Hugh Pickens DOT Com writes "Jacob Kastrenakes reports on The Verge that as part a response to the NSA's wide-reaching surveillance programs, BitTorrent is unveiling a secure messaging service that will use public key encryption, forward secrecy, and a distributed hash table so that chats will be individually encrypted and won't be stored on some company's server. 'It's become increasingly clear that we need to devote hackathons, hours and resources to developing a messaging app that protects user privacy,' says Christian Averill, BitTorrent's director of communications. Because most current chat services rely on central servers to facilitate the exchange of messages, 'they're vulnerable: to hackers, to NSA dragnet surveillance sweeps.' BitTorrent chat aims to avoid those vulnerabilities through its encryption methods and decentralized infrastructure. Rather than checking in with one specific server, users of BitTorrent chat will collectively help each other figure out where to route messages to. In order to get started chatting, you'll just need to give someone else your public key — effectively your identifier. Exchanging public keys doesn't sound like the simplest way to begin a chat, but Averill says that BitTorrent hopes to make it easy enough for anyone interested. 'What we're going to do is to make sure there are options for how this is set up,' says Averill. 'This way it will appeal to the more privacy conscious consumer as well as the less technically inclined.' For now, it remains in a private testing phase that interested users can apply for access to. There's no word on when it'll be open to everyone, but with all of the recent surveillance revelations, it's easy to imagine that some people will be eager to get started."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
An anonymous reader writes "The Free Software Foundation announced today the first laptop they have been able to certify as-is that respects the user's freedoms. The laptop is free down to using Coreboot in place of a proprietary BIOS. The OS shipped on the laptop is Trisquel, the Ubuntu derived Linux OS that removes all traces of proprietary firmware, patented formats, etc. The only issue though for new customers is this endorsed laptop comes down to being a refurbished 2006 ThinkPad X60 with single or dual-core Intel CPU, 1GB+ of RAM, 60GB+ HDD, and a 1024x768 12.1-inch screen, while costing $320+ USD (200 GBP). The FSF-certified refurbished laptops are only offered for sale through the Gluglug UK shop. Are these outdated specs worth your privacy and freedom?"
First time accepted submitter jma05 writes "The UN General Assembly unanimously adopted a privacy resolution introduced by Brazil and Germany, against unlawful surveillance. 'The resolution affirms that the same rights that people have offline must also be protected online, including the right to privacy.' Under pressure from US lobbying, the clause that mass surveillance constitutes a human rights violation was dropped earlier."
Hugh Pickens DOT Com writes "SF writer Charles Stross writes on his blog that like all currency systems, Bitcoin comes with an implicit political agenda attached and although our current global system is pretty crap, Bitcoin is worse. For starters, BtC is inherently deflationary. There is an upper limit on the number of bitcoins that can ever be created so the cost of generating new Bitcoins rises over time, and the value of Bitcoins rise relative to the available goods and services in the market. Libertarians love it because it pushes the same buttons as their gold fetish and it doesn't look like a "Fiat currency". You can visualize it as some kind of scarce precious data resource, sort of a digital equivalent of gold. However there are a number of huge down-sides to Bitcoin says Stross: Mining BtC has a carbon footprint from hell as they get more computationally expensive to generate, electricity consumption soars; Bitcoin mining software is now being distributed as malware because using someone else's computer to mine BitCoins is easier than buying a farm of your own mining hardware; Bitcoin's utter lack of regulation permits really hideous markets to emerge, in commodities like assassination and drugs and child pornography; and finally Bitcoin is inherently damaging to the fabric of civil society because it is pretty much designed for tax evasion. "BitCoin looks like it was designed as a weapon intended to damage central banking and money issuing banks, with a Libertarian political agenda in mind—to damage states ability to collect tax and monitor their citizens financial transactions," concludes Stross. "The current banking industry and late-period capitalism may suck, but replacing it with Bitcoin would be like swapping out a hangnail for Fournier's gangrene.""
wiredmikey writes "A board set up to review the NSA's vast surveillance programs has called for a wide-ranging overhaul of National Security Agency practices while preserving 'robust' intelligence capabilities. The panel, set up by President Obama, issued 46 recommendations, including reforms at a secret national security court and an end to retention of telephone 'metadata' by the spy agency. The 308-page report (PDF) submitted last week to the White House and released publicly Wednesday says the US government needs to balance the interests of national security and intelligence gathering with privacy and 'protecting democracy, civil liberties, and the rule of law.' Panel members said the recommendations would not necessarily mean a rolling back of intelligence gathering, including on foreign leaders, but that surveillance must be guided by standards and by high-level policymakers."
