Brian Dickens writes:
> The concept is a HTML5 "jQuery" widget you can put on web forms (any
> number of them) which gives the author a redaction pen, to mark out
> sensitive portions. The sensitive portions are never sent to the
> server, but the rest of it can be. Then a certificate is
Carolyn Santo writes:
> The recent talk about video games made me wonder about using them as
> a communication channel that might not be monitored by repressive
> governments.
I've heard this idea is interesting to anti-censorship campaigners as
well as to spy agencies.
A disadvantage is that
Tim Libert writes:
thanks all for the many good suggestions! however, in absence of a clear
consensus, I will advise my friend to avoid voice and stick to encrypted
email. my understanding is that the new leadership in china isn’t f#cking
around, so the risk/reward equation here suggests
Piotr Chmielnicki writes:
I'm a bit shocked by the content of this email.
Securing data of persons as important as the European Commission
Officials should be the full time work of a dedicated elite infosec
crew. I would be very surprised if there were no such things in place.
When I went
Aymeric Vitte writes:
You obviously don't know what you are talking about or just did not
get what I explained or just do not understand http versus https or
the contrary, or just do not understand the web, what's on client
side (browser) or on server side, or don't get that your extension
Griffin Boyce writes:
I'd recommend reaching out formally (perhaps to privacy@ ?) and
proposing a whitelist or other special consideration for Tor users.
It seems obviously crazy to me for Twitter to prevent people from
accessing it over Tor, both in light of widespread censorship of Twitter
Jonathan Wilkes writes:
Furthermore, couldn't I periodically query every publicly accessible
PGP keyserver (maybe do it in a distributed manner) to see who
signed what, and then mirror that web of trust with the keys I
control?
Furthermore, couldn't I also upload keys with same name/email
Guido Witmond writes:
Blocking a camera (and muting it's microphone) are wise things to do,
but here Yahoo had 'forgotten' to implement end-to-end encryption.
... or even client-server encryption between the user and Yahoo.
(Disclosure: my employer has a competing webcam privacy tool.)
--
Hisham writes:
Hello LibTech crowd,
Sorry if this has been discussed here before but is anybody here familiar
with a software called Privus?
https://www.kickstarter.com/projects/857935876/175768761?token=bbfb88ac
Its developers promote it as an encryption service that offers absolutely
carlo von lynX writes:
Hm, federation is so commonly expected to be the normality that
any distributed system is filed under p2p even if, like Tor, it
runs on thousands of servers, thus rather distant from what p2p
was supposed to mean. Tor started as P2P, but I think it isn't
anymore.
I
Jillian C. York writes:
Since I already have more skepticism of Google Ideas and Jared Cohen than I
need, let me pose this question:
With the understanding that uProxy provides no anonymity protections, *is
it providing anything that other circumvention tools do not already?*
What's unique
Michael Hicks writes:
ok so I guess I just send u guys the links and u check out my software and
Vet it? This was made for people to be able to protect their privacy and the
NSA can't hack it No One can it's impossible. all the information is at
scrambler.webs.com
It's true that no one
Tim Prepscius writes:
We want to get to a state where an e-mail server is easy to set up.
And runs with *non governmental* issued ssl certificates.
I think this might reflect a misperception of the threat model around
misissuance of certificates.
If you think governments are likely to use
Rich Kulawiec writes:
Usenet has long since demonstrated the ability to route around
amazing amounts of damage and flakiness and to maintain communications
over very slow (including sneakernet) links.
Arguably, that sentence describes the normal operational state of the
network on a
Anthony Papillion writes:
It's up to us to protect ourselves and, thankfully, we have the
technology to do just that.
(As I suggested in a previous message, I strongly support greater use
of privacy-enhancing technologies, and finding tactics to increase the
demand for them.)
I think it's
Eugen Leitl writes:
There might be use cases for using end-to-end encrypting
VoIP phones on Mifi over 3G/4G (assuming you can penetrate
the double NAT), as here both security compartments are
separate.
That seems to have some clear potential privacy and security benefits,
but if you use a
Tom Ritter writes:
On 25 March 2013 11:57, Tom Ritter t...@ritter.vg wrote:
It the moment it only supports Bitlocker, but support for Truecrypt is
coming[0]. \
Due to some internal confusion, this happened a little bit ago, but I
didn't know about it. You can now tell it I'm smarter
Yosem Companys writes:
From: Dan Gillmor d...@gillmor.com
Given the vanishingly small likelihood that companies or governments
will do anything about cell phone tracking, I'm interested in what
countermeasures we can take individually. The obvious one is to turn
off GPS except on rare
Bernard Tyers - ei8fdb writes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello all,
Has anyone come across an encrypted address book / contact list application
for smartphone devices?
Note that some (or many) of these don't work very well against a
sophisticated attacker.
Griffin Boyce writes:
Hashkill can now determine the master password for Android's full-disk
encryption scheme.
image showing the process: http://i.imgur.com/bFUf7lR.png
script: https://github.com/gat3way/hashkill
Thoughts?
It seems like this is just a tool for doing dictionary and
Nathan of Guardian writes:
Yubikey combined with a short user password is a potential option for the
second idea, with devices that have USB Host mode:
https://guardianproject.info/2012/01/04/strong-mobile-passwords-with-yubikey-usb-token/
That's pretty awesome, and very creative.
I
Griffin Boyce writes:
Well, http://preyproject.com/ would be better for a layperson who doesn't
have the time/interest to encrypt. But it's not impossible to disable or
anything. And in the meantime the thief would have access to your data.
Depends on whether you are more looking to get
Cooper Quintin writes:
Paul,
If you, as you say, do not have much experience in breaking/testing
encryption or the details of modern methods, I must assume that you are
not, in fact a professional cryptographer. (That's okay! Neither am I!)
That being the case, I must ask you to PLEASE,
Tianay Pulphus writes:
What's the story behind the name? What's a foss? Is it a play on boss?
It's Icelandic for waterfall :-þ, but in this case it refers to free
and open source software.
Free and open source software are historically different names for the
same software, but each name is
Nick Daly writes:
On Fri, Nov 16, 2012 at 4:41 PM, Griffin Boyce griffinbo...@gmail.com wrote:
All URL shorteners have the problem of not being transparent with
destination. The risk of this is amplified on places like Twitter,
where the shortened version can be copied and pasted numerous
Parker Higgins writes:
On 11/16/12 3:03 PM, Seth David Schoen wrote:
There's no er top-level domain
I understand I'm getting a bit afield, but there is a .er ccTLD, for
Eritrea:
https://en.wikipedia.org/wiki/.er
Granted, there's no known registry. And you can't get a domain
Micah Lee writes:
Before 12.10 the Ubuntu GUI installer only let you set up home directory
encryption using encryptfs, which is different than full disk
encryption.
For anyone hoping to read about the details of this technology, you
probably want the (possibly counterintuitive) spelling
Nathan writes:
Like organic, open-source is a term that is easily claimed but
not often truly fulfilled. Nadim should be given more credit for the
completely transparent and engaged open-source project he runs, and for
defending an approach and philosophy that he is completely living up to.
Greg Norcie writes:
This is a good logic, but there is still a problem even if Google scans
uploads.
Both state and nonstate actors often use zero day vulnerabilities. Since
a zero day has never been seen before, there is no signature for it in
any virus database.
This is totally true in
oli writes:
take the liberty...
So I think there are a couple of interesting questions about how well you
can clear flash storage by simple overwriting of free space. Remember
that you have several layers in between your write operation and the
actual flash blocks. Wei et al. say from
30 matches
Mail list logo