by Troy Farrell | Jun 20, 2014 | Developer Blog |
Raven by tuchodi
If you’ve been around the blog for a while, you know that I’m a big fan of the use of encryption for the sake of privacy. I’ve ranted about PGP and S/MIME, tried to break steganography and complained about the privacy issues I face as a Gmail user. This post is to let you know about a tool for securing your communication that is so simple to use, my mother uses it on a daily basis. This tool is TextSecure from Open Whisper Systems. Go install it right now.
It used to be that encrypting your communications required installing and learning a strong, user-proof tool like GnuPG or some random IM client with an OTR plugin. Now that apps are the unit of software and users routinely install apps, it is a trivial thing to tell someone to install a new app. It’s so easy that I’m only allowing two excuses for not securing your everyday instant messaging with TextSecure:
- You don’t use an Android smartphone or
- You don’t communicate with anyone over any sort of instant messaging.
That’s all. Other excuses are invalid. (When the iOS version is available even fewer of you will have a valid excuse.) Now go install it.
(more…)
by Troy Farrell | Jul 11, 2013 | Developer Blog |
Photo by rtitoun.
In my quest for more knowledge of cryptography, I’ve started reading actual
books (instead of just reading API reference documents.) If you’re like me,
and you’ve decided that going deeper than just making the code work is a good
thing, read on. (more…)
by Lee Graham | Jun 25, 2013 | Developer Blog |
In the late 1990’s, I was working on a paper in a computer ethics class on
one of the hot topics of the day which was the implementation of Carnivore (later Digital Collection System 1000 or simply, DCS1000) by the FBI. Basically, these were strategically placed packet sniffers used for the collection of email and other data. The FBI would gain permission to place this system at an Internet Service Providers location and start intercepting data. As a young and naive computer scientist, I was up in arms that my personal security was being compromised by my own government. In this pre-9/11 era, the FBI was attempting to explain such shenanigans as protection against the organized crime syndicates of New York. Certainly a hard sell to say the least.
Unless you are transporting goods from Morocco to Egypt on a camel train in the northern Sahara, you are aware that a new system for domestic spying has come to light with a much broader functionality than Carnivore. Fortunately, the NSA has seemed to pick a better name than the FBI years before. Prism brings to mind a friendly Dark Side of the Moon album cover and succeeds in giving me a warm fuzzy feeling, where carnivore brought to mind T-rex with his stubby arms flailing in the Jurassic era wind getting ready to devour me. However, even with the NSA’s benign name, it is hard to overlook the magnitude that has revealed itself over the past couple of weeks. Initially, I was shocked. Surprised as I was more than a decade ago when I saw my privacy dissolving before me. However, keeping in mind that privacy will generally degrade/improve cyclicly based on available technologies I would certainly think that this is a ripe time for the clever software engineer. (more…)
by Troy Farrell | Jun 13, 2013 | Developer Blog |
Terrible mashup of OpenPGP.js logo and source code by the author (because
nothing says “Where’s the source?” like a bad logo.)
Last time I wrote, I showed you how to use Braintree.js to encrypt form values.
I even built a contact form to do it. It occurred to me that there might be a
better technology for encrypting contact form data. (There is.) Of course,
I’m not the first person to have this idea.
(more…)
by Troy Farrell | Jun 5, 2013 | Developer Blog |
Photo of ENIGMA Rotor Set by brewbooks
Think back to the web of fifteen years ago. Most of the web sites of the time
consisted of a few pages of content along with a contact page (and maybe even a
guestbook.) Most often that contact page was backed by a script that mailed
the results to a fixed e-mail address. Is anyone willing to admit to using
formmail.pl? In the least, we can admit that we didn’t move data around in
the most secure way.
(more…)