New submitter ttyler writes "It turns out a MacBook's built-in camera can be activated without turning on the green LED. An earlier report suggested the FBI could activate a device's camera without having the light turn on, and there was a case in the news where a woman had nude pictures taken of her without her knowledge. The new research out of Johns Hopkins University confirms both situations are possible. All it takes are a few tweaks to the camera's firmware."
ananyo writes "The Guardian's technology editor, Charles Arthur, asks why researchers have remained largely silent in the wake of the revelation that the U.S. National Institute of Standards and Technology's standard for random numbers used for cryptography had been weakened by the NSA: 'The nature of the subversions sounds abstruse: the random-number generator, the 'Dual EC DRBG' standard, had been hacked by the NSA and the UK's GCHQ so that its output would not be as random as it should have been. That might not sound like much, but if you are trying to break an encrypted message, the knowledge that it is hundreds or thousands of times weaker than advertised is a great encouragement.' Arthur attributes the silence of UK academics, at least, to pressure from GCHQ. He goes on to say: 'For those who do care, White and Matthew Green, who teaches cryptography at Johns Hopkins University in Baltimore, Maryland, have embarked on an ambitious effort to clean up the mess — one that needs help. They have created a non-profit organization called OpenAudit.org, which aims to recruit experts to provide technical assistance for security projects in the public interest, especially open-source security software.'"
SonicSpike writes "2013 may be a turning point for red-light cameras across the United States. According to the Insurance Institute for Highway Safety (IIHS), a non-profit largely funded by auto insurance companies, this year is the first time in nearly two decades that the number of American cities with red-light cameras has fallen — the systems were installed in 509 communities as of November 2013. While a single-year drop may not ultimately mean much, legislators across the country are increasingly agitated about the cameras. Bills are also pending in Florida and Ohio that would ban the devices entirely. A state representative in Iowa has also twice introduced legislation to ban RLCs (he was not successful). Part of this backlash has to do with the (sometimes accurate) perception that RLCs are a moneymaking scheme, pure and simple."
judgecorp writes "In the latest twist to the saga of Google's tracking of Safari users, the tech giant has asked to have a U.K. lawsuit dismissed. Google says it is bound by California laws, so plaintiffs will have to come to the U.S. and sue there. Law firm Olswang is bringing the suit on behalf of British users whose Safari browser settings were overridden to help Google target ads; it argues that international organizations should respect the laws that apply where their customers live."
schwit1 writes in with the latest on an U.S. District Court ruling over NSA spying. "A federal judge ruled Monday that the National Security Agency's phone surveillance program is likely unconstitutional, Politico reports. U.S. District Court Judge Richard Leon said that the agency's controversial program, first unveiled by former government contractor Edward Snowden earlier this year, appears to violate the Constitution's Fourth Amendment, which states that the 'right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.' 'I cannot imagine a more "indiscriminate" and "arbitrary invasion" than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying it and analyzing it without judicial approval,' Leon wrote in the ruling. The federal ruling came down after activist Larry Klayman filed a lawsuit in June over the program. The suit claimed that the NSA's surveillance 'violates the U.S. Constitution and also federal laws, including, but not limited to, the outrageous breach of privacy, freedom of speech, freedom of association, and the due process rights of American citizens.'"
Jah-Wren Ryel writes "It turns out Facebook tracks the stuff that people type and then erase before hitting the post button. If you start writing a message, and then think better of it and decide not to post it, Facebook still adds it to the dossier they keep on you. From the article: 'Storing text as you type isn't uncommon on other websites. For example, if you use Gmail, your draft messages are automatically saved as you type them. Even if you close the browser without saving, you can usually find a (nearly) complete copy of the email you were typing in your Drafts folder. Facebook is using essentially the same technology here. The difference is that Google is saving your messages to help you. Facebook users don't expect their unposted thoughts to be collected, nor do they benefit from it.'"
An anonymous reader writes "This week CBS New's 60 Minutes program had a broadcast segment devoted to the NSA, and additional online features. It revealed that the first secret Snowden stole was the test and answers for a technical examination to get a job at NSA. When working at home, Snowden covered his head and screen with a hood so that his girlfriend couldn't see what he was doing. NSA considered the possibility that Snowden left malicious software behind and removed every computer and cable that Snowden had access to from its classified network, costing tens of millions of dollars. Snowden took approximately 1.7 million classified documents. Snowden never approached any of multiple Inspectors General, supervisors, or Congressional oversight committee members about his concerns. Snowden's activity caught the notice of other System Administrators. There were also other interesting details, such as the NSA has a highly competitive intern program for High School students that are given a Top Secret clearance and a chance to break codes that have resisted the efforts of NSA's analysts — some succeed. The NSA is only targeting the communications, as opposed to metadata, of less than 60 Americans. Targeting the actual communications of Americans, rather than metadata, requires a probable cause finding and a specific court order. NSA analysts working with metadata don't have access to the name, and can't listen to the call. The NSA's work is driven by requests for information by other parts of the government, and there are about 31,000 requests. Snowden apparently managed to steal a copy of that document, the 'crown jewels' of the intelligence world. With that information, foreign nations would know what the US does and doesn't know, and how to exploit it."
