Project Meshnet looks to evolve internet into encrypted decentralized network

Our objective is to create a versatile, decentralized network built on secure protocols for routing traffic over private mesh or public internetworks independent of a central supporting infrastructure.

Recent events around the world have demonstrated the importance of the free flow of information in regards to human rights and the free exercise thereof. Unfortunately, existing infrastructure is susceptible to a number of critical flaws that render it vulnerable to disruption. This project hopes to supplement the current infrastructure to create a secure, independent network that can operate under any condition including natural disaster or general failure of existing infrastructure.


Modern cryptosystems rely on “keys” as the secret way of coding or decoding information on which trust is built. “Symmetric encryption” relies on sharing the same key with other trusted parties. I encrypt data with the same key that you use to decrypt it. It is like us both sharing the same key for a bank lockbox.

But what if we have never met each other? How will we exchange these secret keys securely? “Asymmetric cryptography” solves this problem. The idea is to separate a secret key into a public key, which is shared with everyone, and a private key that remains secret. The two keys are generated such that something that is encrypted with a public key is decrypted with the corresponding private key, and vice versa. This figure illustrates how public cryptology works to protect both the confidentiality and the integrity of a message.

From P.W. Singer and Allan Friedman’s Cybersecurity and Cyberwar: What Everyone Needs to Know.

Image credit: P.W. Singer, Allan Friedman, and Jordan Clayton. Used with permission. 

Status Update: Encryption at Yahoo

By Alex Stamos, Chief Information Security Officer

When I joined Yahoo four weeks ago, we were in the middle of a massive project to protect our users and their data through the deployment of encryption technologies as we discussed in our November 2013 Tumblr.

So today, we’re updating you on our progress:

  • Traffic moving between Yahoo data centers is fully encrypted as of March 31.

  • In January, we made Yahoo Mail more secure by making browsing over HTTPS the default. In the last month, we enabled encryption of mail between our servers and other mail providers that support the SMTPTLS standard.

  • The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default.

  • We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard.

  • Users can initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo ( by typing “https” before the site URL in their web browser.

  • A new, encrypted, version of Yahoo Messenger will be deployed in coming months.

Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward. Our goal is to encrypt our entire platform for all users at all time, by default.

One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem.

In addition to moving all of our properties to encryption by default, we will be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months. This isn’t a project where we’ll ever check a box and be “finished.” Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy.

A few weeks ago I made a post about the Tor browser and the importance of taking steps to protect yourself online to insure your privacy is not violated by government spooks or cybercriminals. Tor is a great way of concealing your internet activities from prying eyes. Another great tool that I use is HTTPS everywhere. These are both minimally invasive ways of adding extra layers of security to your internet browsers and online life.

Today, I’ve spent the better half of an hour installing and setting up email encryption on my Macbook. It’s a bit more complex and requires some tech savviness to set up but the step by step instructions were easy enough to follow. For Mac I’m using GPGTools, an open source version of PGP encryption for Mac systems. Windows can us GPG4win and I’m sure there’s a version out there for Linux users. GPGTools is cool because it incorporates encryption tools directly into the Mail app on Mac devices.

The picture above is of my public encryption key. If you ever want to email me encrypted messages you’ll need this key to do so. I’ve made a separate page for this key so you can easily copy and paste this into the Keychain software you’ll use to send me the message:

Encryption works by a combination of a public and private key. I make my public key available to the public, like it’s name suggests, so that individuals can send me encrypted messages. I’ll then use my own secret private key to decrypt the message. This insures that only the author and recipient of the message will be able to view the contents.

Encryption isn’t just something for paranoid antigovernment extremists. If you ever need to send files pertaining to banking activities, medical history, anything pertaining to your identity like your SSN and more should be encrypted. It also has the added of bonus of being nearly impossible for NSA and other government snoops to read your messages.

For years, quantum physics, and its computational component quantum computing, were the stuff scientists’ dreams were made of. Quantum mechanics, the study of all the spooky indefinite properties of subatomic particles, is more than theoretical of course; Scientists can observe and measure these properties. But the real-world applications for this research wasn’t always obvious. While quantum mechanics has revolutionized the field of computational chemistry, the commercial promise of, say, super-fast quantum computers has yet to be realized and may not be for decades.

Grow the fuck up and have some respect. via /r/offmychest

Grow the fuck up and have some respect.

