It’s Time for Encrypted Messaging app Signal to go Mainstream

· Andrew Orr · Link

Signal app icon

Signal creator Moxie Marlinspike is growing the Signal Foundation and adding new features to the app thanks to money from WhatsApp cofounder Brian Acton.

Since then, Marlinspike’s nonprofit has put Acton’s millions—and his experience building an app with billions of users—to work. After years of scraping by with just three overworked full-time staffers, the Signal Foundation now has 20 employees. For years a bare-bones texting and calling app, Signal has increasingly become a fully featured, mainstream communications platform. With its new coding muscle, it has rolled out features at a breakneck speed…

I wish I could use Signal but none of my friends use it.

Man Who Refused to Decrypt Hard Drives Free After Four Years

· Andrew Orr · Link

Four years ago a federal judge held Francis Rawls in contempt when he refused to decrypt hard drives for police.

The practical result is that, at least in federal court, someone can only be imprisoned for 18 months for refusing to open an encrypted device. That’s probably a harsh-enough penalty to induce most people to comply with decryption orders. But suspects in child-pornography cases might be tempted to “forget” the passwords on their encrypted device if doing so could save them from a conviction and a much longer prison term.

What an interesting case, and I remember reading about it four years ago. I wonder if the court was trying to set a precedent for passwords and the Fifth Amendment.

Kids Need End-to-End Encryption for Protection Against Corporations

· Andrew Orr · Link

Image of locks to suggest security and encryption

In a report from the Financial Times (paywall), a letter signed by 129 non-profits, think tanks, and academics urge Facebook to reconsider encrypting its apps. They use the “think of the children” argument because encryption could enable more child sexual abuse. But Justin Myles Holmes says we should think of the children and enable end-to-end encryption for them, so their data isn’t used and abused by corporations precisely like Facebook.

If we fail to take action now, we risk a world in which unsavory actors – domestic and foreign – have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on.  These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.

Apple’s Commitment to Privacy is Going Down the Drain

· Andrew Orr · Link

Vicki Boykis wrote yesterday about Apple’s privacy, current flaws, and how the company should do better (I agree!)

So, here we are, in 2020, with Apple in a bit of a pickle. It’s becoming so big that it’s not prioritizing security. At the same time, it needs to advertise privacy as a key differentiator as consumer tastes change. And, at the same time, it’s about to get canclled [sic] by the FBI, China, and Russia.

And while it’s thinking over all of these things, it’s royally screwing over the consumer who came in search of a respite from being tracked.

Lindsey Graham’s Draft Bill Punishes Companies Using End-to-End Encryption

· Andrew Orr · Link

Senator Lindsey Graham is drafting a bill [PDF] that could penalize companies using end-to-end encryption.

Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.

If technology companies don’t certify that they are following the best practices set by the 15-member commission, they would lose the legal immunity they currently enjoy under Section 230 relating to child exploitation and abuse laws. That would open the door to lawsuits for “reckless” violations of those laws, a lower standard than contained in current statutes.

Of all the dumb things this administration has done, attacking encryption is a doozy. It’s not clear how much this would impact Apple, since the company does in fact scan for child abuse images. But iMessage and a few other services are end-to-end encrypted.

A $10 Million New York Lab Tries to Brute Force iOS Devices

· Andrew Orr · Link

Inside a lab in New York worth US$10 million, specialists are trying to brute force their way into iPhones and iPads.

What’s going on in the isolation room is important, if silent, forensic work. All of the phones are hooked up to two powerful computers that generate random numbers in an attempt to guess the passcode that locked each device. At night, technicians can enlist other computers in the office, harnessing their unused processing power to create a local supercomputer network.

Apple and the FBI – TMO Daily Observations 2020-01-21

· Kelly Guimont · The Mac Observer's Daily Observations Podcast

TMO Daily Observations Podcast Logo

Bryan Chaffin and Andrew Orr join host Kelly Guimont to discuss Apple’s decision not to encrypt backups, and what data Apple can share.

FBI Wants Apple’s Help to Unlock iPhones Again

· Andrew Orr · News

The FBI is again asking Apple’s help to unlock iPhones. This time it’s part of an investigation into the shooting at the Naval Air Station in Pensacola, Florida.

ProtonMail Launches ProtonCalendar Beta

· Andrew Orr · News

ProtonMail logo

ProtonMail, a Swiss company that provides an end-to-end encryption email service, today announced the beta launch of ProtonCalendar.

Defense Department: We Need That Encryption You Want to Break

· Andrew Orr · Link

Everyone from the Department of Justice, the FBI, and politicians like Senator Lindsey Graham are attacking encryption, calling for backdoors for the “public good.” But people who understand security are cautioning against such a move. This week Representative Ro Khanna forwarded a letter to Lindsay Graham from the Defense Department’s Chief Information Officer Dana Deasy.

As the use of mobile devices continues to expand, it is imperative that innovative security techniques, such as advanced encryption algorithms, are constantly maintained and improved to protect DoD information and resources. The Department believes maintaining a domestic climate for state of the art security and encryption is critical to the protection of our national security.

Senator Lindsey Graham to ‘Impose His Will’ on Encryption Backdoors

· Andrew Orr · Link

Apple and Facebook representatives met with lawmakers today where senators pushed for the companies to compromise their users’ security by including encryption backdoors. In particular, Sen. Lindsey Graham said:

My advice to you is to get on with it. Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.

“Encryption backdoors for thee, but not for me.”

DuckDuckGo Smarter Encryption will Serve You HTTPS Sites

· Andrew Orr · Link

DuckDuckGo logo

The DuckDuckGo Smarter Encryption feature will automatically give you the encrypted HTTPS version of websites as they are available.

It’s available on DuckDuckGo’s mobile browser for Android and iOS, and through the company’s desktop browser extension for Firefox and Chrome. DuckDuckGo is also open sourcing the code behind the feature so other sites and platforms can adopt it as well. First up? Pinterest.

I especially like how they’re open-sourcing it for others to use.

FBI Draft Resolution Calls for End-to-End Encryption Ban

· Andrew Orr · Link

An FBI draft resolution for Interpol calls for a ban on end-to-end encryption. It’s for Interpol’s 37th Meeting of the INTERPOL Specialists Group on Crimes Against Children.

A draft of the resolution viewed by Ars Technica stated that INTERPOL would “strongly urge providers of technology services to allow for lawful access to encrypted data enabled or facilitated by their systems” in the interest of fighting child sexual exploitation. Currently, it is not clear whether Interpol will ultimately issue a statement.

Remember when I mentioned the Four Horses of the Infocalypse? Terrorists, drug dealers, pedophiles, and organized crime. Four fears to use as a way to push their agenda. I know it’s a delicate issue. These groups are definitely ones that the majority of society would want to stop. But removing end-to-end encryption for everyone isn’t the way to do that.

macOS Mail Stores Encrypted Emails in Plain Text

· Andrew Orr · Link

Apple mail logo

IT specialist Bob Gendler found that macOS Mail was storing encrypted emails in plain text. He first notified Apple on July 29, but only got a temporary fix from the company 99 days later on November 5.

The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it *still* stores unencrypted messages in this database!

Mr. Gendler shard a fix in his blog post.