"Major VPN services have shut down service in India, as there is no way to comply with a new law without breaching their own privacy protection standards," reports 9to5Mac. "The law also applies to iCloud Private Relay, but Apple has not yet commented on its own plans." The Wall Street Journal reports: Major global providers of virtual private networks, which let internet users shield their identities online, are shutting down their servers in India to protest new government rules they say threaten their customers' privacy [...] Such rules are "typically introduced by authoritarian governments in order to gain more control over their citizens," said a spokeswoman for Nord Security, provider of NordVPN, which has stopped operating its servers in India. "If democracies follow the same path, it has the potential to affect people's privacy as well as their freedom of speech," she said [...] Other VPN services that have stopped operating servers in India in recent months are some of the world's best known. They include U.S.-based Private Internet Access and IPVanish, Canada-based TunnelBear, British Virgin Islands-based ExpressVPN, and Lithuania-based Surfshark. ExpressVPN said it "refuses to participate in the Indian government's attempts to limit internet freedom." The government's move "severely undermines the online privacy of Indian residents," Private Internet Access said. "Customers in India will be able to connect to VPN servers in other countries," adds 9to5Mac. "This is the same approach taken in Russia and China, where operating servers within those countries would require VPN companies to comply with similar legislation." "Cloud storage services are also subjected to the new rules, though there would be little practical impact on Apple here. iCloud does not use end-to-end encryption, meaning that Apple holds a copy of your decryption key, and can therefore already comply with government demands for information."

Read more of this story at Slashdot.

"Hyundai predictably fails in attempting to secure their car infotainment system with a default key lifted from programming examples," writes Slashdot reader sinij. "This level of security is unfortunately expected from auto manufacturers, who also would like to sell you always-connected Car2Car self-driving automobiles." Cryptographer and security experience Bruce Schneier writes: "Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]," writes an unidentified developer under the name "greenluigi1." Luck held out, in a way. "Greenluigi1" found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like "RSA Encryption & Decryption Example with OpenSSL in C." Two questions remain: 1.) How did the test key get left behind? 2) Was it by accident or design?

Read more of this story at Slashdot.

It's a free and open-source, cross-platform FTP application that allows secure file transfering — and it's making an old-school protocol cool again, according to a recent blog post. Started about 21 years ago — and downloaded by millions each year — FileZilla remains "committed to their role in liberating technology, by making it accessible, open and also secure," according to the blog post. But it also explains how FileZilla has beefed up that security through a collaboration with the internet freedom nonprofit, the Open Technology Fund (or "OTF"): Over the past year, FileZilla has utilised support from OTF to undertake two activities that enhanced and ensured the security of their tools. The first was integrating FileZilla Server with Let's Encrypt, a free, automated, and open source certificate authority that ensures secure communication between the two end-points sending or receiving a file via FileZilla.... Secondly, FileZilla ran a penetration test, a service offered by OTF's Red Team Lab. A team of independent researchers attempted to force access to the FileZilla server to see if they could gain control. These researchers were highly skilled, and the testing was extensive. The team conducting the test only found very minor security vulnerabilities that FileZilla were able to fix immediately. As a result of this process, anyone wanting to use the FileZilla software can trust that it has been cross-scrutinised by a third party and found to be secure.... FileZilla respects users' confidentiality: they do not track your behaviour, nor sell your data to other companies. While they do have advertisements on their website, they are posted exactly as advertisements would be posted in a newspaper. Nobody knows that you are reading the advertisements, or that you decided to call or connect to the advertised website. The advertisement has simply been attached to the webpage, without any underlying tracking.... . "Our mission hasn't changed in over 20 years: design, develop, maintain and enhance free tools to securely transfer files with ease and reliability," said Tim Kosse, FileZilla Lead Developer. This decision was a political one taken by FileZilla, to always preserve the freedom of their tools, and of their users. "We aren't the typical commercial open-source venture that starts doing things for free, and over time, closes this and that to make money" said Roberto Galoppini, FileZilla Director of Strategy. "While you might not see FileZilla listed at the NYSE [New York Stock Exchange] any time soon, the freedom of our tools will never be questioned...." [I]f you work in an industry that requires the secure transfer of sensitive files, or if you simply have personal photographs or videos you want to keep confidential, using proprietary platforms to share or store them can put your information at risk of being exposed.... FileZilla offers an alternative that is secure and private. Their tools are developed by a team that is deeply invested in protecting users' confidentiality, and liberating technology is central to their work and decision-making.... At the same time, projects like FileZilla remind us that there exists a global community of technologists, activists, coders, bloggers, journalists, software developers, and mindful internet users making internet freedom a lived reality and daily practice. Supporting, experimenting with and using free and open source tools, such as the FileZilla client and server, enables us to disinvest from the capitalist pursuit of corporate control of technology and unchecked surveillance of our data. Rather, we can step into alignment with an alternative, parallel narrative being created by a community of resistance that is grounded in principles of cooperation, solidarity, commons and openness.