The nudes need to stop. And its not going to come from the admins or mods, its gotta come from the redditors. What reddit is showing now is it’s terrible side. A bunch of 25 year old girls will not be able to sleep tonight, crying, knowing that their most private images are now in the hands of every teenager on the internet. They already have no privacy as it is, their lives are constantly under surveillance from paparazzi. Now, nothing except their daily routine is private. Their most personal images are now everywhere- imagine the lack of security they feel right now? Imagine how painful it must have been to see what happened to something that was so personal to you? And what does reddit, the place where people who can’t feed themselves are ordered pizza, the place where the President of the United States answered our questions, the place that makes the news monthly for the amazing acts of kindness, go and do? They spread these images, they help them spread like wildfire. They make the problem worse. Jennifer Lawrence, a woman whom many redditors are extremely fond of, now has her privacy being destroyed again and again. Instead of acting like horny 12 year olds who are seeing their first naked woman, why don’t we respect these girls fucking privacy, and set an example for the rest of the internet? Granted, these images are never going to be absent from the web, but the initiative needs to start somewhere.

Submitted September 01, 2014 at 05:08PM by theninjallama
via reddit
Meet Briar, an Open Source "WhatsApp" for Activists

Klint Finley


My latest for Wired:

Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.

SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.

When you use messaging services like these, you’re depending on outside companies to properly encrypt your messages, store them safely, and protect them when the authorities come calling. And they may not be up to the task. The only way to ensure your messages are reasonably safe is to encrypt them yourself, using keys that no one has access to–including your messaging service provider. That way, even if hackers bust into your service provider or the authorities hit it with subpoenas, your messages are protected.

Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.

This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.

Full Story: Wired: Take Back Your Privacy With This Open Source WhatsApp

Briar is still in alpha and not ready for use for high-risk scenarios. If you’re looking for something immediately, OffTheRecord and TextSecure are worth considering, but of course nothing is perfectly secure.

This iCloud leak is a molestation of property and privacy. These celebrities are VICTIMS. You do not blame victims. via /r/self

This iCloud leak is a molestation of property and privacy. These celebrities are VICTIMS. You do not blame victims.

Hi. I’m a 22 year old girl who has looked at every single leaked photo/video that has been revealed today, aka the Fappening… And despite my own usual daily desire to masturbate and my secret fetish for some girl on girl action, I did not once feel any desire to touch myself nor did I feel the slightest bit wet after clicking through all the albums.. Yes, even the JLaw ones (and let’s be real, I’d be the first to offer myself up as tribute if she were ever taking volunteers for some hot lesbian hnnnngger games style sex with her).

I looked at them because I was curious at how other female bodies compared to my own (and oh how I lack such bosomly curves). I do admit that I was fascinated because seeing such beauty does that to me, but it was fascination in the I-can’t-stop-watching-this-train-wreck kind of way. And train wrecks are not arousing. It was sad, scary, and made me worry about my own personal safety.

I’m basically around the same age as most of these celebs. They may be fantastically more rich and famous than me but we all grew up in the same era of technology and social media. So, I’ll be honest. Yes, I have (and still do) filmed and photographed some pretty X-rated stuff of myself. Some were teasing, some were supposed to be artistic, and some were just down right kinky. All, however, were meant for the eyes of my boyfriend alone.

The ironic part?

I actually have directly worked with the FBI’s Cyber National Security Computer Intrusion Squad to promote against participating in such risqué behavior.

But why do I still do it?

Well, because in that moment, I think my body is so devastatingly sexy that I’m proud enough to share it with someone I love and trust, who unfortunately cannot be there to celebrate with me in person. So I take photos/videos which gives me a happy and arousing thrill because I know my guy will eventually feel the same way once he opens up the files. Because of the distance and time difference, it won’t happen at the same time, but it will happen and that’s enough for me. Of course, I understand that not all relationships are forever because I’ve done this with three different boyfriends over the course of my life. My first two relationships ended badly enough that I suppose I should have been a bit more careful with my current BF, but we’re in a transatlantic relationship and it’s what gives spice to our separated days. But, hypothetically knocks on wood, IF I ever find myself on a revenge porn website - I’d go ballistic and probably kick the shit out of whichever douchebag ex released something so personal of me.. and I’ll KNOW which one did it based on content alone. But in the end - I’ll (unhappily) deal with the consequences because I had made that gamble. I believed that guy was trustworthy and I knowingly gave something personal of myself away. He shouldn’t have done something so disrespectful/immoral, but I took the chance, it was under my jurisdiction and in the end - I wouldn’t able to call myself a victim.

