Tags: encryption

Learn Privacy

Stuart has written this fantastic concise practical guide to privacy for developers and designers. A must-read!

1. Use just the data you need
2. Third parties
3. Fingerprinting
4. Encryption
5. Best practices

Security Checklist

Exactly what it sounds like: a checklist of measures you can take to protect yourself.

Most of these require a certain level of tech-savviness, which is a real shame. On the other hand, some of them are entirely about awareness.

We need more phishing sites on HTTPS!

All the books, Montag.

If we want a 100% encrypted web then we need to encrypt all sites, despite whether or not you agree with what they do/say/sell/etc… 100% is 100% and it includes the ‘bad guys’ too.

getsafe

Steps you can take to secure your phone and computer. This is especially useful in countries where ubiquitous surveillance is not only legal, but mandated by law (such as China, Australia, and the UK).

Enigma-E

An Enigma machine of one’s own.

Your Private Encrypted Browser | Tenta Browser

A browser for Android that specifically touts privacy and security as its key features.

Certbot

For your information, the Let’s Encrypt client is now called Certbot for some reason.

Carry on.

From Radio to Porn, British Spies Track Web Users’ Online Identities

This profile of GCHQ’s “Karma Police” programme is as maddening as it is insightful: the sheer unashamed brazenness of these bastards deserves our collective anger …not the collective apathy which has been the UK’s response so far.

There is one glimmer of hope in this litany of affronts to decency:

In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities.

HTTPSWatch

Tracking the state of TLS support on prominent websites. It doesn’t look great, particularly in the States.

Let’s Encrypt

This is a great development! The EFF are working on a creating a new certificate authority that will issue certs for free.

I am so happy that the certificate authority racket is getting this shake-up.

Introducing Universal SSL

Great news from Cloudflare—https endpoints by default!

This means that if you’re planning on switching on TLS for your site, but you’re using Cloudflare as a CDN, you’ve got one less thing to change (and goodness knows you’re going to have enough to do already).

I really like their reasoning for doing this, despite the fact that it might mean that they take a financial hit:

Having cutting-edge encryption may not seem important to a small blog, but it is critical to advancing the encrypted-by-default future of the Internet. Every byte, however seemingly mundane, that flows encrypted across the Internet makes it more difficult for those who wish to intercept, throttle, or censor the web. In other words, ensuring your personal blog is available over HTTPS makes it more likely that a human rights organization or social media service or independent journalist will be accessible around the world. Together we can do great things.

How Laura Poitras Helped Snowden Spill His Secrets - NYTimes.com

Metajournalism.

The thing and the whole of the thing: on DRM in HTML

A great post by Stuart on the prospect of DRM-by-any-other-name in HTML.

The argument has been made that if the web doesn’t embrace this stuff, people won’t stop watching videos: they’ll just go somewhere other than the web to get them, and that is a correct argument. But what is the point in bringing people to the web to watch their videos, if in order to do so the web becomes platform-specific and unopen and balkanised?

Alice and Bob in Cipherspace

A clear explanation of the current state of homomorphic encryption.