Read more of this story at Slashdot.

IoT Times brings an update on "the race to create a new set of encryption standards." Last month, it was announced that a specialized security algorithm co-authored by security experts of NXP, IBM, and Arm had been selected by the U.S. Government's National Institute of Standards and Technology (NIST) to become part of an industry global standard designed to counter quantum threats. IoT Times interviews the cryptography expert who co-created the Crystals-Kyber lattice-based algorithm selected by NIST — Joppe W. Bos, a senior principal cryptographer at the Competence Center for Cryptography and Security at NXP Semiconductors. And what worries his colleagues at the semiconductor company isn't the "imminent threat of quantum computers," Bos says, but an even closer and more practical deadline: "the timeline for these post-quantum crypto standards." "Two weeks ago, NIST announced the winners of these new public standards, the post-quantum crypto standards, and their timeline is that in 2024, so in roughly two years, the winners will be converted into standards. And as soon as the standards are released, our customers will expect NXP Semiconductors, as one of the leaders in crypto and security, to already have support for these standards, because we are, of course, at the start of the chain for many end products. Our secure elements, our secure platforms, SOCs, are one of the first things that need to be integrated into larger platforms that go into end products. Think about industrial IoT. Think about automotive applications. So, our customers already expect us to support post-quantum crypto standards in 2024, and not only support but, for many companies, being able to compute the functional requirements of the standard. "It took over ten years to settle down on the best methods for RSA and ECC, and now we have a much shorter timeline to get ready for post-quantum crypto." "When you ask the experts, it ranges from one to five decades until we can see quantum computers big enough to break our current crypto," Bos says in the interview. So he stresses that they're not driven by a few of quantum computers. "The right question to ask, at least for us at NXP is, when is this new post-quantum crypto standard available? Because then, our customers will ask for post-quantum support, and we need to be ready. "The standard really drives our development and defines our roadmap." But speaking of the standard's "functional requirements", in the original story submission Slashdot reader dkatana raised an interesting point. There's already billions of low-powered IoT devices in the world. Will they all have the memory and processing power to use this new lattice-based encryption?

Read more of this story at Slashdot.

Between 1850 and 1855, someone published a series of unusual ads in the British newspaper The Times. They were made up of a series of seemingly random letters, apparently gobbledygook. An anonymous reader adds: Almost 200 years later, a group of codebreakers has finally been able to decrypt some of them and read what they said, discovering that they were actually encrypted messages from a rescue expedition in the Arctic Ocean.

Read more of this story at Slashdot.

The U.K. government has tabled an amendment (PDF) to the Online Safety Bill that could put it on a collision course with end-to-end encryption. TechCrunch reports: It's proposing to give the incoming internet regulator, Ofcom, new powers to force messaging platforms and other types of online services to implement content-scanning technologies, even if their platform is strongly encrypted -- meaning the service/company itself does not hold keys to decrypt and access user-generated content in the clear. The home secretary, Priti Patel, said today that the governments wants the bill to have greater powers to tackle child sexual abuse. "Child sexual abuse is a sickening crime. We must all work to ensure criminals are not allowed to run rampant online and technology companies must play their part and take responsibility for keeping our children safe," she said in a statement -- which also offers the (unsubstantiated) claim that: "Privacy and security are not mutually exclusive -- we need both, and we can have both and that is what this amendment delivers." The proposed amendment is also being targeted at terrorism content -- with the tabled clause referring to: "Notices to deal with terrorism content or CSEA [child sexual exploitation & abuse] content (or both)." These notices would allow Ofcom to order a regulated service to use "accredited" technology to identify CSEA or terrorism content which is being publicly shared on their platform and "swiftly" remove it. But the proposed amendment goes further -- also allowing Ofcom to mandate that regulated services use accredited technical means to prevent users from encountering these types of (illegal) content -- whether it's being shared publicly or privately via the service, raising questions over what the power might mean for E2E encryption.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On the company's homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega's lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not. Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added). Third-party reviewers have been all too happy to agree and to cite the Mega claim when recommending the service. Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service. The authors say that the architecture Mega uses to encrypt files is riddled with fundamental cryptography flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once they have logged in a sufficient number of times. With that, the malicious party can decipher stored files or even upload incriminating or otherwise malicious files to an account; these files look indistinguishable from genuinely uploaded data. After receiving the researchers' report privately in March, Mega on Tuesday began rolling out an update that makes it harder to perform the attacks. But the researchers warn that the patch provides only an "ad hoc" means for thwarting their key-recovery attack and does not fix the key reuse issue, lack of integrity checks, and other systemic problems they identified. With the researchers' precise key-recovery attack no longer possible, the other exploits described in the research are no longer possible, either, but the lack of a comprehensive fix is a source of concern for them. "This means that if the preconditions for the other attacks are fulfilled in some different way, they can still be exploited," the researchers wrote in an email. "Hence we do not endorse this patch, but the system will no longer be vulnerable to the exact chain of attacks that we proposed." Mega has published an advisory here. However, the chairman of the service says that he has no plans to revise promises that the company cannot access customer data.

