Feeds:
Posts
Comments

Archive for the ‘Privacy and Security’ Category

I like my privacy a lot, and anyone checking out my blog or the apps on my computers great and small will see proof of that. That also explains why I have a ProtonMail account, although I must admit that I don’t use it very often – to make full use of it, you need correspondents that use the same tool.

To make the use of the ProtonMail service easier, the company makes a new tool available:

The ProtonMail Bridge is an application for paid users that runs on your computer in the background and seamlessly encrypts and decrypts your mail as it enters and leaves your computer. It allows for full integration of your ProtonMail account with any program that supports IMAP and SMTP such as Microsoft Outlook, Mozilla Thunderbird and Apple Mail.

(Click the image to read ProtonMail’s blog post on the subject)

Compared to the hoops you had to jump through in the past if you wanted to encrypt your email with PGP, this looks like a dream!

Advertisements

Read Full Post »

A few (5 or more?) years ago, I was looking into PGP as a way to encrypt email. At some point, I bookmarked the Keybase homepage… and then forgot about that link, just like so many other URLs about PGP – PGP was pretty hard to use in those days. At that time, if I remember correctly, Keybase promised a way to store (and publish?) PGP keys.

While cleaning up the bookmarks section of my browsers I stumbled upon that URL again, and, unlike many other websites, Keybase is still up and running. Better yet, they seem to have succeeded in making a tool that could actually be useful and uncomplicated at the same time. In their own words:

Keybase is for anyone. Imagine a Slack for the whole world, except end-to-end encrypted across all your devices. Or a Team Dropbox where the server can’t leak your files or be hacked.

(Click to go to the Keybase website)

Creating an account and adding a device to your account is a simple and painless procedure. Why would you do so? Well, I’m still exploring the possibilities. One thing to do with Keybase is to authenticate accounts on systems like Twitter and Github. Keybase allows you to store (and share) files in an encrypted format over an encrypted channel. And the (encrypted) chat function has recently been extended with a Team chat that is supposed to resemble Slack. “Supposed”, because I haven’t been able to check that out – you need multiple members to make up a team ;-)

Anyway, it’s certainly an interesting product, and I intend to do more than keep an eye on Keybase!

Read Full Post »

I do not want to pretend to fully understand the exact nature of the so-called KRACK Attack vulnerability in many implementations of the WPA2 protocol that is supposed to make WiFi network connections secure. All details about the KRACK Attack can be found on the webpages of the (Belgian) researcher that found the issue.

I do worry about the fact that MacOS and Android are both mentioned as being particularly vulnerable to this issue. On October 31, 2017, Apple released updates for MacOS EL Capitan, Sierra and High Sierra to solve the problem (at least, that’s how I interpret their report on the subject).

Samsung, however, hasn’t published any updates to their Android version for my Galaxy S7 since August 1st. Perhaps there is no problem on the SGS7? Or is Samsung just being lazy – after all, my phone is still running Android 7.0 – no word on 7.1, let alone 8.0…

And how about all those other devices, IoT and others, that use WiFi connections? Have you already updated your router? How about the wireless hard disk vaults that photographers use? Or the photo cameras themselves? Etcetera.

Matters such as this will need to resolved on a large scale before I will put my trust in the “Internet of Things”, no matter the type of connection used to talk to each other.

Read Full Post »

Julia Reda is a member of the European Parlement. In a recent publication she writes about an important subject that has just become part of a recommendation by the European Commission: “automated upload filters” should be used, according to the Commission, to stop illegal uploads and copyright infringement.

Click to read the full communication by Julia Reda

Julia Reda first clearly states what that means:

Installing censorship infrastructure that surveils everything people upload and letting algorithms make judgement calls about what we all can and cannot say online is an attack on our fundamental rights.

I agree with that: in a democracy, there is no place for preemptive censorship.

In addition, she gives 9 clear reasons why it is silly to think that that automated filters will be able to achieve what the Commission wants: those filters don’t work very well. Unless you think cats can sing pop songs, or unless you’re OK with the voice of war victims in Syria being stifled, etc…

Read Full Post »

A while ago my iPad played up, forcing me to reinstall it through iTunes. Since I do not keep much data on the device itself, this wasn’t much of a problem, except for the time lost with a bit of tinkering and figuring out how to do it correctly – it was the first time I had to resort to this measure.

In the course of the procedure I was asked to enter my “iCloud Security Code“. I take great care to register all my passwords, as I explained in “Minding your own password business“. But my files showed no knowledge of such a code. Strange: could I have forgotten to write it down?

Searching on the Internet helped to clarify things. Matthew Green is a well-known cryptographer, and his article titled “Is Appleā€™s Cloud Key Vault a crypto backdoor?” not only tells you that the iCloud security Code is (usually) identical to you iPad passcode. It is, in fact, a rather comprehensive yet clear overview of how Apple handles your passcodes and crypto keys in the iCloud Keychain. Good reading material for when you have a clear mind ;-)

Read Full Post »

I have used the Signal – Private Messenger app for a long time – I even remember that it was originally called ‘TextSecure’.

Luckily for me, the app also includes support for ‘normal’ (unsecure!) SMS messages, because only a very limited number of friends and acquaintances were willing to follow me. Perhaps this news will change their minds:

Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.

Source: ZDNet

So the US Senate is allowed to use this app – will the Open Whisper Systems crew be proud and see this as a compliment?

Read Full Post »

In a blog post titled “Securing our Digital Economy“, the president and CEO of the Internet Society writes:

The truth is that economies can only function within a secure and trusted environment.

Which brings us to encryption. […]

Encryption is a technical building block for securing infrastructure, communications and information. It should be made stronger and universal, not weaker.

Stronger encryption? I’m all for it. Do I really have to explain that government-enforced “backdoors” in encryption tools will only weaken those tools – and the trust they are supposed to deliver?

Source: Shutterstock

Read Full Post »

Older Posts »