Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Years After Snowden Leaks, Encryption Tools Are Gaining Users

Posted by Soulskill on from the cryptic-response dept.

Patrick O'Neill writes: It's not just DuckDuckGo — since the first Snowden articles were published in June 2013, the global public has increasingly adopted privacy tools that use technology like strong encryption to protect themselves from eavesdroppers as they surf the Web and use their phones. The Tor network has doubled in size, Tails has tripled in users, PGP has double the daily adoption rate, Off The Record messaging is more popular than ever before, and SecureDrop is used in some of the world's top newsrooms.

69 comments

  1. TrueCrypt by Anonymous Coward · · Score: 4, Interesting

    ....and not a word about TrueCrypt? is there any commonly used alternative or people just don't care?

    1. Re:TrueCrypt by Anonymous Coward · · Score: 0

      http://alternativeto.net/software/truecrypt/?

    2. Re:TrueCrypt by Anonymous Coward · · Score: 0

      It's surprising that there wasn't a story posted when Wikipedia search was made external tp them.

      Think about that for a moment.

    3. Re:TrueCrypt by Anonymous Coward · · Score: 0

      dmcrypt
      ecryptfs

    4. Re:TrueCrypt by bigfinger76 · · Score: 1

      I'm trying.

    5. Re:TrueCrypt by ncc74656 · · Score: 1

      ....and not a word about TrueCrypt? is there any commonly used alternative or people just don't care?

      I migrated to FreeOTFE right around the time that the TrueCrypt developers said people should stop using it, about a year ago. I haven't had much reason to migrate back (though TrueCrypt's hidden volume feature was nice to have).

      --
      20 January 2017: the End of an Error.
  2. Really? by Anonymous Coward · · Score: 0

    In one news, encryption tools are not gaining users. In another use they are gaining users. It's like butter versus margarine. Does anyone have some real data to back up these claims or do they all just make it up on the fly?

    1. Re:Really? by Anonymous Coward · · Score: 2, Funny

      Encryption causes heart disease and high cholesterol.

    2. Re:Really? by TheRealLifeboy · · Score: 1

      So encryption = margarine? ;-P

  3. Secure Skype Replacement? by Idimmu+Xul · · Score: 1

    Can anyone recommend a secure Skype replacement? I've been using Telegraph for real time chat, which has a great mobile experience, but only one of my friends has transitioned to it, everyone else is still all over WhatsApp. Telegraph also doesn't do video data.

    I saw Snowdon talk last week and whilst he didn't say anything that hadn't already been said and printed, his passion has definitely motivated me to take a bit more personal responsibility.

    Several of my IRC channels have now also moved to Slack, which is probably a step backwards for security.

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
    1. Re:Secure Skype Replacement? by Hadlock · · Score: 2

      In theory you could run a mumble server on a private VPS. When I did it I used a VPS of the most minimal specs I could purchase at the time (1cpu, 1GB ram, linux) for about $7/month. I ran a mumble server for a community of about 3000 users for a couple of years and we would have 200 concurrent users with no latency issues. Voice and chat go over TLS. Mumble does not offer video chat however.

      --
      moox. for a new generation.
    2. Re:Secure Skype Replacement? by Anonymous Coward · · Score: 2, Interesting

      Telegraph is already being targeted by LE, some users in UK and AU using it for terrorism related purposes had their messages found. It was probably just poor opsec but Telegraph has had some serious problems before and that was with them using very industry standard methodology when it comes to encryption, they also have an over reliance on Qt from what I've seen in their code. I recommend Tox and it's associated clients, the clients are rubbish UI-wise (Unless you like CLI/ncurses with Toxic) but tox-core and it's crypto library, NaCI appear to be solid. Keep in mind that the encryption used is not as mature as most industry standards. It basically relies on NaCI crypto_box which is curve25519xsalsa20poly1305, Tox uses Opus for audio and VP8 for video, fixed bitrates. Video is basically unusable due to bitrates but audio manages to work OK but probably not for geographical areas you would want such high security. Tox's main problem is usability, not just in clients but the protocol too. There is no true multi-device support, no persistent groups, no "offline messaging" (some might call that a feature though) and these are artefacts of the protocol design.