Read more of this story at Slashdot.

Swiss-based encrypted email provider ProtonMail today announced a restructuring of its privacy-first services, bringing them under a new unifying brand name: Proton. "Today, we are undertaking our biggest step forward in the movement for an internet that respects your privacy. The new, updated Proton offers one account, many services, and one privacy-by-default ecosystem. You can now enjoy unified protection with a modernized look and feel. Evolving into a unified Proton reflects our growth from an end-to-end encrypted email provider to an entire privacy ecosystem, allowing us to deliver even more benefits to the Proton community and make privacy accessible to everyone," the company said. MacRumors adds: Previously, users could only subscribe to each service the company offered individually. Going forward, the new Proton offers one account to access all the services offered in the company's privacy-by-default ecosystem, including Proton Mail, Proton VPN, Proton Calendar, and Proton Drive, all of which can be accessed from proton.me. All Proton services remain available as a free tier, with more advanced features and more storage available via paid plans. The free Proton tier includes up to 1GB of storage and one Proton email address, as well as access to Proton's encrypted Calendar and VPN services. Further reading: Proton Is Trying to Become Google -- Without Your Data.

Read more of this story at Slashdot.

The US is readying new encryption standards that will be so ironclad that even the nation's top code-cracking agency says it won't be able to bypass them. From a report: The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards. "There are no backdoors," said Rob Joyce, the NSA's director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor. The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today's computers can't. But it's also one that the White House fears could allow the encrypted data that girds the U.S. economy -- and national security secrets -- to be hacked.

Read more of this story at Slashdot.

Researchers in Beijing have set a new quantum secure direct communication (QSDC) world record of 102.2 km (64 miles), smashing the previous mark of 18 km (11 miles), The Eurasian Times reported. Engadget reports: Transmission speeds were extremely slow at 0.54 bits per second, but still good enough for text message and phone call encryption over a distance of 30 km (19 miles), wrote research lead Long Guilu in Nature. The work could eventually lead to hack-proof communication, as any eavesdropping attempt on a quantum line can be instantly detected. QSDC uses the principal of entanglement to secure networks. Quantum physics dictates that entangled particles are linked, so that if you change the property of one by measuring it, the other will instantly change, too -- effectively making hacking impossible. In theory, the particles stay linked even if they're light-years apart, so such systems should work over great distances. The same research team set the previous fiber record, and devised a "novel design of physical system with a new protocol" to achieve the longer distance. They simplified it by eliminating the "complicated active compensation subsystem" used in the previous model. "This enables an ultra-low quantum bit error rate (QBER) and the long-term stability against environmental noises." As a result, the system can withstand much more so-called channel loss that makes it impossible to decode encrypted messages. That in turn allowed them to extend the fiber from 28.3km to the record 102.2 km distance. "The experiment shows that intercity quantum secure direct communication through the fiber is feasible with present-day technology," the team wrote in Nature.

Read more of this story at Slashdot.

