Real people don’t (just) need encryption / Boing Boing – Boing Boing

Posted on by

Earlier this month, UK Home Secretary Amber Rudd idiotically insisted that "real people" don't need encrypted messaging apps; but as foolish a statement as that was, there was a kernel of truth to it.

Because real people don't just need encrypted messaging apps that offer end-to-end protection, they also need end-point security -- the kinds of thoughtful design and expedient updating and transparent code that enables them to defend their devices from attackers who gain access to their messages by compromising their phones and computers.

Computer scientist Megan Square writes in The Conversation that "Inventing new ways to protect our digital endpoints without reducing their usefulness is very challenging, but some new technologies just over the horizon might help."

Suppose a criminal organization or bad government, EvilRegime, wants to spy on you and everyone you communicate with. To protect yourself, you've installed an end-to-end encryption tool, such as Signal, for messaging. This makes eavesdropping even with a court's permission that much more difficult for EvilRegime.

But what if EvilRegime tricks you into installing spyware on your device? For example, they could swap out a legitimate upgrade of your favorite game, "ClashBirds," with a compromised version. Or, EvilRegime could use a malware "network investigative technique" as a backdoor into your machine. With control of your endpoint, EvilRegime can read your messages as you type them, even before they are encrypted.

To guard against either type of EvilRegime's trickery, we need to improve our endpoint security game in a few key ways, making sure that:

* EvilRegime isn't masquerading as the company that makes "ClashBirds" when we install our software.

* No one has tampered with our "ClashBirds" app before or after installation.

* The app doesn't have any backdoors or security holes that could be exploited by EvilRegime after we install it.

In addition, it would be ideal if users could control their apps' security themselves, rather than having to rely on app store security provided by yet another vulnerable corporation.

End-to-end encryption isn't enough security for 'real people' [Megan Squire/The Conversation]

(Image: johnnymip, CC-BY)

A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other cell-site simulators (AKA IMSI catchers).

The $469 LockState RemoteLock 6i is a smart lock that is sold to Airbnb operators through a partnership with the company, allowing Airbnb hosts to generate and expire unique, per-tenant unlock codes.

Ziemowit Pierzycki bought a $1500 used lens from an Amazon seller who turned out to be a scammer with an ingenious trick: the crook researched a recently widowed person across town and sent them a parcel with a couple of baking mats addressed to the deceased or current resident.

The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but dont let that fool you: it can easily open any bottle, and could even tow a trailer full of []

Guaranteeing your privacy online goes way beyond checking the Do Not Track option in your browsers settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribes VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription []

This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional []

Read more from the original source:
Real people don't (just) need encryption / Boing Boing - Boing Boing

Related Posts
This entry was posted in $1$s. Bookmark the permalink.