XDA Developers (blog)

Gmail v7.2 Prepares to Add Support for S/MIME Enhanced Encryption XDA Developers (blog) For a while, users of the Android app could only send messages over the default TLS encryption (enabled by default), but in version 7.2 of the Gmail application, it appears that support for sending messages with this enhanced S/MIME encryption may soon ...

See the original post here:
Gmail v7.2 Prepares to Add Support for S/MIME Enhanced Encryption - XDA Developers (blog)

Half of all internet traffic is now encrypted and better protected from eavesdropping, censorship and hackers, privacy activists have said.

Statistics released by Mozilla, the creators of the Firefox web browser, revealed that the average volume of encrypted traffic passed the average volume of unencrypted traffic earlier this month.

The shift comes as more websites switch from HTTP to HTTPSthe protocol over which data is sent between browsers and a website, and the letters that come at the beginning of a web address. Without HTTPS, it becomes easier for hackers and other malicious actors to see or intercept the information web users are reading or publishing.

Try Newsweek for only $1.25 per week

The encryption of more than half of all web traffic is an important milestone in making the web better protected from eavesdropping and hackers. EFF

The Electronic Frontier Foundation (EFF), a non-profit organization that has led the push for tech companies to implement the secure HTTPS protocol, praised the milestone but said more work still needs to be done.

Major websites, including Facebook, Google and Wikipedia, have all adopted HTTPS, but many smaller sites face difficulties implementing it. EFF has developed several tools to make it easier for website owners to implement the protocol by default.

Unfortunately, you can only use HTTPS on websites that support itand about half of all web traffic is still with sites that dont, EFF researcher Gennie Gebhart said in a blogpost. However, when sites partially support HTTPS, users can step in with the HTTPS Everywhere browser extension.

Our goal is a universally-encrypted web that makes a tool like HTTPS Everywhere redundant. Until then, we have more work to do.

Here is the original post:
More Than Half of All Internet Traffic Is Now Encrypted - Newsweek - Newsweek

Encryption app leaks sensitive info

An encrypted messaging app called Confide is being used in Washington DC by White House staffers to leak embarrassing or sensitive information.

Since US President Donald Trump's inauguration, a steady stream of leaks have been provided by the White House including reports of national security adviser Michael Flynn's unauthorised talks with Russia.

On Thursday, US President Donald Trump vowed to prosecute leakers. We are looking into this very seriously. It's a criminal act, Trump said. He has reportedly ordered an internal investigation to identify how sensitive information about his calls with foreign leaders and national security matters made their way to the press.

Messages sent via the Confide app are automatically deleted, leaving virtually no paper trail.

According to Jon Brod, cofounder and president of Confide, once messages are read, they vanish without a trace. The message is gone forever, it's deleted from our servers, you can't archive, print it, save it, cut and paste it. Again, just like the spoken word, it disappears, Brod said.

The message self-destructs so I can't go back in and try to piece together a number of screenshots into the actual message, and it notifies both the sender and the recipient that a screenshot was attempted, Brod continued.

White House staffers, and possibly other government officials and business executives, worried about being caught leaking information to the media have adopted this app.

They are likely violating the law if they are revealing that information through any means, whether it's through an email or through a disappearing chat app, said Carrie Cordero, a former national security lawyer at the Justice Department.

Confide's privacy features won't totally protect leakers since it still requires them to register their identities.

Sometimes these apps give users a false confidence that they will never be able to be traced, said Cordero. And although the communication in this particular app might disappear, that doesn't mean that the user is necessarily not able to be traced in any way.

Some security researchers are doubtful about Confide's cryptography since the app is not open-source and may use old protocols. Confide's encryption is closed source and proprietary, so no one outside the company knows what's going on within the app. The encryption protocol is based on the PGP standard and the app's network connection security relies on recommended best practices.

One key is always, do you make code publicly available that's been audited where features have been inspected by the security community so that it can arrive at some consensus, says Electronic Frontier Foundation legal fellow Aaron Mackey. My understanding with Confide, at least right now, is that it's not clear whether that's occurred.

Since its inception in 2013, Confide has seen a spike in usage after key security events took place such as the Celebgate scandal, the Sony Pictures hack in 2014, the Russian group leak of thousands of emails belonging to the DNC in 2016 and, of course, the 2016 US presidential election.

