time Beijing will expect European leaders to pull their diplomatic punches. What happens if the Federal Reserve’s tapering slams economies from India to Indonesia and governments look to China for help? Why would Cambodia, Laos or Vietnam bother with the IMF’s conditions when China writes big checks with few strings attached? Beijing’s $24 billion currency swap program to help Russia is a sign of things to come. Russia, it's often said, is too nuclear to fail. As Moscow weathers the worst crisis since the 1998 default, it’s tempting to view China as a good global citizen. But Beijing is just enabling President Vladimir Putin, who’s now under zero pressure to diversify his economy away from oil. The same goes for China’s $2.3 billion currency swap with Argentina and its $4 billion loan to Venezuela. In the Chinese century, bad behavior has its rewards.

The United States government has already declared that in regards to what it alleges to be a Russian cyberattack against the U.S. Democratic Party, the U.S. reserves the right to go to war against Russia. NATO has accordingly changed its policy so as to assert that a cyberattack (in this case actually cyber-espionage, such as the U.S. government itself perpetrates against even its own allies such as Angela Merkel by tapping her phone) constitutes an act of war by the alleged cyberattacker, and so requires all NATO member nations to join any cyberattacked NATO nation in war against its alleged (cyber)attacker, if the cyberattacked member declares war against its alleged cyberattacker. Excuses are being sought for a war against Russia; and expanding the definition of “invasion,” to include mere espionage, is one such excuse. But it’s not the only one that the Obama Administration has cooked up. U.S. Senator Mike Lee has asserted that President Barack Obama must obtain a declaration of war against Syria — which is allied with and defended by Russia — before invading Syria. Syria has, for the past few years, already been invaded by tens of thousands of foreign jihadists (financed mainly by the royal Sauds and Qataris, and armed mainly with U.S. weaponry) who are trying to overthrow and replace the Syrian government so that pipelines can be built through Syria into Europe to transport Saudi oil and Qatari gas into the EU, the world’s biggest energy-market, which now is dominated by Russia’s oil and gas. Since Syria is already being defended by Russia (those royals’ major competitor in the oil and gas markets), America’s invasion of Syria would necessarily place U.S. and Russia into an air-war against each other (for the benefit of those royal Arabs — who finance jihadist groups, as even Hillary Clinton acknowledges): Syria would thus become a battleground in a broader war against Russia. So: declaring war against Syria would be a second excuse for World War III, and one which would especially serve the desires not only of U.S. ‘defense’ firms but of the U.S. aristocracy’s royal Arabic allies, who buy much of those ‘defense’ firms’ exports (weaponry), and also U.S. oilfield services firms such as pipelines by Halliburton. (It’s good business for them, no one else. Taxpayers and war-victims pay, but those corporations — and royal families — would profit.)

The U.S. government also declares that Russia ‘conquered’ Crimea in 2014 and that Russia must restore it to Ukraine. The U.S. government wants Ukraine to be accepted into NATO, so that all NATO nations will be at war against Russia if Russia doesn’t return Crimea to Ukraine, of which Crimea had only briefly (1954-2014) been a part, until Crimeans voted on 16 March 2014 to rejoin Russia. This Crimean issue is already the basis for America’s economic sanctions against Russia, and thus Russia’s continuing refusal to coerce Crimeans to accept again being part of Ukraine would be yet a third excuse for WW III.

Hillary Clinton says “As President, I will make it clear, that the United States will treat cyber attacks just like any other attack.” She alleges that when information was unauthorizedly made public from Democratic National Committee computers, the cyberattacker was Russia. She can be counted as a strong proponent of that excuse for WW3. She’s with Barack Obama and the other neocons on that. She has furthermore said that the U.S. should shoot down any Russian and Syrian bombers in Syria — the phrase for that proposed U.S. policy is to “establish a no-fly zone” there. She makes clear: “I am advocating the no-fly zone.” It would be war against not only Syria, but Russia. (After all: a no-fly zone in which the U.S. is shooting down the government’s planes and Russia’s planes, would be war by the U.S. against both Syria and Russia, but that’s what she wants to do.) She can thus be counted as a strong proponent of those two excuses for WW3.

