Two Years After Snowden Leaks, Encryption Tools Are Gaining Users

← Back to Stories (view on slashdot.org)

Two Years After Snowden Leaks, Encryption Tools Are Gaining Users

Posted by Soulskill on Saturday June 20, 2015 @11:20PM from the cryptic-response dept.

Patrick O'Neill writes: It's not just DuckDuckGo — since the first Snowden articles were published in June 2013, the global public has increasingly adopted privacy tools that use technology like strong encryption to protect themselves from eavesdroppers as they surf the Web and use their phones. The Tor network has doubled in size, Tails has tripled in users, PGP has double the daily adoption rate, Off The Record messaging is more popular than ever before, and SecureDrop is used in some of the world's top newsrooms.

38 of 69 comments (clear)

Min score:

Reason:

Sort:

TrueCrypt by Anonymous Coward · 2015-06-20 23:24 · Score: 4, Interesting

....and not a word about TrueCrypt? is there any commonly used alternative or people just don't care?
1. Re:TrueCrypt by bigfinger76 · 2015-06-21 05:15 · Score: 1
  
  I'm trying.
2. Re:TrueCrypt by ncc74656 · 2015-06-23 13:49 · Score: 1
  
  ....and not a word about TrueCrypt? is there any commonly used alternative or people just don't care?
  
  I migrated to FreeOTFE right around the time that the TrueCrypt developers said people should stop using it, about a year ago. I haven't had much reason to migrate back (though TrueCrypt's hidden volume feature was nice to have).
  
  --
  20 January 2017: the End of an Error.
Secure Skype Replacement? by Idimmu+Xul · 2015-06-20 23:40 · Score: 1

Can anyone recommend a secure Skype replacement? I've been using Telegraph for real time chat, which has a great mobile experience, but only one of my friends has transitioned to it, everyone else is still all over WhatsApp. Telegraph also doesn't do video data.
I saw Snowdon talk last week and whilst he didn't say anything that hadn't already been said and printed, his passion has definitely motivated me to take a bit more personal responsibility.
Several of my IRC channels have now also moved to Slack, which is probably a step backwards for security.

--
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
1. Re:Secure Skype Replacement? by Hadlock · 2015-06-20 23:46 · Score: 2
  
  In theory you could run a mumble server on a private VPS. When I did it I used a VPS of the most minimal specs I could purchase at the time (1cpu, 1GB ram, linux) for about $7/month. I ran a mumble server for a community of about 3000 users for a couple of years and we would have 200 concurrent users with no latency issues. Voice and chat go over TLS. Mumble does not offer video chat however.
  
  --
  moox. for a new generation.
2. Re:Secure Skype Replacement? by Anonymous Coward · 2015-06-20 23:54 · Score: 2, Interesting
  
  Telegraph is already being targeted by LE, some users in UK and AU using it for terrorism related purposes had their messages found. It was probably just poor opsec but Telegraph has had some serious problems before and that was with them using very industry standard methodology when it comes to encryption, they also have an over reliance on Qt from what I've seen in their code. I recommend Tox and it's associated clients, the clients are rubbish UI-wise (Unless you like CLI/ncurses with Toxic) but tox-core and it's crypto library, NaCI appear to be solid. Keep in mind that the encryption used is not as mature as most industry standards. It basically relies on NaCI crypto_box which is curve25519xsalsa20poly1305, Tox uses Opus for audio and VP8 for video, fixed bitrates. Video is basically unusable due to bitrates but audio manages to work OK but probably not for geographical areas you would want such high security. Tox's main problem is usability, not just in clients but the protocol too. There is no true multi-device support, no persistent groups, no "offline messaging" (some might call that a feature though) and these are artefacts of the protocol design.
3. Re:Secure Skype Replacement? by SuricouRaven · 2015-06-21 00:15 · Score: 2
  
  I use OTR or Retroshare for text-only IM and messaging, but neither does voice - it's been a 'coming soon' feature on Retroshare for a very long time.
4. Re: Secure Skype Replacement? by Anonymous Coward · 2015-06-21 00:27 · Score: 2, Interesting
  
  Look, I'll put it in very simple and very straightforward terms: there is no secure communications anymore if you intend "secure from the government". There is none, and there will be none. Because the moment someone develops it, they get a visit from law enforcement who will tell them in no uncertain terms to keep a backdoor open for them or else... No elses, really. You have to comply. And you will. So get over it, there is and there will never be anything secure from the government.
5. Re:Secure Skype Replacement? by Anonymous Coward · 2015-06-21 02:27 · Score: 1
  
