6 private links
Countries focus on increasingly effective encryption of communications
A reminder, because this sometimes surprises people, and feel free to correct me if the facts have changed recently:
Telegram supports end-to-end encryption only in 1:1 private chats.
End-to-end encryption is disabled by default.
Telegram does not support end-to-end encryption, at all for group chats, its most popular use case.
Instead, Telegram claims that those group chats are "encrypted" by dint of the TLS connection between Telegram clients and the Telegram servers, which can, in this model, read all group traffic.
People like to dunk on the weirdness of the limited E2E crypto Telegram does have; it's archaic and idiosyncratic and people have published research results about it, though none to my understanding are of real practical impact. I support people dunking on bad crypto. But that has nothing to do with why Telegram is an inferior secure messenger.
By comparison, Signal, which Durov has repeatedly talked down:
-
has modern, ratchet-based forward secure end-to-end crypto, always, in both group and private messaging;
-
won the Levchin Prize, refereed by some of best-known names in academic cryptography, for the design and implementation of that cryptosystem, as well as for its implementation at WhatsApp;
-
ha repeatedly foregone basic messaging app features simply to avoid collecting user metadata; Signal didn't even have user profiles until they could figure out a way to implement it in a privacy-preserving manner, and even their GIF sharing feature has a purpose-built anonymity system; we'll only this year potentially get usernames instead of phone numbers because it took that long to design a trustworthy social graph that didn't leave Signal with a giant pile of subpoenable metadata.
Use whatever messaging app you want.
The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.
'I've seen many breaches in my life, but I've never seen such a ridiculous breach like this that did this much damage,' says senior programmer.
Watching you watch: the tracking ecosystem of over-the-top TV streaming devices, Moghaddam et al., CCS’19 The results from this paper are all too predictable: channels on Over-The-Top (OTT) s…
A year later. Getting by without a SIM card in my smartphone.
I have a Wacom drawing tablet. I use it to draw cover illustrations for my blog posts, such as this one.
So, you own or are thinking of buying a Ring camera. This post outlines a list of privacy and civil liberties concerns we have with Amazon’s Ring system so that you can be a more informed consumer, or—if you already own a Ring camera—be a more considerate neighbor. If You’re Thinking of Buying...
Goedenavond TAG! This is not your typical spec review, and is highly related to #320. But, because @torgo asked nicely, I'm opening up a review for a specific application of UA-CH as a replacem...
It was another black mark on the privacy record of the social network, which also reported its quarterly earnings.
A simple way to block access to the internet per app - M66B/NetGuard
Today Facebook announced the roll-out of its Off-Facebook Activity tool (initially introduced as “Clear History” nearly two years ago). The tools shows you a list of apps, websites, and businesses that Facebook knows you have visited through its business tools (including Facebook Login, Facebook’s...