#e2ee

danie10@squeet.me

Samsung Backups and Cloud Sync can be End-To-End-Encrypted, but you need to Enable it

Part of a smartphone screen showing the title Enhanced data protection
Buried in the settings of certain Samsung Galaxy devices, there’s a feature Samsung calls Enhanced Data Protection. This is a fancy, branded name for end-to-end encryption. It means that when you back up or sync data to Samsung servers, that data will be encrypted before leaving your device, and it won’t be unencrypted until it returns to your phone. If anyone tries to look at your data on any device other than yours, all they will see is gibberish.

Why isn’t this enabled by default? The caveat is pretty severe. When you first enable the feature, Samsung generates a lengthy recovery code for you to store in a safe location. If you forget it, there’s no way for anyone to restore your data. It’s gone for good.

I love (not) how companies think we will all forget our passwords, and they need to protect us from ourselves. This is why we don’t always have effective security and privacy. We have quite a few messengers and social networks that already operate this — you forget your private key, and your profile is gone forever (well it will be there, but you won’t ever post from it again).

This “feature” for Samsung devices just needs to be flipped on, and you need to ensure you’ve saved that unlock key somewhere safe.

See howtogeek.com/theres-a-safe-wa…
#Blog, #E2EE, #privacy, #technology

yazumo@despora.de

Aus Mike Kuketz Blog: https://www.kuketz-blog.de/

Die ARD-Journalistin Kathrin Schmid demonstriert in ihrem Kommentar zur »Chat-Kontrolle« ihre offensichtliche technische Unkenntnis, indem sie Grundrechte polemisch gegeneinander ausspielt. In einem Beitrag zeigen wir, dass mit weniger Oberflächlichkeit und mehr Sachverstand der Sache des Kinderschutzes mehr gedient wäre. 👇

Tagesschaukommentar zur Chatkontrolle: Empörte Ahnungslosigkeit

Eine Journalistin der ARD hat in einem Kommentar (Online-Ausgabe der Tagesschau) zum vorläufigen Scheitern der sog. »Chatkontrolle« Grundrechte polemisch gegeneinander ausgespielt.

Das Framing, eingekleidet in einen Meinungsbeitrag, ist polarisierend: Der überzogene deutsche Datenschutz (»pure Datenschutz« Schmid, 2024) verhindere den Schutz von Kindern im Internet.

Ganz im Sinne des in Mode gekommenen Technik-Solutionismus wird eine einfache Lösung für ein komplexes gesellschaftliches Problem suggeriert: Die anlasslose Massenüberwachung.

Der stilistische Rückgriff auf einen moralischen Überlegenheitsanspruch à la »denkt denn niemand an die Kinder« kann jedoch nicht über die offensichtliche fachliche Unkenntnis der ARD-Journalistin hinwegtäuschen. Die technische Ahnungslosigkeit beginnt bereits damit, dass eines der Kernprobleme unerwähnt bleibt: Die »Umgehung« der Verschlüsselung (insbesondere Ende-zu-Ende-Verschlüsselung (E2EE)) privater Kommunikation durch das Verfahren des Client-Side-Scanning (CSS).

[...]


#ARD #Tagesschaukommentar #ARD-Journalistin #polarisieren #Chatkontrolle #Verschlüsselung #Verschluesselung #Grundrechte #Grundrecht #Datenschutz #Technik-Solutionismus #Massenüberwachung #Massenueberwachung #E2EE #Ende-zu-Ende-Verschlüsselung #Ende-zu-Ende-Verschluesselung #CSS #Client-Side-Scanning

danie10@squeet.me

How to send encrypted (at a cost) and ‘confidential’ emails on Gmail

Words Gmail in white with a colour logo letter M of Gmail behind it.
Gmail may be very easy to use, and probably also one of the most used e-mail services out there, but Google has still not made any real effort to help e-mails going proper E2EE for all, despite the technology being available for a very long time.

Gmail’s confidential mode is not E2EE at all. It is merely a self-destruct timer or password to open, type e-mail. The latter probably only works to other Gmail users.

The encrypted offering they have is only for paid Workspace account holders, and seeing Google controls the web interface and services… I’m not sure the NSA will be using it (then again, maybe Gmail at least seems to be hacked less often than Microsoft’s cloud mail service!).

So ordinary users are probably better off adding one of the 3rd party browser extension that allow true OpenPGP E2EE for Gmail. It is free, and you can use your own public private key pair. But although this is free, the barrier for most normal users, is the ‘complexity’. You need to set up a signed key pair, load it into the extension, and of course have friends that are suitably equipped to actually decrypt E2EE e-mail. Unfortunately, the reality here is that both sides of this equation are just not within feasible for many users. There is also no single standard used across all e-mail services for E2EE, and you can forget about sending an encrypted e-mail to 99.999% of business or government departments, and expecting any of them to be able to read it.

