RE: [projectvrm] Privacy improvements?

["T.Rob" < >]

I won't repeat what's at the EFF page but rather point you to the top of the
page for a timeline.  More info in the body of the page as well.
https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what 

Lavabit is mentioned briefly in the EFF page, but the fill story is worth
noting. Ladar Levison shut the business down rather than reveal user's data.
Then after shutting it down, he turned over the encryption keys.  The way
the service was structured, the email was encrypted on the way in with the
Lavabit key and user's public key, the decrypted on the way out with the
user's private key and Lavabit's public key.  The NSA had sought to
eavesdrop on all traffic but had merely asked for the keys to be turned
over.  By shutting down the service he was able to both comply with the
request as written and protect user privacy.  He was slapped with contempt
charges so whether this is an improvement or not is debatable. I propose
that it is.

Yahoo was opt-in HTTPS until after Snowden. The Washington Post wrote a
story about NSA interception of .5M Yahoo accounts a day and they finally
went HTTPS by default.

Facebook's first Global Government Requests Report
https://www.facebook.com/about/government_requests 

Most large service providers finally adopted Perfect Forward Secrecy,
upgraded their TLS keys, and now encrypt their back-end comms between data
centers.

The IETF Crypto Forum Research Group is considering a request as of 20th
December to remove an NSA employee as co-chair, citing his handling of the
"Dragonfly" protocol and a conflict of interest issue due to his NSA
employment.
http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html 

Secure Drop, an open-source digital blind drop service was improved and
released. Originally written by Aaron Swarz, development was picked up by
Freedom of the Press Foundation and they recently released an updated
version. The service is intended to be run by news agencies to allow very
anonymous whistleblowers to submit documents so they don't have to go
through all the gyrations Snowden did in order to get info to the Guardian.
https://pressfreedomfoundation.org/securedrop 

Tor got a $250k grant and there is talk of making it part of the HTTP
standard. Whether this is an improvement or not depends on whether you
believe the organization itself has been infiltrated by the NSA.
https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-december-18th-201
3 
http://www.slate.com/blogs/future_tense/2013/10/04/tor_foxacid_flying_pig_ns
a_attempts_to_sabotage_countersurveillance_tool.html 

Syme (https://getsyme.com/) is a very VRM-y close-knit social networking
service. Share with friends using AES256, ECC-384 and end-to-end encryption.
They say up front that they see some metadata but try to minimize even that.
Still early in the game for Syme but worth keeping an eye on.


-- T.Rob




> -----Original Message-----
> From: Doc Searls 
> [mailto:
 ]
> Sent: Thursday, December 26, 2013 14:00 PM
> To: ProjectVRM list
> Subject: [projectvrm] Privacy improvements?
> 
> A publication has asked me to give them a list of privacy improvements,
> post-Snowden. On the list so far:
> 
> cryptocat improvements
> arkOS
> TextSecure being integrated into Cyanogenmod SecureDrop Tor updates
> 
> I'd like to give them VRM (especially personal cloud) items.
> 
> Suggestions?
> 
> Thanks,
> 
> Doc=