Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Communications Privacy Software

Two Years After Snowden Leaks, Encryption Tools Are Gaining Users 69

Patrick O'Neill writes: It's not just DuckDuckGo — since the first Snowden articles were published in June 2013, the global public has increasingly adopted privacy tools that use technology like strong encryption to protect themselves from eavesdroppers as they surf the Web and use their phones. The Tor network has doubled in size, Tails has tripled in users, PGP has double the daily adoption rate, Off The Record messaging is more popular than ever before, and SecureDrop is used in some of the world's top newsrooms.
This discussion has been archived. No new comments can be posted.

Two Years After Snowden Leaks, Encryption Tools Are Gaining Users

Comments Filter:
  • TrueCrypt (Score:4, Interesting)

    by Anonymous Coward on Sunday June 21, 2015 @06:24AM (#49955621)

    ....and not a word about TrueCrypt? is there any commonly used alternative or people just don't care?

  • Can anyone recommend a secure Skype replacement? I've been using Telegraph for real time chat, which has a great mobile experience, but only one of my friends has transitioned to it, everyone else is still all over WhatsApp. Telegraph also doesn't do video data.

    I saw Snowdon talk last week and whilst he didn't say anything that hadn't already been said and printed, his passion has definitely motivated me to take a bit more personal responsibility.

    Several of my IRC channels have now also moved to Slack, whic

    • by Hadlock ( 143607 )

      In theory you could run a mumble server on a private VPS. When I did it I used a VPS of the most minimal specs I could purchase at the time (1cpu, 1GB ram, linux) for about $7/month. I ran a mumble server for a community of about 3000 users for a couple of years and we would have 200 concurrent users with no latency issues. Voice and chat go over TLS. Mumble does not offer video chat however.

    • Re: (Score:2, Interesting)

      by Anonymous Coward
      Telegraph is already being targeted by LE, some users in UK and AU using it for terrorism related purposes had their messages found. It was probably just poor opsec but Telegraph has had some serious problems before and that was with them using very industry standard methodology when it comes to encryption, they also have an over reliance on Qt from what I've seen in their code. I recommend Tox and it's associated clients, the clients are rubbish UI-wise (Unless you like CLI/ncurses with Toxic) but tox-core
      • Am I missing something, or are you all meaning `Telegram' when writing `Telegraph'? (I understand they use some self-created cryptography (security-wise not the best idea).)

        NaCl is also used by Threema (my messenger of choice), btw.
    • I use OTR or Retroshare for text-only IM and messaging, but neither does voice - it's been a 'coming soon' feature on Retroshare for a very long time.

    • by Anonymous Coward

      Look, I'll put it in very simple and very straightforward terms: there is no secure communications anymore if you intend "secure from the government". There is none, and there will be none. Because the moment someone develops it, they get a visit from law enforcement who will tell them in no uncertain terms to keep a backdoor open for them or else... No elses, really. You have to comply. And you will. So get over it, there is and there will never be anything secure from the government.

      • by Anonymous Coward

        You are a gov't shill trying to discourage secure computing!

        The RSA algorithm (use wikipedia if you don't know it) is so simple a grade-schooler can understand it. And it is 100% not possible for a government to insert any kind of back door.

        If you think that "the government" magically knows every time someone raises a number to an exponent, and does a modulo, then you really need a thicker tinfoil hat, the radiation has been impacting your wetware.

    • Tox & Venom
  • by Anonymous Coward

    Sadly, it could have 10 times the adoption rate, and to an excellent approximation, it would still be true that nobody uses it.

  • by turp182 ( 1020263 ) on Sunday June 21, 2015 @07:15AM (#49955759) Journal

    I don't want to live in a world where terrible user experience is an effective weapon to keep information private!