Where any e-mail service has a POP3 or IMAP protocol interface (like Gmail has), it is possible to use an offline mail app like Thunderbird, and also add your OpenPGP key in there. But the same barriers to adoption exist for ordinary non-tech users, and it means also taking accountability to backup your own e-mail.

The reality is, most users are going to be far better off with services like Proton Mail, or Tutanota, that make the encryption process about as seamless as it can be (even my own family managed to get Proton Mail right, but only one is bothered to use it, and only with me).

Most people are not bothered, unless there is some very simple one button press to encrypt e-mail. And it seems, sadly, that the world is dependent upon Google to make this happen, mainly because there are so many Gmail accounts. If a Gmail user can’t read an encrypted e-mail, then you can’t send an E2EE mail to them (yes, I know Proton and Tutanota have workarounds where the Gmail user clicks to log in and enters a password to read the mail. But those are great phishing opportunities against non-tech users too).

So, it does come down again to Big Tech, unfortunately, to decide whether average users will ever be able to have truly private and secure e-mail, as well as interoperability between instant messengers (my previous post about WhatsApp is what I’m referring to).

Certainly, all the technology has long existed, but the biggest user bases are ‘stuck’ in Big Tech services, and there is no easy way for them to adopt the alternatives en masse. Whilst they feel (or don’t feel should I say) trapped there, they hold everyone else back too, and your E2EE e-mail is meaningless when you have to still send plain text e-mails to so many Gmail users. E-mail takes two or more parties to send and receive e-mail.

I’m only speculating here, but I’m suspecting Google is in no hurry to provide proper E2EE e-mail for Gmail users as it is a treasure trove of information about travel habits, medical details, banking details (less often now), relationships, and much more that is all open to analysis. Google certainly does scan e-mail as their TOS state they do this to detect viruses and malware, to provide search in e-mail, and ‘to provide you personally relevant product features’. Gmail would likely have to become a paid service to make E2EE worthwhile for Google.

You either have complete privacy and pay for every service, or you lose privacy for those free services. The majority of users are still opting for free services.

See https://www.androidpolice.com/gmail-send-encrypted-emails/
#Blog, #E2EE, #gmail, #privacy, #technology

markusm@diasp.de

KryptEY - Secure E2EE communication

An Android keyboard for secure end-to-end-encrypted messages through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.

Motivation
Breaking of end-to-end encryption (E2EE) by laws such as the planned EU chat control is an ongoing issue. Content in messengers that use E2EE, such as Whatsapp or Signal, could thus be monitored by third parties. E2EE is often, but not always, standard in messengers. There are proven methods for E2EE such as PGP. However, these methods are sometimes cumbersomely integrated and require a lot of effort to use.

KryptEY is an Android keyboard that implements the Signal protocol. The keyboard works messenger-independently and both the X3DH Key Agreement Protocol and the Double Ratchet Algorithm work without a server, thus it enables a highly independent use of the protocol.

https://github.com/amnesica/KryptEY

#e2ee #Android #Security #encryption #CIA #BND #EU #USA

danie10@squeet.me

SimpleX E2EE messenger for iOS and Android has no user IDs at all – It could be the most secure and private messenger ever

Bild/Foto
Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers. This radically improves your privacy.

When users have persistent identities, even if this is just a random number, like a Session ID, there is a risk that the provider or an attacker can observe how the users are connected and how many messages they send. They could then correlate this information with the existing public social networks, and determine some real identities. And, if you use Incognito mode, you will have a different display name for each contact, avoiding any shared data between them.

To deliver messages, instead of user IDs used by all other platforms, SimpleX uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.

You define which server(s) to use to receive the messages, your contacts — the servers you use to send the messages to them. Every conversation is likely to use two different servers.

This design prevents leaking any users’ metadata on the application level. To further improve privacy and protect your IP address, you can connect to messaging servers via Tor.

Only client devices store user profiles, contacts and groups; the messages are sent with 2-layer end-to-end encryption.

To connect to your friend, you can connect via their 1-time QR-code, in person or via a video link. You can also connect by sharing an invitation link. So, there is no user ID you share to groups or the public to connect with you. Every code is a one-time use code for just a single friend to connect. The channel through which you share the link does not have to be secure – it is enough that you can confirm who sent you the message and that your SimpleX connection is established.