This was a great year for adoption of HTTPS encryption for secure connections to websites. HTTPS is an essential technology for security and privacy on the Web, and we've long been asking sites to turn it on to protect their users from spying (and from censorship and tampering with site content). This year, lots of factors came together to make it happen, including ongoing news about surveillance, advances in Web server capacity, nudges from industry, government, and Web browsers, and the Let's Encrypt certificate authority. By some measures, more than half of page loads in Firefox and in Chrome are now secured with HTTPS—the first time this has ever happened in the Web's history. That's right: for the first time ever, most pages viewed on the Web were encrypted! (As another year-in-review post will discuss, browsers are also experimenting with and rolling out stronger encryption technologies to better protect those connections.)

Sites large and small took turned on HTTPS in 2016, often using certificates from the Let's Encrypt certificate authority (sometimes with EFF's Certbot software, or a range of other options). In just a single year of broad public availability, Let's Encrypt has now helped enable secure connections for over 21 million websites, most of which never had certificates before.

A sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others. Sites they host, and visitors to those sites, can get a boost in security without having to do anything. (And we're getting ongoing benefits from providers like CloudFlare who made the switch in previous years.) A single hosting provider's decision can result in enabling encryption for hundreds of thousands or millions of customers; we hope others will take the plunge too! U.S. government sites also made significant progress adopting HTTPS this year, responding to the administration's guidance in support of HTTPS—a clear and practical explanation of why secure connections should be the default. A caveat: data from Google shows that use of HTTPS varies significantly from country to country, remaining especially uncommon in Japan. We've also heard that it's still uncommon across much of East and Southeast Asia. Next year, we'll have to find ways to bridge those gaps.

The Dutch intelligence service - AIVD - hacks internet web forums to collect the data of all users. The majority of these people are unknown to the intelligence services and are not specified as targets when the hacking and data-collection process starts. A secret document of former NSA-contractor Edward Snowden shows that the AIVD use a technology called Computer Network Exploitation – CNE – to hack the web forums and collect the data.

Nico van Eijk, a Dutch professor in Information Law, is of the opinion that the Dutch intelligence service has crossed the boundaries of Dutch legislation. “They use sweeps to collect data from all users of web forums. The use of these techniques could easily lead to mass surveillance by the government.” IT specialist Matthijs Koot says that the exploitation of this technology can lead to a blurring of the lines between normal citizens and legitimate targets of the intelligence services. The document summarizes a meeting held on February 14, 2013 between officials of the NSA and the Dutch intelligence services - AIVD and MIVD. During this meeting Dutch officials briefed their American counterparts on the way they target web forums with the CNE technique. “They acquire MySQL databases via CNE access”, the document reads. MySQL is free open source software used to build databases for web forums. These databases contain all the posts of all the users of the forum and their personal data. During the meeting Dutch intelligence officers explained how they use the information in the database. In order to identify targets. According to the document the Dutch “are looking at marrying the forum data with other social network info, and trying to figure out good ways to mine the data that they have.”

A group of Dutch members of parliament have called for a parliamentary inquiry into the way the secret services are collecting and using data. The Dutch intelligence services have been previously criticised by an oversight committee for the way in which they have used legally intercepted data. According to this committee the search queries the intelligence services used to filter the data, were not specific enough. The use of generic queries, the committee concluded, was “not in accordance with Dutch law”. A spokesperson for the Dutch government refused to comment on the use of data from web forums by the AIVD, but stated that the intelligence services are allowed to hack computers. A spokesperson for the American government stated that the publication of classified information is a threat to US national security.