Using an encrypted messaging app such as Confide can pose legal concerns. It is the user's responsibility to make sure they abide by the law and use the app strictly for personal communications.

See more here:
Confide in me! Encryption app leaks sensitive info from Washington ... - SC Magazine UK

In 2017, we need to move past the debate over backdoors.

By Kevin Bankston

Since last summer, Federal Bureau of Investigation Director James Comey has been signaling his intent to make 2017 the year we have an adult conversation about encryption technologys impact on law enforcement investigations. Hes probably going to get his wish, but if a new report from leaders in Congress is any indication, its not going to be the conversation he wants. Rather, as that new report from the House working group investigating the encryption issue recognizes, having the adult conversation about encryption means talking about how law enforcement can adapt to a world where encryption is more common, rather than wrongheadedly forcing the technology to adapt to law enforcements needs.

To Comey, being adult about encryption apparently means agreeing with his conclusion that the existence of unbreakable encryptionfor example, the full-disk encryption that protects your iPhone against anyone who doesnt have your passcode, or the end-to-end encryption that protects your iMessages and Whatsapp texts as they cross the Internetposes an unacceptable threat to law and order. Being an adult, to Comey, means accepting the argument that technology companies should design their products to ensure that the government can access any data it needs in an investigation, whether by building (in the words of his opponents) a backdoor into strongly encrypted products, or by not deploying that encryption in the first place. Being an adult, to Comey, means supporting efforts to legally require tech companies to ensure government access, if they wont do it voluntarily.

When Comey insists that we havent yet had the adult conversation on this issue, hes insulting everyone who has disagreed with himwhich is almost everyone whos voiced an opinion on the subject, that disagreement flowing in an endless stream of expert white papers (issued by adult institutions like the Massachusetts Institute of Technology and Harvard University), editorials, coalition letters, Congressional testimony, National Academies of Sciences proceedings, and more.

Ever since this latest debate over encryption was first sparked in the fall of 2014, when Apple announced that new iPhones would be completely encrypted by defaulta debate that peaked with last years court fight between Apple and the FBI over the locked iPhone of one of the San Bernardino shootersthe clear consensus among experts has been that any kind of mandate on companies to weaken their products security to ensure government access to encrypted data would be devastating to cybersecurity and to the international competitiveness of United States tech companies. It would also be futile, since U.S. companies dont have a monopoly on the technology, making it trivial for bad guys to obtain strong encryption products, no matter what Congress does. It is these exact same arguments that won the day in the Crypto Wars of the 90s when a similar policy debate over encryption arose.

Importantly, its not just privacy advocates and privacy-minded tech experts making these arguments. Opposition to backdoors has been voiced by leaders from the national security and law enforcement establishmentall of them indisputably adults!such as former National Security Agency director and director of National Intelligence Mike McConnell, former NSA and Central Intelligence Agency Director Michael Hayden, former Department of Homeland Security Secretary Michael Chertoff, andin agreement with his fellow members in President Barack Obamas handpicked Review Group on Intelligence and Communications Technologiesformer CIA Director Michael Morrell. And thats just the Michaels! The list of expert adults that have disagreed with Comey at this point is staggeringly long.

Despite that broad consensus, Senators Richard Burr and Dianne Feinstein floated draft legislation last year that would broadly require any provider of any encrypted product or service to be able to produce any encrypted data on demand. Although that bill was almost universally panned at the time, Comey is probably hoping that similar legislation will have a better chance this yearespecially if he has the support of a new attorney general and a new president that appear to share his views, rather than being held back by an Obama administration that chose not to pursue a legislative solution. (Notably, the fact that the Trump administration seems likely to support backdoors is all the more ironic and hypocritical considering the report that high-level Trump aidesalong with key staff for Hillary Clinton, Obama, and many other political figuresare now using the end-to-end encrypted messaging application Signal for fear of being hacked.)

Still, Comey likely will not get his wish, because the long list of people who disagree with him just got longer: As Congress was preparing to depart for its winter holiday, a House Congressional working group tasked with examining the issue of encryption technologys impact on law enforcement issued a year-end report that signaled a major shift in the crypto debate. The working group, established in May as a collaboration between members of the House Judiciary Committee and the House Energy & Commerce Committee, had spent many months meeting with law enforcement, the intelligence community, privacy advocates, security experts, and tech companies, to help guide its bipartisan investigation. The report, signed off on by 10 House members including the top Republican and top Democrat on each of the two investigating committees, came to an unequivocal conclusion: Congress should not weaken this vital technology because doing so works against the national interest, but should instead work to help law enforcement find new ways to adapt to the changing technological landscape.