Arqit says its encryption system can't be broken by quantum computers, but former employees and people outside the company question the relevance of its technology. The Wall Street Journal: A U.K. cybersecurity startup rocketed to a multibillion-dollar valuation when it listed publicly last fall on the promise of making encryption technology that would protect the defense industry, corporations and consumers alike from the prying eyes of next-generation computer systems. Founder and Chief Executive David Williams told investors at the time that his company, Arqit Quantum had an "impressive backlog" of revenue and was ready "for hyperscale growth." But Arqit has given investors an overly optimistic view of its future revenue and the readiness and workability of its signature encryption system, according to former employees and other people familiar with the company, and documents viewed by The Wall Street Journal. While the company says it has a solution to a quantum-computing security challenge that U.S. intelligence last year said "could be devastating to national security systems and the nation," government cybersecurity experts in the U.S. and the U.K. have cast doubt on the utility of Arqit's system. Arqit's stock price reached its highest level to date of $38.06 on Nov. 30 and has since fallen, to $15.06 on April 14, amid a broad pullback of young tech stocks. When the company secured its Nasdaq listing last autumn, its revenue consisted of a handful of government grants and small research contracts, and its signature product was an early-stage prototype unable to encrypt anything in practical use, according to the people. The encryption technology the company hinges on -- a system to protect against next-generation quantum computers -- might never apply beyond niche uses, numerous people inside and outside the company warned, unless there were a major overhaul of internet protocols. Arqit disputed that its encryption system was only a prototype at the company's market debut. "This was a live production software release and not a demonstration or trial," said a company representative. "It was being used by enterprise customers on that day and subsequently for testing and integration purposes, because they need to build Arqit's software into their products."

Read more of this story at Slashdot.

David Spirk, the chief data officer for America's Department of Defense, "called for the Pentagon to make urgent investments to defend against potential espionage from quantum computers" that could crack the encryption on sensitive data, Bloomberg reports: "I don't think that there's enough senior leaders getting their heads around the implications of quantum," Spirk said. "Like AI, I think that's a new wave of compute that when it arrives is going to be a pretty shocking moment to industry and government alike." "We have to pick up pace because we have competitors who are also attempting to accelerate," he added. Spirk's comments come amid warnings that U.S. adversaries, particularly China, are aggressively pursuing advanced technologies that could radically accelerate the pace of modern warfare. China is investing in AI and quantum sciences as part of its plan to become an innovation superpower, according to the Pentagon's latest annual report to Congress on China's military power. China is "at or near the lead on numerous science fields," including AI and quantum, it said. The National Security Agency, meanwhile, said last year that the adversarial use of a quantum computer "could be devastating" to the U.S. and its national security systems. The NSA said it could take 20 years or more to roll out new post-quantum cryptography that would resist such code-cracking. Tim Gorman, a spokesperson at the Pentagon, said the Department of Defense was taking post-quantum cryptography seriously and coordinating with Congress and across government agencies. He added there was "a significant effort" underway. A January presidential memo further charged agencies with establishing a timeline for transitioning to quantum resistant cryptography.

Read more of this story at Slashdot.

