Alec Muffett

7万件のツイート

フォロー

Alec Muffett

@AlecMuffett

Cryptography, Systems & Network Security Engineering since ~1988; Full-time Dad. See link for biog & press resources. 'Everybody Deserves Good Security'.

UKalecmuffett.com/about2007年4月からTwitterを利用しています

3,491 フォロー中

1.2万フォロワー

Alec Muffettさんのツイート

固定されたツイート

Alec Muffett

@AlecMuffett

9月7日

HEY

@PROPUBLICA

- YOU'VE ENABLED THE DAILY MAIL TO PRINT FAKE NEWS ABOUT END-TO-END ENCRYPTION, DISMISSING ENCRYPTION AND AND MISLEADING RE: HOW THE WHATSAPP ONLINE SAFETY TEAM HANDLES ABUSE, INCLUDING CHILD ABUSE. I HOPE YOU'RE PROUD.

引用ツイート

Ruliquid Trader

@RULiquid

· 9月7日

So much for end-to-end encryption! Facebook pay more than 1,000 workers to READ WhatsApp messages that are flagged as 'inappropriate' and even share them with the DOJ via dailym.ai/ios mol.im/a/9966435

This is an excellent Economist article on OSINT, including this fabulous act of self-pwn by the Chinese Government, exposing their Uyghur gulags: web.archive.org/web/2021090215

Alec Muffett

@AlecMuffett

9時間

This is an excellent Economist article on OSINT, including this fabulous act of self-pwn by the Chinese Government, exposing their Uyghur gulags: web.archive.org/web/2021090215

Alec Muffett

@AlecMuffett

12時間

WiReD Italian coverage from 2020

Perché il Progetto Gutenberg sarà sotto sequestro per sempre - Wired

Il portale di digitalizzazione di libri resta inaccessibile al pubblico italiano. Almeno per chi non usa le vpn: storia di un sequestro poco chiaro

Incidentally, if anyone from

@gutenberg_org

wants to set up a high-availability

@torproject

Onion site, I would be delighted to offer my services, gratis.

GIF

Access to Project Gutenberg (free, out-of-copyright books) is blocked in Italy; overwhelmingly the means of censorship is DNS blocking. Elsewhere: any geeks who desire supply of *authoritative* DNS without tampered results, are invited to experiment with: github.com/alecmuffett/do

引用ツイート

OONI

@OpenObservatory

· 9月10日

[New Report] Italy blocks Gutenberg book publishing website ooni.org/post/2021-ital In collaboration w/ Davide Brunello, we published a new report which examines the blocking of the Gutenberg book publishing website across networks in #Italy based on OONI data. #censorship

このスレッドを表示

Carousel

When people talk about the corrupting influence of Big Tech systematically destroying the fabric of society... just remember that Amazon - a $1.8T company - thinks that plantains are a valid substitution for bananas.

Alec Muffett

@AlecMuffett

13時間

<reads> "Where's Tor?"

Quit Google Chrome For One Of These 3 Privacy-Friendly Alternatives

Google Chrome is too data-hungry and powerful. Here are 3 privacy-friendly alternatives.

返信先:

さん

It's not that simple; the fact that the Chief Commissioner wholly ignores Apple iMessage, Apple FaceTime, WhatsApp, Telegram & Signal are all already end-to-end encrypted, demonstrates that this is a political, not practical, complaint from Government:

Unroll: The Telegraph & Cressida Dick’s article on End-To-End Encryption, is part of a deeper...

1/ It's tempting to be darkly snarky about this article, along the lines of "Met Commissioner Cressida Dick calls for more terrorists to be 'known to the police' before committi…

Debate continues! Check out the latest Twitter discussion on: CryptoWars21 UK Cressida Dick — with a #ReadyMadeTwitterSearch at:

GitHub - alecmuffett/ready-made-twitter-searches: prefabricated twitter searches for civil society...

prefabricated twitter searches for civil society purposes - GitHub - alecmuffett/ready-made-twitter-searches: prefabricated twitter searches for civil society purposes

If you want to read this unrolled: The Telegraph & Cressida Dick's article on End-To-End Encryption, is part of a deeper political project

Unroll: The Telegraph & Cressida Dick’s article on End-To-End Encryption, is part of a deeper...

1/ It's tempting to be darkly snarky about this article, along the lines of "Met Commissioner Cressida Dick calls for more terrorists to be 'known to the police' before committi…

13/13 In order to get this, Civil Society will need to support Facebook in building End-to-End Encryption in Facebook Messenger. This will doubtless be hard for many, in light of many "hot" issues that Facebook have caused. But if we want encryption, we have to do this 1 thing.

GIF

GIF

12/ SUMMARY: We need real cryptography, to protect data, to protect users, to protect people. We need the freedom to design solutions & write code without a lawyer checking it for compliance with "legally maximum permitted privacy". We need End-to-End Encryption to be "normal".

11/ The consequences echoed in security bugs for the next 20 years, with downgrade attacks and other weaknesses brought on by this obligatory nightmare. digicert.com/blog/freak-att en.wikipedia.org/wiki/FREAK

Logjam (computer security) - Wikipedia

10/ You needed a software "key" from the Java website, to be able to use cryptography in Java. Export controls and other legal tools were employed by Governments to inhibit your ability to keep data safe, secure and private.

GIF

9/ How do I know this? Because I lived through it in the 1990s. If you want to see lingering echoes of it, go look at this page: oracle.com/uk/java/techno

8/ If this happens, a massive chill will pass over the Internet: Developers and startups will need to employ lawyers to tell them what code they may/may-not write. Architectures which strongly protect data will be avoided, in favour of ones that speculatively support snooping.

