Tag Archive for: Privacy

Can We Balance Security And Privacy? Thoughts 10 Years After Snowden

/in


Hi, I’m Matthias, cofounder of Tuta, a secure email service. We are innovation leaders in encrypted communication and collaboration.

More than 10 years have passed since Edward Snowden revealed the worst surveillance scandal of the FBI and the NSA in U.S. history. His revelations sparked a vivid discussion—one that can be looked at with more precision now that the heated debate that started one decade ago has settled: How can we balance the security and privacy requirements of our modern societies?

Snowden brought some of the most intrusive surveillance programs of U.S. authorities to light, the most prominent ones being PRISM, XKeyscore and Boundless Informant. Once the public started to understand how much of their private data they willingly share online is being siphoned off, analyzed and scanned, the question arose whether this form of surveillance is required to keep citizens safe or violate citizens’ privacy rights without measurable benefit.

Balancing Security And Privacy—Is It Possible?

The delicate balance between security imperatives and the fundamental right to privacy must be discussed openly by every society. As an expert in encryption and cybersecurity, I am absolutely certain that the Snowden leaks not only exposed the extent of government surveillance but also underscored the urgent need for strong end-to-end encryption to protect the privacy of citizens and businesses alike. At the same time, encryption must not stand in the way of national security, which is what government authorities often claim it would do, but better ways to protect citizens are possible.

First of all, it’s essential to note that our internet as it exists today would not be possible without strong end-to-end encryption. We use it every day for online banking, sharing sensitive medical information, messaging or communicating via email. Encryption is the only technical measure we have to protect data online, not just from our own authorities to eavesdrop on it, but also from malicious attackers, economic espionage or state-sponsored surveillance of foreign countries such as China or Russia. Encryption is the very foundation of our modern web and the basis of any cybersecurity…

Source…

Quantum hacking is a looming privacy threat. Companies should start worrying now

/in


Now that everyone else has had a turn, quantum hackers are coming for your data.

Well, not quite yet. But they’re working on it.

Quantum computers, which are still in development by players such as Google, IBM, and Microsoft, hold enormous promise to do good as well as harm. The U.S. and Chinese governments are pouring billions into them.

For a primer on this new breed, I turned to Martin Lee, technical lead of security research and EMEA lead at Cisco Talos, the networking giant’s threat intelligence and response group.

Traditional computers operate on binary digits, or bits, that are either one or zero. In a quantum machine, “the bits are one, zero, or everything in between, all at the same time,” Lee says. So it “has the possibility of being able to calculate and consider many different solutions to a problem all at the same time to find the correct answer.”

That’s ideal for calculating the shapes of proteins to discover new drugs, Lee notes, or the thermodynamics of an engine.

It’s also perfect for stealing data.

Because a quantum computer makes calculating the factors of prime numbers much easier, it could swiftly crack many existing encryption algorithms, Lee says.

How soon? Maybe next year, maybe in five years, or maybe never, Lee reckons. But it’s time to start considering the problem so it doesn’t become an emergency, he warns. “Certainly, CIOs and CTOs need to think about ‘How do we prepare for a post-quantum world?’”

In response, companies are already developing and deploying quantum security. One is QuSecure, a California startup whose clients include Cisco, Dell, and the U.S. military.

Hackers are harvesting data now for quantum decryption later, says cofounder, chief product officer, and CTO Rebecca Krauthamer. Prime targets include electronic health and financial records, as well as national security data, Krauthamer adds. “All those kinds of things, they have a shelf life, and that’s why for some sectors, it’s a very urgent problem.”

To ward off quantum attacks, you fight fire with fire, right? Actually, no.

QuSecure’s software sits atop a client’s existing encryption, explains Skip Sanzeri, cofounder, chair, and COO. Besides some…

Source…

The Privacy Danger Lurking in Push Notifications

/in


To send those notifications that awaken a device and appear on its screen without a user’s interaction, apps and smartphone operating system makers must store tokens that identify the device of the intended recipient. That system has created what US senator Ron Wyden has called a “digital post office” that can be queried by law enforcement to identify users of an app or communications platform. And while it has served as a powerful tool for criminal surveillance, privacy advocates warn that it could just as easily be turned against others such as activists or those seeking an abortion in states where that’s now illegal.

In many cases, tech firms don’t even demand a court order for the data: Apple, in fact, only demanded a subpoena for the data until December. That allowed federal agents and police to obtain the identifying information without the involvement of a judge until it changed its policy to demand a judicial order.

Europe’s sweeping Digital Markets Act comes into force next week and is forcing major “gatekeeper” tech companies to open up their services. Meta-owned WhatsApp is opening its encryption to interoperate with other messaging apps; Google is giving European users more control over their data; and Apple will allow third-party app stores and the sideloading of apps for the first time.

Apple’s proposed changes have proved controversial, but ahead of the March 7 implementation date the company has reiterated its belief that sideloading apps creates more security and privacy risks. It may be easier for apps on third-party apps stores, the company says in a white paper, to contain malware or try to access people’s iPhone data. Apple says it is bringing in new checks to try to make sure apps are safe.

“These safeguards will help keep EU users’ iPhone experience as secure, privacy-protecting, and safe as possible—although not to the same degree as in the rest of the world,” the company claims. Apple also says it has heard from EU organizations, such as those in banking and defense, which say they are concerned about employees installing third-party apps on work devices.

WhatsApp scored a landmark legal win this week against the notorious mercenary hacking firm NSO…

Source…

Privacy and Security on Android Redefined

/in


GrapheneOS: A Privacy-Focused Android OS with a Difference

The digital world is witnessing the rise of a new player in the mobile operating system space, GrapheneOS. Originally known as CopperheadOS, this custom Android-based operating system is making headlines with its steadfast focus on privacy and security improvements. After a brief stint as the Android Hardening project, it rebranded itself as GrapheneOS and has been going from strength to strength ever since.

Security and Privacy: DNA of GrapheneOS

GrapheneOS enhances the security of the Android operating system by mitigating vulnerabilities and providing granular control over system-level permissions. It also strengthens app sandboxing, which is a method of isolating applications from each other to prevent one from interfering with another. The goal is to contribute features to the open-source Android project without the conflicts of a traditional business model, embodying the ethos of a nonprofit organization.

The OS boasts features like protection against zero-day vulnerabilities, a type of computer-software vulnerability unknown to those who should be interested in its mitigation, by reducing the attack surface. It also provides toggles for network and sensors permissions, MAC randomization, and an LTE-only mode. Memory safety, a critical aspect of secure code, is also a focal point, using memory-safe languages and tooling to prevent exploitation of memory corruption bugs.

GrapheneOS Apps: Vanadium WebViewer and Secure Camera

GrapheneOS comes bundled with specific apps tailored for privacy and security enhancements. The Vanadium WebViewer, a browser developed in-house, is designed with security in mind, leveraging Android’s WebView for secure browsing. Secure Camera, another integral app, is a camera application designed to operate while the rest of the device’s sensors are disabled, providing an added layer of security.

Compatibility with Google Apps and Google Pixel

While Google apps and services are not preinstalled due to privacy reasons, users can still install them via a compatibility layer that restricts their privileges. GrapheneOS is primarily designed for Google Pixel smartphones due to their…

Source…