Governments continue, as they have for the past 30 years, to rail against the adoption of strong encryption. In 2020, having seen what happens when Governments try to coerce platforms, we have a fairly clear understanding: For good or ill, social media and social networking exist, and will continue to…

v1.0–27 July 2020, alec.muffett@gmail.com The master copy of this document resides at: https://github.com/alecmuffett/eotk/blob/master/docs.d/security-advisories.d/001-torbrowser.md Audience All users and operators of .onion websites, especially (but not limited to) sites containing "mixed content" HTTPS and HTTP. Impact TorBrowser leaks “secure” cookies that were issued over HTTPS into cleartext HTTP channels that may be observable by…

This is the first document for a new project called DoHoT DNS, which I hope will grow to help people recoup some privacy in places where they have previously not considered it lacking. Note for Medium.COM readers: the master copy of this essay can always be found at https://github.com/alecmuffett/dohot TL;DR I…

So there’s this thread, by this guy, who is pitching that “WhatsApp isn’t open-source so it must be bad in [various hypothetical ways]”. Mike, the argument you’re making is quite literally anti-security; let’s start: there IS no such thing as perfect security there ARE no such things as ubiquitous threat…

[context: I just posted this to a maillist that I participate in] By now I would have expected someone on [this group] to have picked-up and excitedly posted the latest Facebook conspiracy theory: some chap called Kalev Leetaru at Forbes, who is serially: https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/ https://www.forbes.com/sites/kalevleetaru/2019/05/28/facebook-is-already-working-towards-germanys-end-to-end-encryption-backdoor-vision/…

Condensed from a couple of emails I made, earlier today, regarding a document put in front of the Applications Doing DNS working group. The email thread, and the content of the proposal, is regarding a proposed mechanism by which cafes, corporations, ISPs and governments could force users of DNS-over-HTTPS to…

for v2 and v3 onion addresses; updated 26 jun 2019 Congratulations! You are setting up an Onion site! And you want a vanity onion address! There is lots of software out there that you can use to generate them! I’m not going to make strong software recommendations, because it’s a…

*even if it means initially using Google or Cloudflare for DNS for a while A friend posted to a maillist: The amount of dns fuckery in the UK already is high enough that neverssl.com is now the top suggestion on my chrome browser homepage, as I have to load it…

Chatting over a little whisky last night, a friend asked my opinion on how to help Chinese dissidents gain access to secure communication. …