Verizon is the latest big company to enter the post-Snowden market for secure communication, and it's doing so with an encryption standard that comes with a way for law enforcement to access ostensibly secure phone conversations.Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization's secure phone system. Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they're able to prove that there's a legitimate law enforcement reason for doing so. Seth Polansky, Cellcrypt's vice president for North America, disputes the idea that building technology to allow wiretapping is a security risk. "It's only creating a weakness for government agencies," he says. "Just because a government access option exists, it doesn't mean other companies can access it." 

Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

There has been increased interest in encryption from individual consumers, too, largely thanks to the NSA revelations leaked by Edward Snowden. Yahoo and Google began offering end-to-end encrypted e-mail services this year. Silent Circle, a startup catering to consumer and enterprise clients, has been developing end-to-end voice encryption for phones calls. Verizon's service, with a monthly price of $45 per device, isn't targeting individual buyers and won't be offered to average consumers in the near future.But Verizon's partner, Cellcrypt, looks upon selling to large organizations as the first step toward bringing down the price before eventually offering a consumer-level encryption service. "At the end of the day, we'd love to have this be a line item on your Verizon bill," says Polansky.

Western politicians and pundits should be more careful with their predictions for the Russian economy: Reports of its demise may prove to be premature. Bashing the Russian economy has lately become a popular pastime. In his state of the nation address last month, U.S. President Barack Obama said it was "in tatters." And yesterday, Anders Aslund of the Peterson Institute for International Economics published an article predicting a 10 percent drop in gross domestic product this year -- more or less in line with the apocalyptic predictions that prevailed when the oil price reached its nadir late last year and the ruble was in free fall. Aslund's forecast focuses on Russia's shrinking currency reserves, some of which have been earmarked for supporting government spending in difficult times. At $364.6 billion, they are down 26 percent from a year ago and $21.6 billion from the beginning of this year. Aslund expects $166 billion to be spent on infrastructure investments and bailing out companies, and another $100 billion to exit via capital flight and other currency outflows. As a result, given foreign debts of almost $600 billion, "Russia's reserve situation is approaching a critical limit," he says.

What this argument ignores is that Russia's foreign debts are declining along with its reserves -- that's what happens when the money is used to pay down state companies' obligations. Last year, for example, the combined foreign liabilities of the Russian government and companies dropped by $129.4 billion, compared with a $124.3 billion decline in foreign reserves. Beyond that, a large portion of Russian companies' remaining foreign debt is really part of a tax-evasion scheme: By lending themselves money from abroad, the companies transfer profits to lower-tax jurisdictions. Such loans can easily be extended if sanctions prevent the Russian side from paying. The declining price of oil is also less of a threat than many have warned. True, the Russian government's revenues from energy exports will fall in dollar terms. But because Russia's central bank has allowed the ruble's value against the dollar to decline, the ruble value of the revenues will be higher than they otherwise would be. As a result, Russia no longer requires $100 oil to balance its budget -- and the effect of lower oil prices on the broader economy will be muted.

Economists at the respected Gaidar Institute, for example, expect the floating of the ruble to roughly halve the negative GDP impact of the decline in oil prices. They estimate that Russian GDP will shrink by a moderate 2.7 percent this year, even if Brent oil trades at $40 (it traded at $61 today). That's just a bit more optimistic than the consensus among 39 economists polled by Bloomberg between Feb. 20 and Feb. 25: On average, they see a decline of 4 percent. Economic sanctions, which most forecasts assume will continue this year, are having less impact that many in the West would like to believe. Sergei Tsukhlo of the Gaidar Institute estimates that the sanctions have affected only 6 percent of Russian industrial enterprises. "Their effect remains quite insignificant despite all that's being said about them," he wrote, noting that trade disruptions with Ukraine have been more important.

Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.

The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires. We’re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.

The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software or watch a video of it in action here:

It's 2016 going on 1984. The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".

The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online". It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.

Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group. The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".