  We have learned something important today. Anonymous Coward's name is Shawn. My name is Shawn?
6. Re: Secure Skype Replacement? by Anonymous Coward · 2015-06-21 04:10 · Score: 3, Insightful
  
  That argument only works if you are a "person of interest". For 99.9999% of people, the point is to avoid mass surveillance, not targeted surveillance. Yes, if the government targets YOU, you are fucked. But that is not the threat model that applies to almost everyone, and it remains highly useful to frustrated the mass surveillance state.
7. Re: Secure Skype Replacement? by Anonymous Coward · 2015-06-21 04:23 · Score: 1
  
  You are a gov't shill trying to discourage secure computing!
  The RSA algorithm (use wikipedia if you don't know it) is so simple a grade-schooler can understand it. And it is 100% not possible for a government to insert any kind of back door.
  If you think that "the government" magically knows every time someone raises a number to an exponent, and does a modulo, then you really need a thicker tinfoil hat, the radiation has been impacting your wetware.
8. Re: Secure Skype Replacement? by Steve+B · 2015-06-21 06:41 · Score: 2
  
  That's the whole point of making good communication security as close to universal as possible.
  
  --
  /. If the government wants us to respect the law, it should set a better example.
9. Re:Secure Skype Replacement? by TheRealLifeboy · 2015-06-22 06:36 · Score: 2
  
  Tox & Venom
10. Re:Secure Skype Replacement? by fibbooo · 2015-06-22 09:08 · Score: 2
  
  Am I missing something, or are you all meaning `Telegram' when writing `Telegraph'? (I understand they use some self-created cryptography (security-wise not the best idea).)
  
  NaCl is also used by Threema (my messenger of choice), btw.
Re:Really? by Anonymous Coward · 2015-06-20 23:44 · Score: 2, Funny

Encryption causes heart disease and high cholesterol.
"PGP has double the adoption rate...." by Anonymous Coward · 2015-06-21 00:14 · Score: 2, Insightful

Sadly, it could have 10 times the adoption rate, and to an excellent approximation, it would still be true that nobody uses it.
Slashdot's privacy tools are terrible by turp182 · 2015-06-21 00:15 · Score: 2

I don't want to live in a world where terrible user experience is an effective weapon to keep information private!

--
BlameBillCosby.com
DNS Record public encryption key by ealbers · 2015-06-21 00:19 · Score: 2

I don't know why we don't change the DNS records to include a public key for every record.
Then every site would be able to add a public key for everyone to communicate with it.
Just add it to the existing zone record response
1. Re:DNS Record public encryption key by lesincompetent · 2015-06-21 00:20 · Score: 1
  
  TXT record perhaps?
2. Re:DNS Record public encryption key by Anonymous Coward · 2015-06-21 00:25 · Score: 3, Interesting
  
  Because that would create an obvious way to poison the DNS records so that a site would become unreachable. something very easy for a government to do. It would make everything in China and Russia immediately lower to their knees. It would eventually happen in other places but would just take longer.
3. Re:DNS Record public encryption key by fisted · 2015-06-21 01:08 · Score: 1
  
  Good point.
  
  --
  CLI paste? paste.pr0.tips!
4. Re:DNS Record public encryption key by ealbers · 2015-06-21 01:49 · Score: 1
  
  DNS records can already be 'poisioned'....they just remove the record...boom, no more site.
5. Re:DNS Record public encryption key by WuphonsReach · 2015-06-21 10:32 · Score: 2
  
  That requires DNSSEC and DANE to be effective. There's momentum for both, but neither will hit mainstream until Google's Chrome forces it.
  
  Ultimately, I expect a mix of pinned-certificates, DNSSEC/DANE, and cloud-based reputation for certificates (is everyone else seeing the same certificate?).
  
  Key management is hard -- really hard. It's the weak link of modern encryption.
  
  --
  Wolde you bothe eate your cake, and have your cake?
Bingo: Good point & Kaminsky flaw too... apk by Anonymous Coward · 2015-06-21 02:22 · Score: 1

See here: A remedy that's more efficient & faster than remote DNS http://it.slashdot.org/comment...
* Using something you have NATIVELY already no less... & that actually COMPLIMENTS DNS nicely too!
APK
P.S.=> To quote Howard Stark from the film "Captain America"? Hosts = Capt. America's vibranium shield, DNS = steel (that's NOT 'stainless'):
"It's stronger than steel & 1/3rd the weight" - Howard Stark
As well as something less complex & prone to breakdown (DNS does go down, a LOT) + exploit, & more efficient by using something you ALREADY natively have locally that eats less electrical power + has less "moving parts" complexity... apk
I see nothing by houghi · 2015-06-21 02:42 · Score: 3, Interesting

I believe that something serious is being done as soon as I start seeing gpg signatures in emails. To me that is the first step. Not so much the encoding and that nobody can read it, but that I am sure that the mail from my bank is from my bank.
Because not only will that show me that they are doing something about it. It will show me that they are serious. It will also show others and will make other people start using it.
That way I can send an email from my address, sign it and it will be offcial. There are obviously several ways of doing this.