    3. Re:Secure Skype Replacement? by Anonymous Coward · · Score: 0

      Telegraph is an insecure piece of shit. Look into Tox.

    4. Re:Secure Skype Replacement? by SuricouRaven · · Score: 2

      I use OTR or Retroshare for text-only IM and messaging, but neither does voice - it's been a 'coming soon' feature on Retroshare for a very long time.

    5. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 2, Interesting

      Look, I'll put it in very simple and very straightforward terms: there is no secure communications anymore if you intend "secure from the government". There is none, and there will be none. Because the moment someone develops it, they get a visit from law enforcement who will tell them in no uncertain terms to keep a backdoor open for them or else... No elses, really. You have to comply. And you will. So get over it, there is and there will never be anything secure from the government.

    6. Re:Secure Skype Replacement? by Anonymous Coward · · Score: 1

      We have learned something important today. Anonymous Coward's name is Shawn. My name is Shawn?

    7. Re:Secure Skype Replacement? by Anonymous Coward · · Score: 0

      His name was Robert Paulson.
      His name was Robert Paulson.
      His name was Robert Paulson.

    8. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 0

      What is your evidence that they can break GPG?

      Even Snowden, who had every reason to fear, used GPG to keep his data safe from the government.

    9. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 0

      It's not a matter of evidence. It's a matter of strength balance. The government(s) has power, you do not. They don't need to break the encryption: they only need to break you. And they will. Do you have friends or loved ones? I'd be cooperative if I were you. Bad things can happen.

    10. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 3, Insightful

      That argument only works if you are a "person of interest". For 99.9999% of people, the point is to avoid mass surveillance, not targeted surveillance. Yes, if the government targets YOU, you are fucked. But that is not the threat model that applies to almost everyone, and it remains highly useful to frustrated the mass surveillance state.

    11. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 1

      You are a gov't shill trying to discourage secure computing!

      The RSA algorithm (use wikipedia if you don't know it) is so simple a grade-schooler can understand it. And it is 100% not possible for a government to insert any kind of back door.

      If you think that "the government" magically knows every time someone raises a number to an exponent, and does a modulo, then you really need a thicker tinfoil hat, the radiation has been impacting your wetware.

    12. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 0

      The moment you try to avoid mass surveillance, you become a target. The mere use of encryption is enough to put you automatically on a watchlist. You. Cannot. Win. Get over it.

    13. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 0

      Linphone?

      https://en.m.wikipedia.org/wiki/Linphone

      Not the best UI ever created though.

    14. Re: Secure Skype Replacement? by Steve+B · · Score: 2

      That's the whole point of making good communication security as close to universal as possible.

      --
      /. If the government wants us to respect the law, it should set a better example.
    15. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 0

      Gee, I wonder why someone would be espousing the view that "there's no point to resisting the surveillance state..."

      I wonder what their motivation might be. Hmm...

    16. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 0

      Threatening is probably not wise. Remember that government is not monolith. I work for government for instance, and I don't take kindly to what you just stated. Nor do I like where we've been headed these past years since 9/11. "Bad things can happen". Knock yourself out.

    17. Re: Secure Skype Replacement? by Anonymous Coward · · Score: 0

      > The mere use of encryption is enough to put you automatically on a watchlist

      what if you didn't want to use encryption but google.com and wikipedia.com and bing.com all started doing it automatically? do you still go on the watchlist?

    18. Re:Secure Skype Replacement? by TheRealLifeboy · · Score: 2

      Tox & Venom

    19. Re:Secure Skype Replacement? by fibbooo · · Score: 2

      Am I missing something, or are you all meaning `Telegram' when writing `Telegraph'? (I understand they use some self-created cryptography (security-wise not the best idea).)

      NaCl is also used by Threema (my messenger of choice), btw.

  4. Dice slowly ruining /. with Beta creeping by Anonymous Coward · · Score: 0

    Dice, you suck. You are the parasitic scum type of the internet. Sucking the soul out of the web that once was great.

  5. "PGP has double the adoption rate...." by Anonymous Coward · · Score: 2, Insightful

    Sadly, it could have 10 times the adoption rate, and to an excellent approximation, it would still be true that nobody uses it.

