Being a good journalist means learning how to keep a secret

THE ROLE OF JOURNALISTS is to make information public. The irony is that in order to do so, they need to keep lots of things secrets.

They do that in all sorts of ways. Sometimes journalists promise anonymity in order to get officials to divulge what they’re not supposed to reveal. Sometimes they cloak the exchange of sensitive documents. Sometimes they conceal the nature of their stories so that governments can’t censor their work preemptively.

What news organizations don’t worry enough about is keeping the identity of their readers secret. In an era when electronic spycraft is rampant, people who go to a website looking for news can unwittingly endanger themselves just by clicking on a story or video. Governments that know who is accessing specific information can intrude in a variety of ways—by blocking or censoring the story or by targeting individuals who access prohibited information for harassment or even legal action.

As elemental as it is to keep Web-based communication secure, it’s been a largely overlooked subject by many news outlets. That’s beginning to change, thanks to aggressive efforts by advocacy groups to strengthen and reinfforce safety barriers around the Web.

Read more at CJR for story by CPJ director Joel Simon.

Image:  Edgard Garrido

2

The PGP Word List (“Pretty Good Privacy word list”, also called a biometric word list) is a list of words for conveying data bytes in a clear unambiguous way via a voice channel. They are analogous in purpose to the NATO phonetic alphabet used by pilots, except a longer list of words is used, each word corresponding to one of the 256 unique numeric byte values.

Each byte in a bytestring is encoded as a single word. A sequence of bytes is rendered in network byte order, from left to right. For example, the leftmost (i.e. byte 0) is considered “even” and is encoded using the PGP Even Word table. The next byte to the right (i.e. byte 1) is considered “odd” and is encoded using the PGP Odd Word table. This process repeats until all bytes are encoded. Thus, “E582” produces “topmost Istanbul”, whereas “82E5” produces “miser travesty”.

A PGP public key fingerprint that displayed in hexadecimal as

    E582 94F2 E9A2 2748 6E8B
    061B 31CC 528F D7FA 3F19

would display in PGP Words (the “biometric” fingerprint) as

    topmost Istanbul Pluto vagabond
    treadmill Pacific brackish dictator
    goldfish Medusa afflict bravado
    chatter revolver Dupont midsummer
    stopwatch whimsical cowbell bottomless

The order of bytes in a bytestring depends on Endianness.

Encryption software that makes it hard to spy on what people do and say online is “essential” for free speech, says a United Nations report.
Without anonymising tools, many people will find it far harder to express opinions without censure, it says.
Any attempt to weaken encryption software will only curb this ability, it warns.
youtube

The Man Behind An Encrypted Network That Will Take Down Facebook

In this video Luke Rudkowski talks to the CEO and one of many people behind minds.com a new opensource encyrpted social network that many are saying will destroy facebook. The new social network took off and gained popularity when anonymous groups started to endorse it and not many people are signing up.

reason.com
Giving Government 'Backdoor' Access to Encrypted Data Threatens Personal Privacy and National Security
The War on Terror is providing plenty of rhetorical ammunition to anti encryption officials but they are dangerously wrong.

The “Crypto Wars” are here again, which means federal officials are doing all they can to limit the technological tools that keep our personal data secure. President Obama and leaders from the National Security Agency (NSA), FBI, and Department of Homeland Security (DHS) have been pressuring the technology community to build “backdoors” that allow government access to encrypted data.

The War on Terror provides plenty of rhetorical ammunition to these anti-encryption officials, who seem to believe that purposefully sabotaging our strongest defenses against “cyberterrorists” is an effective way to promote national security. But they are dangerously wrong, as recent revelations of decades-old security vulnerabilitiesimposed by encryption restrictions make all too clear.

Encryption allows people to securely send data that can only be accessed by verified parties. Mathematical techniques convert the content of a message into a scrambled jumble, called a ciphertext, which looks like nonsense in electronic transit until it is decoded by the intended recipient. Simple ciphers have been used to secure communications since the days of the Egyptian Old Kingdom, when a particularly devoted scribe took to fancying up the tomb of Khnumhotep II with cryptic funeral prose. Our own Thomas Jefferson regularly used ciphers in communications with James Madison, John Adams, and James Monroe to “keep matters merely personal to ourselves.” …

Encrypt everything, including guacamole recipes.
— 

Making a case for encryption, from guacamole recipes to top-secret documents | IJNet

All journalists, whether they work in conflict zones, investigate corruption or cover local politics, need to learn how to encrypt their digital voice and text communications. Media adversaries, whether governments, criminal organizations, corrupt officials or companies, can now easily hack journalists’ communications, learn sources’ identities, obstruct sensitive investigations and even destroy or alter electronic documents.

Caitlyn Jenner's moving ESPY speech, TLC officially cancels the Duggars, mystery surrounds death of Sandra Bland
  • Caitlyn Jenner's moving ESPY speech, TLC officially cancels the Duggars, mystery surrounds death of Sandra Bland
  • Citizen Radio
Play

Caitlyn Jenner’s moving ESPY Arthur Ashe Award for Courage speech, TLC officially cancels the Duggars, federal officials want access to encrypted emails and texts on private devices, Andy Cohen calls Amandla Stenberg “Jackhole of the day” for rightly criticizing Kylie Jenner’s cornrows, mystery surrounds death of Sandra Bland, a young black woman, in Texas jail, more Maniac Mail, and does saving an animal’s life make you a good Samaritan or a terrorist?

