Two Years After Snowden Leaks, Encryption Tools Are Gaining Users

Patrick O'Neill writes: It's not just DuckDuckGo — since the first Snowden articles were published in June 2013, the global public has increasingly adopted privacy tools that use technology like strong encryption to protect themselves from eavesdroppers as they surf the Web and use their phones. The Tor network has doubled in size, Tails has tripled in users, PGP has double the daily adoption rate, Off The Record messaging is more popular than ever before, and SecureDrop is used in some of the world's top newsrooms.

TrueCrypt

....and not a word about TrueCrypt? is there any commonly used alternative or people just don't care?

Re:Secure Skype Replacement?

Telegraph is already being targeted by LE, some users in UK and AU using it for terrorism related purposes had their messages found. It was probably just poor opsec but Telegraph has had some serious problems before and that was with them using very industry standard methodology when it comes to encryption, they also have an over reliance on Qt from what I've seen in their code. I recommend Tox and it's associated clients, the clients are rubbish UI-wise (Unless you like CLI/ncurses with Toxic) but tox-core and it's crypto library, NaCI appear to be solid. Keep in mind that the encryption used is not as mature as most industry standards. It basically relies on NaCI crypto_box which is curve25519xsalsa20poly1305, Tox uses Opus for audio and VP8 for video, fixed bitrates. Video is basically unusable due to bitrates but audio manages to work OK but probably not for geographical areas you would want such high security. Tox's main problem is usability, not just in clients but the protocol too. There is no true multi-device support, no persistent groups, no "offline messaging" (some might call that a feature though) and these are artefacts of the protocol design.

Re:DNS Record public encryption key

Because that would create an obvious way to poison the DNS records so that a site would become unreachable. something very easy for a government to do. It would make everything in China and Russia immediately lower to their knees. It would eventually happen in other places but would just take longer.

Re: Secure Skype Replacement?

Look, I'll put it in very simple and very straightforward terms: there is no secure communications anymore if you intend "secure from the government". There is none, and there will be none. Because the moment someone develops it, they get a visit from law enforcement who will tell them in no uncertain terms to keep a backdoor open for them or else... No elses, really. You have to comply. And you will. So get over it, there is and there will never be anything secure from the government.

I see nothing

[houghi]

I believe that something serious is being done as soon as I start seeing gpg signatures in emails. To me that is the first step. Not so much the encoding and that nobody can read it, but that I am sure that the mail from my bank is from my bank.

Because not only will that show me that they are doing something about it. It will show me that they are serious. It will also show others and will make other people start using it.

That way I can send an email from my address, sign it and it will be offcial. There are obviously several ways of doing this.

Re:The vast majority still don't care

[dcollins117]

Because no one else would need to use weapons-grade encryption.

True, I don't need to use encryption everywhere, but I do just because I can. It amuses me that if anyone wants to snoop on my communications that they see the digital equivalent of an upraised middle finger, and not my plaintext.

I also enjoy the fantasy of someone spending an inordinate amount of resources to decrypt my emails only to discover that all I'm doing is sending LOLcat photos to my friends.

Re:Veracrypt

[MyFirstNameIsPaul]

Schneier has some interesting points in this blog post.