    1. Re:"PGP has double the adoption rate...." by Anonymous Coward · · Score: 0

      And it will remain that way until HTML formatted mail just works. "Hi John, see my comments below in red" needs to work.

    2. Re:"PGP has double the adoption rate...." by Anonymous Coward · · Score: 0

      HTML email is an abomination that needs to die. If you really need your red comments then you should use a protocol that supports them. As it is you will never know if your recipient is using a client that is non-compliant in the same way as yours.

    3. Re:"PGP has double the adoption rate...." by Anonymous Coward · · Score: 0

      Just be thankful that you have HTML mail instead of Microsoft Word mail where messages contain OLE.

      Do not be antisocial. People demand formatted messages. If IT forced a company to operate without formatted messages, they would be replaced. The tail does not wag the dog. Like top posting (another convenience over some perceived & artificial correctness), formatted mail is here to stay.

      If your protocol does not support HTML mail, then make it or it will be abandoned (like PGP e-mail's).

      HTML email is an abomination that needs to die. If you really need your red comments then you should use a protocol that supports them. As it is you will never know if your recipient is using a client that is non-compliant in the same way as yours.

  6. Slashdot's privacy tools are terrible by turp182 · · Score: 2

    I don't want to live in a world where terrible user experience is an effective weapon to keep information private!

    --
    BlameBillCosby.com
    1. Re:Slashdot's privacy tools are terrible by Anonymous Coward · · Score: 0

      How about leading an extremely boring life in which absolutely nobody is interested? That could also work.

    2. Re: Slashdot's privacy tools are terrible by Anonymous Coward · · Score: 0

      Yeah, that's been working for me

  7. DNS Record public encryption key by ealbers · · Score: 2

    I don't know why we don't change the DNS records to include a public key for every record.
    Then every site would be able to add a public key for everyone to communicate with it.
    Just add it to the existing zone record response

    1. Re:DNS Record public encryption key by lesincompetent · · Score: 1

      TXT record perhaps?

    2. Re:DNS Record public encryption key by Anonymous Coward · · Score: 3, Interesting

      Because that would create an obvious way to poison the DNS records so that a site would become unreachable. something very easy for a government to do. It would make everything in China and Russia immediately lower to their knees. It would eventually happen in other places but would just take longer.

    3. Re:DNS Record public encryption key by fisted · · Score: 1

      Good point.

      --
      CLI paste? paste.pr0.tips!
    4. Re:DNS Record public encryption key by ealbers · · Score: 1

      DNS records can already be 'poisioned'....they just remove the record...boom, no more site.

    5. Re:DNS Record public encryption key by Anonymous Coward · · Score: 0

      Not exactly what you are talking about, but there is DNSSEC which signs DNS entries and TLSA and SSHFP records which announce public keys for TLS and SSH respectively. Of course, DNSSEC is pretty much dead and there doesn't appear to be any effort to make a replacement that fixes its problems; there seems to be a consensus that DNS is the wrong place for those things.

    6. Re:DNS Record public encryption key by WuphonsReach · · Score: 2

      That requires DNSSEC and DANE to be effective. There's momentum for both, but neither will hit mainstream until Google's Chrome forces it.

      Ultimately, I expect a mix of pinned-certificates, DNSSEC/DANE, and cloud-based reputation for certificates (is everyone else seeing the same certificate?).

      Key management is hard -- really hard. It's the weak link of modern encryption.

      --
      Wolde you bothe eate your cake, and have your cake?
  8. DOUBLE OF NEXT-TO-NOTHING IS STILL by Anonymous Coward · · Score: 0

    A drop in the bucket. Few know anything about this ... make that, few know what to do about any of this so most - nearly everyone - still do as they have been doing. Get out and see the un-tech operate a connected device. They have NO IDEA AT ALL about security. That herd in the natural world would be extinct. It survives today, in this form, only because the herd numbers in the billions. But then, the bison were, too. Time will equalize this.

  9. Causation and coincidence by Anonymous Coward · · Score: 0

    Meanwhile, piracy is still on the decline, which causes the temperatures to raise. Do you part fellows, the Somallian anti-GW initiative needs you!

