How WhatsApp's client-side E2EE, user-held backup keys, and past reverse engineering undercut claims in a class action lawsuit that Meta can read user chats
It's not every day that we see mainstream media get excited about encryption apps! For that reason, the past several days have been fascinating …
An analysis of X's new XChat features shows that X can probably decrypt any user's messages, as the company stores its users' private keys on its own servers
Update 6/10: Based on a short conversation with an engineering lead at X, some of the devices used at X are claimed to be using HSMs.
Sen. Ron Wyden and Rep. Andy Biggs write to National Intelligence Director Tulsi Gabbard asking her to demand the UK retract its back door request to Apple
Letter urges new intelligence chief Tulsi Gabbard to take resolute action to stymie a top ally's controversial and confidential order.
A close look at some privacy implications of AI interfacing with messaging apps and other E2EE systems, Apple's approach to “Private Cloud Compute”, and more
Recently I came across a fantastic new paper by a group of NYU and Cornell researchers entitled “How to think about end-to-end encryption and AI.”
A look at Telegram's claims that it is a “secure messenger” despite lacking default end-to-end encrypted messages and any E2E encrypted option for group chats
This blog is reserved for more serious things, and ordinarily I wouldn't spend time on questions like the above.
Security researchers say they warned Apple as early as 2019 about AirDrop vulnerabilities that Chinese authorities claim they recently used to identify users
A look at Worldcoin from a privacy-skeptical point of view, including likely risks and how the project doesn't link users' transaction data with its ID database
Matthew Green / A Few Thoughts on Cryptographic Engineering :
A defense of blockchains and crypto as they take on the money-transfer and payments industries, the economics of which computer networking has yet to transform
A defense of blockchains and crypto, as they go through growing pains in a bid to transform the US payments industry, which has been stagnant for decades
Matthew Green / A Few Thoughts on Cryptographic Engineering : Tweets: @matthew_d_green , @nikitabier , @rjcc , @mattdesl , @mmasnick , and @zornsllama Tweets: Matthew Green / @matthew_d_green : I wro...
Apple and Google can do more to screw up the economics of NSO-style mass exploitation, and should be pressured to do so
This week a group of global newspapers is running a series of articles detailing abuses of NSO Group's Pegasus spyware. If you haven't seen any of these articles …
Google can help remove a strong incentive for criminals to steal and leak emails by rotating and publishing DKIM keys, which provide proof of an email's origin
The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Tweets: @matthew_d_green , @erincandesc...
Zoom apologizes for routing some calls made in N. America through China, says it “mistakenly” allowed Chinese data centers to accept calls due to traffic spike
Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China …
Safari on iOS, which only used Google Safe Browsing for malicious site warnings earlier, now says it may also use Tencent Safe Browsing, which can log IPs
This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion …
Snowden's revelations exposed the breadth and scale of NSA's surveillance and likely contributed to the NSA losing a significant portion of its capabilities
Edward Snowden recently released his memoirs. In some parts of the Internet, this has rekindled an ancient debate: namely, was it all worth it? Tweets: @shashj Tweets: Shashank Joshi / @shashj : “The...
Apple details the cryptography behind its upcoming Find My feature, which works so that even Apple cannot track device locations
WHEN APPLE EXECUTIVE Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday …
Thoughts on why Chrome 69's forced login behavior is so bad: when Google silently changes its biggest user-facing privacy option, it risks burning users' trust
Here's What to Do About It Ben Schoon / 9to5Google : Google Chrome 69 doesn't automatically track your history when you log in to Google services Andrii Degeler / Engadget : Google is quietly logging ...
Cryptographer's doubts about Ozzie's CLEAR key-escrow system: securing private keys at OEMs and disabling a phone once law enforcement accesses it are hard
It Makes It Worse Robert Graham / Errata Security : No, Ray Ozzie hasn't solved crypto backdoors Zack Whittaker / ZDNet : Experts rip Ray Ozzie's plan for unlocking encrypted phones Department of Comp...
Cryptographer's doubts about Ozzie's CLEAR key-escrow system: securing private keys at OEMs and disabling a phone once law enforcement accesses it are hard
Yesterday I happened upon a Wired piece by Steven Levy that covers Ray Ozzie's proposal for “CLEAR”.
Experts dispute WhatsApp's “end-to-end encryption” claim, saying confidentiality of group chat could be broken if servers were compromised
but Facebook says it's not a problem Swapna Krishna / Engadget : Whatsapp servers can be compromised to add people to private groups Sidney Fussell / Gizmodo : WhatsApp Security Design Could Let an In...
How KRACK made it past scrutiny of researchers: IEEE's standards specs are hard to access and handshake and encryption protocols were vetted separately
The big news in crypto today is the KRACK attack on WPA2 protected WiFi networks. Discovered by Mathy Vanhoef and Frank Piessens at KU Leuven …