In particular, the reports authors arrived at four observations, echoing the arguments of Comeys prior opponents: Weakening encryption goes against the national interest because it would damage cybersecurity and the tech economy; encryption is widely available and often open source, such that U.S. legislation would not prevent bad actors from using the technology; there is no one-size-fits-all fix for the challenges that encryption poses for law enforcement; and that greater cooperation and communication between companies and law enforcement will be important going forward and should be encouraged. As next steps, they suggest further investigation into avenues other than backdoors that can help address the challenges that encryption poses to government investigators, including working to ensure that all levels of law enforcement have the information and technical capacity they need to make full use of the wide variety of data that is available to them even without backdoors.

In other words, the key committees in the House that have jurisdiction over the encryption issue have sent a clear signal to Comey, and to his allies in the Senate like Feinstein and Burr: Sorry, but the House is definitely not interested in legislating to require backdoors. How else can we help you? Though news of the report was somewhat buried due to the holiday timing, that signal has now been heard loud and clear across Washington, D.C. The House does not want to waste any more time on childish bickering over backdoors that essentially everyone but the FBI agrees are a bad idea. In 2017, it wants to have the adult conversation that moves beyond backdoors.

Lets hope Comey is listening.

See the article here:
What It Means to Have an 'Adult' Conversation on Encryption - Pacific Standard

When World Wide Web was created in 1989 by Tim Berners-Lee, its purpose was for the web technology to be available to everyone, always, without any patents or royalties. Recently, as the Internet becomes more and more centralized, the creator of the Internet and other people at its heart start calling for a revolution in order to rethink the way that Internet works.

A lot has happened in the years of Internets existence, but the pattern is clear: the tool that was meant to bring profound advance for liberty is too often used by governments and corporations as a means of control. Russia and UK, for example, have passed new intrusive surveillance laws, and China and Vietnam block major websites from their citizens; users are being tracked by corporations and advertisers, and their data is being sold to third parties; Internet giants like Google and Facebook yield big power over the data of all the global Internet users.

Tim Berners-Lee publically speaks against such invasive surveillance laws as UKs Snoopers Charter. According to him and other web activists, the only way to give Internet its original purpose is decentralization and encryption. Some of the so-called Web 3.0 projects are already attracting investors with their idea of more privacy and security.

Blockstack is a startup that is working on open-source software to create a kind of parallel webone powered by the bitcoin blockchain. It hopes to give users more control of their data by avoiding storage with any third-parties. Later this year, Blockstack is planning to release software that will allow surfing this alternative Internet with a regular browser. Its users will generate data by using various services, but the data will not be stored in any of those service databases.

Another example of initiatives aimed at decentralizing the web is MaidSafe, a startup which has spent a decade building a decentralized p2p network, and now allows to create safe websites, store data, host websites and more.

Web 3.0, which could be defined as a platform for decentralized apps, might be the future of the Internet, since decentralization idea is gaining popularity among mainstream developer community. Till then, Internet users must be careful about their Internet privacy, and take initiative to implement available encryption tools.

There already are many existing ways to encrypt ones Internet activities: secure email service providers, such as ProtonMail, or encrypted messaging apps, such as Signal.

One of the must-have encryption services is a VPN (Virtual Private Network). A VPN encrypts all data between a users computer and a VPN server into a secure tunnel. It is important to choose a VPN like NordVPN that doesnt keep any customer logs, offers secure encryption protocols and advanced security solutions like DoubleVPN. A VPN hides a users IP address, disguising the real location, thus giving the user a great layer of protection online from unwanted security threats and/ or surveillance.

At the moment, encryptionbe it via encrypted email, messaging or VPN technologyremains the most secure tool available to protect ones online privacy and security.

For more information, please visit http://www.nordvpn.com.

World Wide Web Creator Calls for Internet Decentralization & Encryption was last modified: February 21st, 2017 by Press Release

Continued here:
World Wide Web Creator Calls for Internet Decentralization & Encryption - The Data Center Journal