  10. Bingo: Good point & Kaminsky flaw too... apk by Anonymous Coward · · Score: 1

    See here: A remedy that's more efficient & faster than remote DNS http://it.slashdot.org/comment...

    * Using something you have NATIVELY already no less... & that actually COMPLIMENTS DNS nicely too!

    APK

    P.S.=> To quote Howard Stark from the film "Captain America"? Hosts = Capt. America's vibranium shield, DNS = steel (that's NOT 'stainless'):

    "It's stronger than steel & 1/3rd the weight" - Howard Stark

    As well as something less complex & prone to breakdown (DNS does go down, a LOT) + exploit, & more efficient by using something you ALREADY natively have locally that eats less electrical power + has less "moving parts" complexity... apk

  11. I see nothing by houghi · · Score: 3, Interesting

    I believe that something serious is being done as soon as I start seeing gpg signatures in emails. To me that is the first step. Not so much the encoding and that nobody can read it, but that I am sure that the mail from my bank is from my bank.

    Because not only will that show me that they are doing something about it. It will show me that they are serious. It will also show others and will make other people start using it.

    That way I can send an email from my address, sign it and it will be offcial. There are obviously several ways of doing this.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:I see nothing by Bert64 · · Score: 1

      Some banks already sign their mails, albeit with s/mime instead of pgp... PGP requires a plugin for most mail clients, while s/mime is usually supported by default.
      I work in security, and always sign my emails... The majority of our clients simply ignore the signature and have no idea what it is.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  12. jitsi Re:Secure Skype Replacement? by Anonymous Coward · · Score: 0

    jitsi.org
    http://jitsi.org/

    Jitsi is an audio/video Internet phone and instant messenger written in Java. It supports some of the most popular instant messaging and telephony protocols such as SIP, Jabber/XMPP (and hence Facebook and Google Talk), AIM, ICQ, MSN, Yahoo! Messenger.

    The development of Jitsi started at the University of Strasbourg, France. Originally the project was known as SIP Communicator. Throughout the years our community has grown to include members and contributors from Brazil, Bulgaria, Cameroon, China, Estonia, France, Germany, India, Japan, Romania, Spain, Switzerland, UK, USA, and others.

    Jitsi is based on the OSGi architecture using the Felix implementation from Apache. This makes it very extensible and particularly developer friendly.

    1. Re:jitsi Re:Secure Skype Replacement? by jtgd · · Score: 1

      ... Jabber/XMPP (and hence Facebook and Google Talk)...

      Google Talk hasn't been XMPP for years.

      --
      J
  13. Government Obstructionism by Greyfox · · Score: 2
    We're, what, abut four decades on now and you can't even get a mail client with the tools integrated out of the box. The laws on the books effectively prevent it. Until that changes, the'll be no progress made on that front. Maybe in this climate, a few candidates running on a pro-privacy platform would be viable, but I doubt it'd get enough traction to make a difference.

    While we're on the subject though, what the fuck is up with mail client interfaces getting worse and worse? The UNIX text-based clients provide far better interfaces than any graphical client I've ever used, and they're currently falling into disrepair. Hell, I don't think anyone's actually touched the VM code in about half a decade, and it has the best threading and thread-handling options I've ever seen in any mail client. Kill-by-thread from any message in the thread makes keeping those useless IT notifications from the company a snap. It also had pretty decent integration with GPG, even if you did have to add it in yourself. Paired with the MIT remembrance agent, it did a great job of reminding you what you did to fix a problem six months ago when the exact same problem cropped up. I've never seen functionality like that in any other mail client.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  14. The vast majority still don't care by caseih · · Score: 1

    Since the vast majority of people don't know or care and have done nothing different, we can only assume that those people that are adopting strong encryption tools must be terrorists. Because no one else would need to use weapons-grade encryption.

    1. Re:The vast majority still don't care by dcollins117 · · Score: 3, Interesting

      Because no one else would need to use weapons-grade encryption.

      True, I don't need to use encryption everywhere, but I do just because I can. It amuses me that if anyone wants to snoop on my communications that they see the digital equivalent of an upraised middle finger, and not my plaintext.