GIF

7/ So this is actually a "political game" - the world's governments want to hinder adoption of cryptography, and if they can visibly and embarrassingly stop Facebook — if they can MAKE AN EXAMPLE of Facebook — then (the thinking goes) they can stop anyone. What happens then?

GIF

6/ …and others are noting that

@pritipatel

is being awfully quiet about iMessage's existing end-to-end encryption whilst openly cheering Apple's privacy-disastrous on-device CSAM surveillance: phonearena.com/news/uk-govern

5/ If that sounds a bit narrow or paranoid — "only Facebook?" — other journalists have noted that of the big messenger solutions: - WhatsApp - iMessage/FaceTime - Telegram - Signal - only

@messenger

is NOT YET default-end-to-end-encrypted 9to5mac.com/2021/09/09/csa HT

4/ The truth is that this is all part of a campaign to stop Facebook deploying E2E Encryption in (specifically) Facebook

@messenger

, the intention being to prove state power over encryption, and to dissuade innovation elsewhere: theregister.com/2021/09/08/uk_

3/ However it seems egregious of Ms Dick to raise this on the anniversary of a event which was clearly not enabled by E2E-Encryption - because there was hardly any of it in 2001. Hell, the Paris attacks 14 years later, were arranged via plaintext SMS:

Paris police find phone with unencrypted SMS saying “Let’s go, we’re starting”

Phone likely led authorities to Saint-Denis, where clash left suspected "guru" dead.

2/ The allusion being that Security Services are already swamped in more "data" than they are "intelligence". Evidence? INHOPE, the global Child Safety Hotline umbrella organisation, are swamped with old & stale reports, so develop "triage" tools: inhope.org/EN/articles/wh

1/ It's tempting to be darkly snarky about this article, along the lines of "Met Commissioner Cressida Dick calls for more terrorists to be 'known to the police' before committing atrocities" …the allusion being that (continued) telegraph.co.uk/news/2021/09/1

Ugh. It's embarrassing how many people view everything through the lens of "could this be bad for Facebook? Then it must be good" without thinking through the implications for everyone. It's embarrassing that respectable people are supporting this nonsense.

引用ツイート

Joe Bernstein

@Bernstein

· 9月10日

A little Friday column from me: Why A Facebook Watchdog Group Is Cheering A Law That Could Hurt Journalists buzzfeednews.com/article/joseph

このスレッドを表示

Alec Muffett

@AlecMuffett

9月10日

What could possibly go wrong?

GIF

引用ツイート

Sean Harris

@InfoSecHotSpot

· 9月10日

Your voiceprint could be your new password as companies look to increase security for remote workers twib.in/l/48AaBAMjypk5

NEW: Today I'm publishing a draft paper analyzing the findings from a research survey I conducted for

@stanfordio

that polled online service providers about their Trust & Safety practices. Available here: papers.ssrn.com/sol3/papers.cf Here's a スレッド

about the takeaways:

109

191

Looks like WhatsApp is going to end-to-end encrypt cloud-stored backups now. This is great news for user privacy. Congrats to WhatsApp! Apple, your move.

WhatsApp to encrypt the data on cloud storage

WhatsApp had earlier enabled end-to-end encryption on its platform. This has made the chats on it more secured and no outsider could easily pry on those messages. But for the cloud data, authoritie…

123

返信先:

さん

I can imagine WhatsApp receiving some sort of resistance or persuasions to not implement the backup encryption. Thanks for pushing through and releasing that Hope this inspire the other company to consider doing the same

One of the main issues with WhatsApp as a secure messaging app is that backups are stored unencrypted in Google Drive or iCloud. They're fixing it though using a new well thought-out E2EE cloud backup system!

How WhatsApp is enabling end-to-end encrypted backups

WhatsApp is planning to give people the option to protect their WhatsApp backups on iCloud and Google Drive using end-to-end encryption.

We're very excited to be launching end-to-end encrypted backups on WhatsApp.

130

544

Filippo Valsorda 注射器

There is a whitepaper! And there are HSMs in the mix! I'll take some time to read it this evening.

引用ツイート

Alec Muffett

@AlecMuffett

· 9月10日

whatsapp.com/security/Whats [PDF]

このスレッドを表示

Alec Muffettさんがリツイート

@WhatsApp

9月10日

Developing end-to-end encrypted backups was an incredible technical challenge: an entirely new framework for key and cloud storage. With encrypted backups they’re only accessible to you, so that neither WhatsApp nor the backup service provider can access or decrypt the messages.

596

WhatsApp is adding encrypted backups theverge.com/2021/9/10/2266

163

Alec Muffettさんがリツイート

@WhatsApp

9月10日

WhatsApp is the leading global messaging service to offer *both* end-to-end encrypted messaging and backups on iCloud or Google Drive. クラッカー

So you can make sure that bestie’s voice messages and mum’s secret recipe will be safely stored in a place only you can access.

101

258

1,379

whatsapp.com/security/Whats [PDF]

BREAKING:

soon offering additional feature of End-to-End Encrypted Backups - White Paper at

How WhatsApp is enabling end-to-end encrypted backups

WhatsApp is planning to give people the option to protect their WhatsApp backups on iCloud and Google Drive using end-to-end encryption.

Boris Johnson uses end-to-end encryption. Do you think he's better than you?

引用ツイート

Alec Muffett

@AlecMuffett

· 4月29日

The Prime Minister uses both WhatsApp & Signal, and presumably appreciates the benefits of end-to-end encrypted communication. Unless the UK moves towards a "one rule for politicians, another for everyone else"-approach, if Boris can have end-to-end encrypted crypto, so can we.

このスレッドを表示