cagraham writes "In a seemingly minor update, Google announced that all Gmail images will now be cached on their own servers, before being displayed to users. This means that users won't have to click to download images in every email now — they'll just automatically be shown. For marketers, however, the change has serious implications. Because each user won't download the images from a third-party server, marketers won't be able to see open-rates, log IP addresses, or gather information on user location and browser type. Google says the changes are intended to enhance user privacy and security."
krakman writes "With the NSA disclosures, French media was 'outraged'. Yet they appear to be worse than the NSA, with a new law that codifies standard practice and provides for no judicial oversight while allowing electronic surveillance for a broad range of purposes, including 'national security,' the protection of France's 'scientific and economic potential' and prevention of ;terrorism' or 'criminality.' The government argues that the law, passed last week with little debate as part of a routine military spending bill, which takes effect in 2015, does not expand intelligence powers. Rather, officials say, those powers have been in place for years, and the law creates rules where there had been none, notably with regard to real-time location tracking. French intelligence agencies have little experience publicly justifying their practices. Parliamentary oversight did not begin until 2007."
An anonymous reader writes "Indiana state police acknowledge use of cell phone tracking device 'Stingray', tricking all cellphones in a set distance into connecting to it as if it were a real cellphone tower. A joint USA Today and IndyStar investigation found earlier this month that the state police spent $373,995 on a device called a Stingray. Often installed in a surveillance vehicle, the suitcase-size Stingrays trick all cellphones in a set distance ('sometimes exceeding a mile, depending on the terrain and antennas') into connecting to it as if it were a real cellphone tower. That allows police agencies to capture location data and numbers dialed for calls and text messages from thousands of people at a time."
An anonymous reader writes "'Snooping on the Internet is tricky. The network is diffuse, global, and packed with potential targets. There's no central system for identifying or locating individuals, so it's hard to keep track of who is online and what they're up to. What's a spy agency to do?' In a Slate op-ed, Ed Felten explains how consumer tracking makes the NSA's job much easier. Felten was the first-ever Chief Technologist at the Federal Trade Commission, serving as the agency's lead technical expert on privacy issues. Now back in academia, he argues that the NSA gets a 'free ride on the private sector,' from distinguishing users, to pinpointing geolocation, to slurping up network traffic."
jfruh writes "NSA Director Keith Alexander, testifying before the Senate this week, got weirdly petulant, asking his critics how he was supposed to do his job without collecting metadata on American communications. 'If we can come up with a better way, we ought to put it on the table and argue our way through it,' he said. 'There is no other way that we know of to connect the dots.' He also implied that major U.S. tech companies might have greater capacities than his organizations, and that they should help him out with new ideas."
An anonymous reader writes "Peter Eckersley at the EFF reports that the 'App Ops' privacy feature added to Android in 4.3 has been removed as of 4.4.2. The feature allowed users to easily manage the permission settings for installed apps. Thus, users could enjoy the features of whatever app they liked, while preventing the app from, for example, reporting location data. Eckersley writes, 'When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1 The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.'"
An anonymous reader writes "Wired reports that the chat logs between Bradley Manning and Julian Assange that were used as evidence in Manning's trial have made it onto the web, at least briefly. One of those logs contained something very interesting on page 4, which was picked up on by the News of Iceland, which reports, '"Jesus Christ. I think that we have recordings of all phone calls to and from the Icelandic parliament during the past four months". This text can be found in documents that the US military published on its website and is said to be part of the conversations between Julian Assange and Bradley Manning. According to the documents, Assange claims to have phone call recordings from Althingi, the Icelandic parliament, but this is the first time that the existence of such data is mentioned publicly. ... According to Icelandic laws, it is required to inform the person you are speaking with if the phone call is being recorded. Given that the parliament is not violating laws it is clear that Assange or his associates would have to have installed recording devices or wiretaps in the parliament.' — What makes it even more interesting is that Wired also reports in this recent story: Someone's Been Siphoning Data Through a Huge Security Hole in the Internet."
An anonymous reader writes "The Advocate General of the European Court of Justice today issued their opinion that the EU Directive covering the retention of data is incompatible with the Charter of Fundamental Rights of the European Union. In an interim ruling in a case taken by the Irish Digital Rights movement, the AG found the limitation on a persons right to privacy imposed by the EU Directive was not properly laid down in law. The ECR has yet to make a formal ruling and is not bound by the AG opinion, however it is unusual for the court not to follow suit."