--
Don't fight for your country, if your country does not fight for you.
1. Re:I see nothing by Bert64 · 2015-06-21 18:07 · Score: 1
  
  Some banks already sign their mails, albeit with s/mime instead of pgp... PGP requires a plugin for most mail clients, while s/mime is usually supported by default.
  I work in security, and always sign my emails... The majority of our clients simply ignore the signature and have no idea what it is.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Government Obstructionism by Greyfox · 2015-06-21 03:24 · Score: 2

We're, what, abut four decades on now and you can't even get a mail client with the tools integrated out of the box. The laws on the books effectively prevent it. Until that changes, the'll be no progress made on that front. Maybe in this climate, a few candidates running on a pro-privacy platform would be viable, but I doubt it'd get enough traction to make a difference.
While we're on the subject though, what the fuck is up with mail client interfaces getting worse and worse? The UNIX text-based clients provide far better interfaces than any graphical client I've ever used, and they're currently falling into disrepair. Hell, I don't think anyone's actually touched the VM code in about half a decade, and it has the best threading and thread-handling options I've ever seen in any mail client. Kill-by-thread from any message in the thread makes keeping those useless IT notifications from the company a snap. It also had pretty decent integration with GPG, even if you did have to add it in yourself. Paired with the MIT remembrance agent, it did a great job of reminding you what you did to fix a problem six months ago when the exact same problem cropped up. I've never seen functionality like that in any other mail client.

--
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The vast majority still don't care by caseih · 2015-06-21 03:54 · Score: 1

Since the vast majority of people don't know or care and have done nothing different, we can only assume that those people that are adopting strong encryption tools must be terrorists. Because no one else would need to use weapons-grade encryption.
1. Re:The vast majority still don't care by dcollins117 · 2015-06-21 05:08 · Score: 3, Interesting
  
  Because no one else would need to use weapons-grade encryption.
  True, I don't need to use encryption everywhere, but I do just because I can. It amuses me that if anyone wants to snoop on my communications that they see the digital equivalent of an upraised middle finger, and not my plaintext.
  I also enjoy the fantasy of someone spending an inordinate amount of resources to decrypt my emails only to discover that all I'm doing is sending LOLcat photos to my friends.
2. Re:The vast majority still don't care by bigfinger76 · 2015-06-21 05:35 · Score: 1
  
  Are you enjoying the breeze?
Veracrypt by mschaffer · 2015-06-21 05:03 · Score: 1

https://veracrypt.codeplex.com...
1. Re:Veracrypt by MyFirstNameIsPaul · 2015-06-21 05:40 · Score: 3, Interesting
  
  Schneier has some interesting points in this blog post.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
Yeah, but... by Megol · 2015-06-21 11:47 · Score: 1

"126 Years After Adolf Hitler's Birth, Encryption Tools Are Gaining Users" is also true.
Odd Questions About TrueCrypt by Frosty+Piss · 2015-06-21 13:54 · Score: 1

I wonder... Schneier says:

Then, I used TrueCrypt. I used it because it was open source. But the anonymous developers weirdly abdicated in 2014 when Microsoft released Windows 8.
Is there a relationship between the release of Windows 8 and the abandonment of TrueCrypt? Is there a bug / back door / some other issue between Windows 8 and TrueCrypt? Do the developers for TrueCrypt now work in Redmond?

--
If you want news from today, you have to come back tomorrow.
For beginners... by robot5x · 2015-06-21 18:12 · Score: 2

I'd like to send a link to my friends introducing them to some encryption tools that they can readily use, and maybe some good write up on why its important - any tips? thanks.

--
Hej! Nasi tu byli!
1. Re:For beginners... by lott11 · 2015-06-22 17:29 · Score: 1
  
  just go here http://www.fsf.org/search?Sear... hope this helps.
Re:Really? by TheRealLifeboy · 2015-06-22 06:35 · Score: 1

So encryption = margarine? ;-P
Re:jitsi Re:Secure Skype Replacement? by jtgd · 2015-06-23 15:51 · Score: 1

... Jabber/XMPP (and hence Facebook and Google Talk)...
Google Talk hasn't been XMPP for years.

--
J