      I also enjoy the fantasy of someone spending an inordinate amount of resources to decrypt my emails only to discover that all I'm doing is sending LOLcat photos to my friends.

    2. Re:The vast majority still don't care by bigfinger76 · · Score: 1

      Are you enjoying the breeze?

  15. Veracrypt by mschaffer · · Score: 1

    https://veracrypt.codeplex.com...

    1. Re:Veracrypt by MyFirstNameIsPaul · · Score: 3, Interesting

      Schneier has some interesting points in this blog post.

      --

      I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.

  16. Re:Bingo: Good point & Kaminsky flaw too... ap by Anonymous Coward · · Score: 0

    So you're saying that in order to prevent DNS being tampered with, you'd rather defeat DNS entirely? I presume that if some site's address(es) change, a magic unicorn will provide your trollware with updated records, yes?

    Way to demonstrate technical illiteracy.

  17. Yeah, but... by Megol · · Score: 1

    "126 Years After Adolf Hitler's Birth, Encryption Tools Are Gaining Users" is also true.

  18. Odd Questions About TrueCrypt by Frosty+Piss · · Score: 1

    I wonder... Schneier says:

    Then, I used TrueCrypt. I used it because it was open source. But the anonymous developers weirdly abdicated in 2014 when Microsoft released Windows 8.

    Is there a relationship between the release of Windows 8 and the abandonment of TrueCrypt? Is there a bug / back door / some other issue between Windows 8 and TrueCrypt? Do the developers for TrueCrypt now work in Redmond?

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Odd Questions About TrueCrypt by Anonymous Coward · · Score: 0

      TrueCrypt doesn't work work with the GUID Partition Tables that Windows 8.x uses by default. The spinoff, VeraCrypt, doesn't support them as of yet either.

  19. Encryption. by Anonymous Coward · · Score: 0

    Only god has secrets people. Encryption if you choose to use it will be your downfall.

  20. For beginners... by robot5x · · Score: 2

    I'd like to send a link to my friends introducing them to some encryption tools that they can readily use, and maybe some good write up on why its important - any tips? thanks.

    --
    Hej! Nasi tu byli!
    1. Re:For beginners... by lott11 · · Score: 1

      just go here http://www.fsf.org/search?Sear... hope this helps.

  21. Putting words in my mouth I never said? by Anonymous Coward · · Score: 0

    See subject: For fav sites where you spend most of your time online placed @ the TOP of a custom hosts file (as my program does for you once you give it said list -> http://start64.com/index.php?o... ) you can literally not only GO FASTER, but also SAFER & MORE RELIABLY by resolving them locally - thus, avoiding DOWNED or DNS poisoning redirected bushwhacked DNS servers (Kaminsky flaw & 99.999% of ISP DNS' are NOT PATCHED vs. it), as well as DNSBL's you *may* not agree with...

    APK

    P.S.=> Seriously - trying to "put words in my mouth" I never once stated != good OR valid debating technique on YOUR part, ac troll... apk

  22. You can avoid DNS totally & DNSBL by Anonymous Coward · · Score: 0

    See subject & this (hardcoded fav sites @ top of hosts): APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...

    Additionally: It lightens DNS server loads (admins of DNS ought to love that, it compliments DNS) & avoids the 99.999% non-patched vs. the Kaminsky redirect poisoning flaw in ISP DNS servers!

    FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. browser addons & locally installed DNS servers @ home + fixes DNS' redirect security issues - obtaining its data vs. online threats & adbanner blocking from 10 reputable sites in the security community!

    * :)

    By "yours truly" - "The Lord of Hosts" so-to-speak:

    PERTINENT QUOTE/EXCERPT:

    "The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power" from https://answers.yahoo.com/ques... & in myself, via hosts/custom hosts files use.

    (Accept NO substitutes!)

    MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...

    &

    It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

    +

    In its 32-bit model also https://www.virustotal.com/en/...

    APK

    P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

    ...apk

  23. TOX by Anonymous Coward · · Score: 0

    qTox is a great communication tool to be used F2F (it is NOT anonymous, use only with trusted friends). Works great and is open source.