  • I don't know why we don't change the DNS records to include a public key for every record.
    Then every site would be able to add a public key for everyone to communicate with it.
    Just add it to the existing zone record response

    • TXT record perhaps?
    • Re: (Score:3, Interesting)

      by Anonymous Coward
      Because that would create an obvious way to poison the DNS records so that a site would become unreachable. something very easy for a government to do. It would make everything in China and Russia immediately lower to their knees. It would eventually happen in other places but would just take longer.
      • by fisted ( 2295862 )

        Good point.

      • by ealbers ( 553702 )

        DNS records can already be 'poisioned'....they just remove the record...boom, no more site.

        • See here: A remedy that's more efficient & faster than remote DNS http://it.slashdot.org/comment... [slashdot.org]

          * Using something you have NATIVELY already no less... & that actually COMPLIMENTS DNS nicely too!

          APK

          P.S.=> To quote Howard Stark from the film "Captain America"? Hosts = Capt. America's vibranium shield, DNS = steel (that's NOT 'stainless'):

          "It's stronger than steel & 1/3rd the weight" - Howard Stark

          As well as something less complex & prone to breakdown (DNS does go down, a LOT) + exploit,

    • That requires DNSSEC and DANE to be effective. There's momentum for both, but neither will hit mainstream until Google's Chrome forces it.

      Ultimately, I expect a mix of pinned-certificates, DNSSEC/DANE, and cloud-based reputation for certificates (is everyone else seeing the same certificate?).

      Key management is hard -- really hard. It's the weak link of modern encryption.
  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Sunday June 21, 2015 @09:42AM (#49956211)
    Comment removed based on user account deletion
    • by Bert64 ( 520050 )

      Some banks already sign their mails, albeit with s/mime instead of pgp... PGP requires a plugin for most mail clients, while s/mime is usually supported by default.
      I work in security, and always sign my emails... The majority of our clients simply ignore the signature and have no idea what it is.

  • by Greyfox ( 87712 ) on Sunday June 21, 2015 @10:24AM (#49956395) Homepage Journal
    We're, what, abut four decades on now and you can't even get a mail client with the tools integrated out of the box. The laws on the books effectively prevent it. Until that changes, the'll be no progress made on that front. Maybe in this climate, a few candidates running on a pro-privacy platform would be viable, but I doubt it'd get enough traction to make a difference.

    While we're on the subject though, what the fuck is up with mail client interfaces getting worse and worse? The UNIX text-based clients provide far better interfaces than any graphical client I've ever used, and they're currently falling into disrepair. Hell, I don't think anyone's actually touched the VM code in about half a decade, and it has the best threading and thread-handling options I've ever seen in any mail client. Kill-by-thread from any message in the thread makes keeping those useless IT notifications from the company a snap. It also had pretty decent integration with GPG, even if you did have to add it in yourself. Paired with the MIT remembrance agent, it did a great job of reminding you what you did to fix a problem six months ago when the exact same problem cropped up. I've never seen functionality like that in any other mail client.

  • Since the vast majority of people don't know or care and have done nothing different, we can only assume that those people that are adopting strong encryption tools must be terrorists. Because no one else would need to use weapons-grade encryption.

    • by dcollins117 ( 1267462 ) on Sunday June 21, 2015 @12:08PM (#49956963)

      Because no one else would need to use weapons-grade encryption.

      True, I don't need to use encryption everywhere, but I do just because I can. It amuses me that if anyone wants to snoop on my communications that they see the digital equivalent of an upraised middle finger, and not my plaintext.

      I also enjoy the fantasy of someone spending an inordinate amount of resources to decrypt my emails only to discover that all I'm doing is sending LOLcat photos to my friends.

  • "126 Years After Adolf Hitler's Birth, Encryption Tools Are Gaining Users" is also true.

  • by robot5x ( 1035276 ) on Monday June 22, 2015 @01:12AM (#49960005)
    I'd like to send a link to my friends introducing them to some encryption tools that they can readily use, and maybe some good write up on why its important - any tips? thanks.

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...