See https://simplex.chat/
#Blog, #E2EE, #opensource, #privacy, #SimpleX, #technology

piratendresden@pirati.ca
danie10@squeet.me

Swiss Army bans all chat apps but locally-developed Threema – No e-mail or phone no to register, and immune from US CLOUD Act

Bild/FotoBild/Foto
The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. As Threema is a paid subscription communications service, the Swiss army promised to cover the annual subscription cost for all soldiers, which is roughly $4.40 per user.

Although the troops are expected to follow the official instruction, there are no current penalties if army members use foreign IM apps.

The open source client applications E2E encrypt all messages and files that are sent to other Threema users with their respective public keys. Once a message is delivered successfully, it is immediately deleted from the servers.

Swiss officials underlined the most important difference is that Threema isn’t subject to the U.S. Cloud Act, which was passed in 2018 “hidden” inside a budget spending bill. The controversial law lifts the need for securing a search warrant when a U.S. state agency needs to access and scrutinize someone’s online data.

See https://www.bleepingcomputer.com/news/security/swiss-army-bans-all-chat-apps-but-locally-developed-threema/

#technology #switzerland #Threema #E2EE #security
Bild/Foto
#Blog, #E2EE, #security, #Switzerland, #technology, #Threema

danie10@squeet.me

Signal significantly ups its end-to-end video group call limit to 40 people, making it pretty useful now

While WhatsApp and most other messengers support end-to-end encryption, Signal is probably still your best choice (of the popularly used options) when you want your conversations and calls to stay private. Given that all communication on Signal is encrypted, including group video calls, the company is running into some unique challenges that need to be addressed when scaling its service. As such, Signal has only supported group calls with up to five participants until now, but it has finally managed to significantly up the limit to 40 people at a time.
See Signal significantly ups its video group call limit, surpassing WhatsApp

#technology #E2EE #encryptedvideo #Signal #instantmessengers

Imagem/foto

Up to 40 people can now join an end-to-end encrypted video call

Bild/Foto
#Blog, #rss- - - - - -

https://gadgeteer.co.za/signal-significantly-ups-its-end-to-end-video-group-call-limit-to-40-people-making-it-pretty-useful-now/

gehrke_test@libranet.de

MobileLinux rulez!

Kurzfassung in einem Bild:
cowsay "TNX to: GNU/Linux ArchLinux Pine64 phosh Matrix FluffyChat Flatpak linux-club.de tomm.fa"

Etwas ausführlicher: Die Arbeit der letzten Wochen zu #MobileLinux mit #phosh auf dem #PineTab waren erfolgreich. Gestern noch im Eichhörnchen-Modus, heute mit Sieben-Meilen-Stiefeln.
Mir fehlte noch ein Client für #Matrix mit Support für #E2EE. Im ruhmreichen linux-club.de hatte der große tomm.fa die Idee, dafür doch #Flatpak zu verwenden.

Und ja, das hat funktioniert: Die niegelnagelneue Release von #FluffyChat kann mittlerweile auch E2EE.

'Kurze QA: Login zaubert in kurzer Zeit alle abonierten ChatRooms mit Inhalt hervor, allerdings grösstenteils verschlüsslt.
Dann eine verschlüsselte Nachricht angeklickt und es wird zum Schlüsselabgleich automatisch eine Verifikation mit einer anderen Session unter Element auf einem anderen Client durchgeführt. Ein paar Emojis verglichen in beiden Sessions und schwupps, wird der Schlüssel zur Verfügung gestellt. Und alle Inhalte sind lesbar. Yeah!'

Damit sind jetzt ca. 80% meiner täglichen ToDos auf PC+Notebook unter #Fedora auch via #PineTab mit #ArchLinux möglich. Und mit FlatPak wird noch mehr abgedeckt werden können, bevor die native Paketverwaltung der Distribution dann mal irgendwann nachgezogen hat.

Ich feiere hart!

#Pine64

gehrke_test@libranet.de

MobileLinux - es geht voran...

Die Arbeiten zur #Weltherrschaft schreiten weiter im Eichhörnchenmodus voran:

Der Nutzungsgrad meines #Pinetab steigt kontinuierlich. Einen brauchbaren Matrix-Client habe ich zwar immer noch nicht gefunden (nur #Fractal, aber der kann noch kein #E2EE und ist damit durch) - aber dafür tut jetzt der Client von #Nextcloud.

Das war auch etwas holprig: vor 2 Wochen ließ sich das Paket unter #ArchLinux nicht aufgrund fehlendem Zeugs installieren, Woche drauf lief die Installation, aber zur Laufzeit fehlten Shared Libs. Aber gestern kam ein Update, welches das Paket funktional machte. Jetzt wird fleissig synchronisiert.

Es wird steinig bleiben, aber es gibt definitiv Fortschritte. #MobileLinux mit #Phosh ist auf dem Weg!

#Pine64