Reminder: Jamie has gigs this week TONIGHT Burlington 7/17 and TOMORROW New Hampshire 7/18!

New Miscreants and higher will receive a personalized copy of #NEWSFAIL! Sign up at wearecitizenradio.com

Remember to donate your Twitter account to Citizen Radio! It’s a free way to support the show.

Order #NEWSFAIL: all about our shitty media and how alternative media will save us all and give us a nice review on Amazon!

Citizen Radio is a member-supported show. Visit wearecitizenradio.com to sign up and support media that won’t lead you to war, and keep CR growing!

firstlook.org
FBI's Comey Defies Scientists on Encryption, Prefers Magic Back Door
Comey refused to accept the nearly universal agreement among technologists that there is no way to give the government access to encrypted communications without risking national security.

“How does his head not explode from cognitive dissonance when he repeats he has no tech expertise, then insists everyone who does is wrong?”

Hacking Team Leaks Reveal Spyware Industry’s Growth, Negligence of Human Rights

This week’s document leak from ‪Hacking Team‬ shed light on the human rights implications of the global private surveillance industry. Hacking Team’s clients include a number of regimes known for violating the human rights of their citizens: Azerbaijan, Bahrain, Egypt, Ethiopia, Russia, Saudi Arabia, and Vietnam. Reporters sans frontières/Reporters Without Borders (RSF) previously identified Hacking Team as one of its “Corporate Enemies of the Internet” in 2013.

theregister.co.uk
'Just follow the damn Constitution!' FBI, DoJ skewered over demands for crypto backdoors
Apple, Google encryption is giving the people what they want, say politicians

“Why do you think Apple and Google are doing this? It’s because the public is demanding it. A public does not want an out-of-control surveillance state,” Lieu said.

“Apple and Google don’t have coercive power. District attorneys do, the FBI does, the NSA does, and to me it’s very simple to draw a privacy balance when it comes to law enforcement and privacy: just follow the damn Constitution. And because the NSA didn’t do that and other law enforcement agencies didn’t do that, you’re seeing a vast public reaction to this.”

Microsoft’s search engine Bing has announced that it will encrypt all of its search traffic by default this summer. Bing had already offered optional encryption, but soon it will be a default for everyone.

This levels up Bing to match the security standards of the other big search giants like Google and Yahoo, and the added encryption also makes Bing a worthy search engine competitor. Google first made all search encrypted by default in 2013. Yahoo did so in 2014.

—  While this encryption move may seem like a tiny piece of news, it indicates a new shift toward better privacy standards. With Microsoft joining the ranks of Google and Yahoo in terms of security standards, this marks the first time the top three search engines provide privacy by default, making it much more difficult for external snoopers to know what people are searching for.
thehackernews.com
Astoria — Advanced Tor Client Designed to Avoid NSA Attacks

“Tor (The Onion Router) is the most popular anonymity network that is intended to allow a user to browse the Internet anonymously via a volunteer network of more than 6000 relays/nodes.

The encrypted traffic of a user is being routed through multiple relays in the network. The user-relay connection is known as a circuit.

Tor does not share your identifying information like your IP address and physical location with websites or service providers on the receiving end because they don’t know who is visiting.


However, Tor isn’t as safe from the prying eyes of network level attackers as we once thought. Big spying agencies like the United States intelligence agency NSA and the British Government Communications Headquarters GCHQ has have developed a way to de-anonymize user data using "timing attacks.”

In timing attacks, all an attacker need to do is take control of both the exit and the entry relays, then with the help of statistical analysis they can discover the identity of a Tor user in a matter of minutes.

A research shows that about 58 percent of Tor circuits are vulnerable to network-level attacks. However, to deal with the threats, the researchers have built new Tor client, Astoria.


Tor Astoria allows users to reduce the chance of using a malicious TOR circuit from 58 percent to 5.8 percent. The tool has been designed to beat even the most recently proposed asymmetric correlation attacks on Tor.

According to the researchers, timing attack will always be a threat to the Tor environment, and it would be impossible to completely eliminate this threat, but it could be minimized by using Astoria Tor client.

Tor Astoria uses an algorithm which is designed to more accurately predict attacks and then accordingly chooses the best and secure route to make a connection that mitigate timing attack opportunities.

“In addition to providing high-levels of security against [timing] attacks, Astoria also has performance that is within a reasonable distance from the current available Tor client,” the researchers wrote.

“Unlike other AS-aware [autonomous system aware] Tor clients, Astoria also considers how circuits should be built in the worst case,” when no safe relays are available. “Further, Astoria is a good network citizen and works to ensure that all the circuits created by it are load-balanced across the volunteer-driven Tor network.”

In an attempt to make Tor even more usable for an average user, Astoria provides multiple security features and the Tor client is both most effective and most usable at its highest level of safety, Daily Dot reports.

Therefore, “Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority,” the researchers say.“