A new wrinkle in an already bizarre lawsuit is shaping up to potentially embarrass the Obama administration. If allegations made in a recent court filing are true, then the US Department of Justice, with an unprecedented assertion of the state secrets privilege, might be shielding from any accountability a group actively engaged in spreading false information. The lawsuit revolves around United Against Nuclear Iran (UANI), an anti-Iran, pro-sanctions outfit that takes a hard line against Iran and lodges name-and-shame campaigns against companies it says are doing business with the country. The group is made up of former officials from the Bush and Obama administrations, as well as a host of academics, former diplomats and former intelligence officials from foreign countries, including Israel.

Last week, things got even weirder: in a motion filed on Wednesday, Restis’s lawyers suggested that UANI had leaked information to the Jerusalem Post that resulted in a piece accusing Restis of doing more illegal business in Iran. The Post later retracted the article, citing “new information” that indicated the purportedly illegal shipping had been “legitimate and permitted,” and scrubbed the article from its website. “Defendants appear to have provided The Jerusalem Post with false information purporting to show an American company’s legal and humanitarian cargo of soya beans to Iran aboard Plaintiffs’ vessel violated sanctions against Iran,” said a footnote in the filing from Restis’s lawyers. “Although it printed Defendants’ false allegations against Plaintiffs, The Jerusalem Post recognized the falsity of the allegations and issued a retraction and apology.”

If true, the alleged UANI leak of false information to the Jerusalem Post would contradict UANI’s lawyers’ assertion in an October hearing that “UANI has made no statements whatsoever about Victor Restis or his companies, about any subject, doing business with Iran or any subject since February of 2014.” The Jerusalem Post article also said that the information it revealed would be “raised… in an upcoming hearing in a US federal court.” UANI’s lawyers brought up the purported revelations the following day in the October 8 hearing. It has not been proven that UANI leaked information to the Post.

After months of internal wrangling, the Senate Intelligence Committee is finally set to release its report on President George W. Bush-era CIA practices, which among other details will contain information about foreign countries that aided in the secret detention and interrogation of suspected terrorists. Several U.S. officials told us that the negotiations are nearly complete between the Central Intelligence Agency and the committee's Democratic staff, which prepared the classified 6,300-page report and its 600-page, soon-to-be-released declassified executive summary. Dianne Feinstein, the committee's chairman, is set to release the summary early next week. Her staff members had objected vigorously to hundreds of redactions the CIA had proposed in the executive summary. After an often-contentious process to resolve the disputes, managed by top White House officials, Feinstein was able to roll back the majority of the disputed CIA redactions.

Among the most significant of Feinstein’s victories, the report will retain information on countries that aided the CIA program by hosting black sites or otherwise participating in the secret rendition of suspected terrorists. The countries will not be identified by name, but in other ways, such as code names like “Country A.” This falls short of Feinstein’s original desire, which was to name the countries explicitly, but represents a big victory for the committee nonetheless. In a victory for the CIA, Feinstein reluctantly agreed to allow the redactions of the pseudonyms of agency personnel mentioned in the report. The CIA maintained that any reference to individuals working under cover that offered clues to their identities could place them in harm’s way. “We need to understand the role that particular countries played across time. Even having pseudonyms for countries in the report is important for a full accounting,” said Raha Wala, senior counsel at Human Rights First, which advocated on behalf of the report’s declassification.

The CIA and some Republican senators had argued that even such masked identifications could be deciphered, leading to compromised relationships with those countries’ governments. In June 2013, the top intelligence official at the State Department, Philip Goldberg, wrote a classified letter to Congress warning against the disclosure of the names of countries who had participated in the program.

NoScript NoScript is a free extension for Mozilla-based web browsers, including Firefox. It blocks executable web content by default. This blocking includes JavaScript, Java, Flash and Silverlight. You can whitelist sites if you want to use such content on a site-by-site basis. Or, if you choose, you can make all sites active by default and choose to blacklist sites you think might be dangerous. A visual button tells you if active content has been blocked on the current site.

Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.