My point?

I can relate to these celebrities in exactly one way. Jennifer Lawrence, Kate Upton, Jessica Brown Findley, Teresa Palmer - they all have a boyfriend. They’re actresses - they live busy lives. They can’t be with their beloved all the time so they probably took those naked selfie shots for the same reason I did for my guy. We get a kick of thinking we can give the men we love boners even from far away.

The big difference, however?

THEY ARE ACTUALLY VICTIMS. Every celebrity goes through Security 101 with their networks once their careers start shooting off. I know because I worked in a department that trained girls just like them. You don’t open your own mail, you put stickers on your webcams, enable thumbprint Touch ID on your iPhones, create complicated as hell passwords, and cache your computers. None of the celebrities leaked have ever shown themselves to be careless before. Hell, we all like JLaw because she’s clearly a clever one. Awkward, but clever. Those pictures and videos were probably meant for the eyes of their respective boyfriend alone - and those BFs didn’t sell them out to some skeezy tabloid like TMZ… No, some anonymous person or persons invaded their personal privacy and leaked everything to the whole damn internet.

If you’ve never experienced a home burglary before, it’s completely sickening and traumatizing. Here is your personal place that you thought you’ve kept well-protected and safe, but alas now someone has entered your sanctuary, taken all of your precious belongings, and left you with the taunting thought that no matter what precautions you take, you’re not safe. Now think back to all those celebrities you just fapped over in a frenzy. They may be rich and famous, but they are human beings who feel the same exact emotions as you and me. Their whole world was rendered defenseless all in one day in a global manner. Can these girls kick the shit out of the internet? No. They don’t even have a face to get mad at. Do you think these girls will ever be able to forget what happened to them? From now on, they’re just a Google search away from seeing a memory of a terrible theft that they couldn’t do any thing about. One does not simple take back every single photo that’s of you on the Internet. They’re going to have to live with this for the rest of their lives. Let’s talk about Becca Tobin’s leaked Christmas photo, which I’m going to take a bet was taken for her boyfriend as a sort of naughty “present.” Well, did you know Becca’s boyfriend recently died last month?… Yeah. Those two news stories will now pop up for her if she ever Googles her name. Have you ever wondered why rich and famous celebrities commit suicide? Pressure. Unlike your sister or your cousin who chose a passion like medicine or teaching that kept them out of them public’s eye, these girls’ passion of acting put them in front of the world. But just because they’re willing to be on TV doesn’t mean you have the right to invade their personal lives. It’s paradoxical, they’re actually suffering for their passion. They were ready to be actresses, not porn stars. I guess what sickens me the most is that there are people out there who are not only preying on these girls when they’re legitimately helpless, but also PRAYING for more theft, more pictures, more devastation.

Final thoughts

Does anyone really believe a hacker was able to individually pick out the x-rated files of all these A-list celebs amongst the MILLIONS of other people’s photos on the iCloud? Did anyone see Kate Upton’s album? If you haven’t it was filled with shots of countless of random girls in various states of undress. Who are they? How did that hacker have access to those photos as well and why would they be included? How many other pictures and videos of us “nobody girls” will be sold to porn sites or leaked on the internet. I’m pretty sure someone will inevitably say - “Well it was your own fault for taking those photos,” but it’s like laying blame to people who used credit cards during that big Target hack last year and had their bank accounts charged with crazy expenses. You do your best to protect yourself, but there’s apparently always someone out there who can find the crack security system that even the experts couldn’t see. But does that mean you should stop living your lives because nothing is truly safe? NO. You try to move on. You hope that justice will be served. You hope that real life karma happens.

Submitted September 01, 2014 at 12:31PM by la_pluie
via reddit
The cellphone encryption technology used most widely across the world can be easily defeated by the National Security Agency, an internal document shows, giving the agency the means to decode most of the billions of calls and texts that travel over public airwaves every day. While the military and law enforcement agencies long have been able to hack into individual cellphones, the NSA’s capability appears to be far more sweeping because of the agency’s global signals collection operation. The agency’s ability to crack encryption used by the majority of cellphones in the world offers it wide-ranging powers to listen in on private conversations.