Search
Content type: Examples
Zoom said it would deliver end-to-end encryption as one of a number of security enhancements to its service, but it will only be available to enterprise and business customers whose identity they can verify and not on the free service. The company says it wants to be able to work with law enforcement in case people use Zoom for a "bad purpose". None of Zoom's competitors offer end-to-end encryption.
Source: CNBC
Writer: Jordan Novet
Content type: Examples
The controversial Israeli spyware company NSO Group's US arm, Westbridge, has been trying to pitch its phone hacking software to US law enforcement agencies such as the San Diego Police Department, particularly a tool called "Phantom", which the complany claims can overcome encryption, track geolocation, withstand a factory reset, monitor apps and voice and VOIP calls, and collect passwords.
Writer: Joseph Cox
Publication: Vice
Content type: Advocacy
Privacy International responded to the call for submissions of the Working Group on the use of mercenaries as a means of violating human rights and impeding the exercise of the rights of peoples to self-determination on role of private military and security companies in immigration and border management and the impact on the protection of the rights of all migrants.
This submission builds on PI’s research and reporting highlighting examples of the involvement of private companies in…
Content type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content type: Impact Case Study
What HappenedOn 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the NSA…
Content type: News & Analysis
We found the above image here.
Background
Email is hard to secure. For years we've been trying to build security on top of email, such as through technologies like Pretty Good Privacy (PGP) and the open source implementation: GnuPG (GPG).
What happened
In the past 48 hours, there have been very scary looking reports recommending people switch off PGP in their email clients.
The TL;DR version of this post is:
PGP is not broken by this attack
You absolutely should not stop…
Content type: Impact Case Study
What is the problem
Business models of lots of companies is based on data exploitation. Big Tech companies such Google, Amazon, Facebook; data brokers; online services; apps and many others collect, use and share huge amounts of data about us, frequently without our explicit consent of knowledge. Using implicit attributes of low-cost devices, their ‘free’ services or apps and other sources, they create unmatched tracking and targeting capabilities which are being used against us.
Why it is…
Content type: Impact Case Study
What happenedGovernments continuously seek to expand their communications surveillance powers. In the 1990s it was in the context of applying telephone surveillance laws to the internet. In the 2000s a spate of new laws arrived in response to 9/11. Expansions were then sought to monitor over-the-top services within the framing of Web 2.0. Then in the post-Snowden environment Governments rushed to legislate their previously secret powers.What we didWe supported…