Corin Faife writes via The Verge: On March 24th, EU governing bodies announced that they had reached a deal on the most sweeping legislation to target Big Tech in Europe, known as the Digital Markets Act (DMA). Seen as an ambitious law with far-reaching implications, the most eye-catching measure in the bill would require that every large tech company -- defined as having a market capitalization of more than 75 billion euros or a user base of more than 45 million people in the EU -- create products that are interoperable with smaller platforms. For messaging apps, that would mean letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS -- which security experts worry will undermine hard-won gains in the field of message encryption. The main focus of the DMA is a class of large tech companies termed "gatekeepers," defined by the size of their audience or revenue and, by extension, the structural power they are able to wield against smaller competitors. Through the new regulations, the government is hoping to "break open" some of the services provided by such companies to allow smaller businesses to compete. That could mean letting users install third-party apps outside of the App Store, letting outside sellers rank higher in Amazon searches, or requiring messaging apps to send texts across multiple protocols. But this could pose a real problem for services promising end-to-end encryption: the consensus among cryptographers is that it will be difficult, if not impossible, to maintain encryption between apps, with potentially enormous implications for users. Signal is small enough that it wouldn't be affected by the DMA provisions, but WhatsApp -- which uses the Signal protocol and is owned by Meta -- certainly would be. The result could be that some, if not all, of WhatsApp's end-to-end messaging encryption is weakened or removed, robbing a billion users of the protections of private messaging. Given the need for precise implementation of cryptographic standards, experts say that there's no simple fix that can reconcile security and interoperability for encrypted messaging services. Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Cryptographic keys generated with older software now owned by technology company Rambus are weak enough to be broken instantly using commodity hardware, a researcher reported on Monday. This revelation is part of an investigation that also uncovered a handful of weak keys in the wild. The software comes from a basic version of the SafeZone Crypto Libraries, which were developed by a company called Inside Secure and acquired by Rambus as part of its 2019 acquisition of Verimatrix, a Rambus representative said. That version was deprecated prior to the acquisition and is distinct from a FIPS-certified version that the company now sells under the Rambus FIPS Security Toolkit brand. Researcher Hanno Bock said that the vulnerable SafeZone library doesn't sufficiently randomize the two prime numbers it used to generate RSA keys. (These keys can be used to secure Web traffic, shells, and other online connections.) Instead, after the SafeZone tool selects one prime number, it chooses a prime in close proximity as the second one needed to form the key. "The problem is that both primes are too similar," Bock said in an interview. "So the difference between the two primes is really small." The SafeZone vulnerability is tracked as CVE-2022-26320. Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat's factorization method. French mathematician Pierre de Fermat first described this method in 1643. Fermat's algorithm was based on the fact that any number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn't feasible when factors are truly random and hence far apart. The security of RSA keys depends on the difficulty of factoring a key's large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q). When P and Q are known publicly, the key they make up is broken, meaning anyone can decrypt data protected by the key or use the key to authenticate messages. So far, Bock has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys belong to printers originally branded as Fuji Xerox and now belonging to Canon. Printer users can use the keys to generate a Certificate Signing Request. The creation date for the keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351. Bock also found four vulnerable PGP keys, typically used to encrypt email, on SKS PGP key servers. A user ID tied to the keys implied they were created for testing, so he doesn't believe they're in active use. Bock said he believes all the keys he found were generated using software or methods not connected to the SafeZone library. If true, other software that generates keys might be easily broken using the Fermat algorithm. It's plausible also that the keys were generated manually, "possibly by people aware of this attack creating test data." The researcher found the keys by searching through billions of public keys that he either had access to, were shared with him by other researchers, or that were available through certificate transparency programs. UPDATE: The headline incorrectly stated that a "600-Year-Old Algorithm" was used. It's been changed to "379-Year-Old-Algorithm" to reflect the updated headline on Ars.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Cryptographic keys generated with older software now owned by technology company Rambus are weak enough to be broken instantly using commodity hardware, a researcher reported on Monday. This revelation is part of an investigation that also uncovered a handful of weak keys in the wild. The software comes from a basic version of the SafeZone Crypto Libraries, which were developed by a company called Inside Secure and acquired by Rambus as part of its 2019 acquisition of Verimatrix, a Rambus representative said. That version was deprecated prior to the acquisition and is distinct from a FIPS-certified version that the company now sells under the Rambus FIPS Security Toolkit brand. Researcher Hanno Bock said that the vulnerable SafeZone library doesn't sufficiently randomize the two prime numbers it used to generate RSA keys. (These keys can be used to secure Web traffic, shells, and other online connections.) Instead, after the SafeZone tool selects one prime number, it chooses a prime in close proximity as the second one needed to form the key. "The problem is that both primes are too similar," Bock said in an interview. "So the difference between the two primes is really small." The SafeZone vulnerability is tracked as CVE-2022-26320. Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat's factorization method. French mathematician Pierre de Fermat first described this method in 1643. Fermat's algorithm was based on the fact that any number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn't feasible when factors are truly random and hence far apart. The security of RSA keys depends on the difficulty of factoring a key's large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q). When P and Q are known publicly, the key they make up is broken, meaning anyone can decrypt data protected by the key or use the key to authenticate messages. So far, Bock has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys belong to printers originally branded as Fuji Xerox and now belonging to Canon. Printer users can use the keys to generate a Certificate Signing Request. The creation date for the keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351. Bock also found four vulnerable PGP keys, typically used to encrypt email, on SKS PGP key servers. A user ID tied to the keys implied they were created for testing, so he doesn't believe they're in active use. Bock said he believes all the keys he found were generated using software or methods not connected to the SafeZone library. If true, other software that generates keys might be easily broken using the Fermat algorithm. It's plausible also that the keys were generated manually, "possibly by people aware of this attack creating test data." The researcher found the keys by searching through billions of public keys that he either had access to, were shared with him by other researchers, or that were available through certificate transparency programs. UPDATE: The headline incorrectly stated that a "600-Year-Old Algorithm" was used. It's been changed to "379-Year-Old-Algorithm" to reflect the updated headline on Ars.

Read more of this story at Slashdot.

Messenger has fully rolled out end-to-end encryption (E2EE) to everyone, with toggles to encrypt text messages as well as group chats and calls. As The Verge notes, Messenger first added E2EE in 2016 back when it was still called Facebook Messenger and Meta was still Facebook. "Meta has discussed switching to E2EE as a default, but that may not happen until next year at the earliest, as some regulators claim this would harm public safety," adds The Verge. From the report: There are two ways Messenger users can opt in to the secure chats, either via vanish mode, by swiping up on an existing chat to enter one where messages automatically disappear when the window is closed or the original version that was introduced in 2016 as Secret Conversations. You can turn that on by toggling the lock icon when you start a new chat. In addition to a full rollout of the feature, Messenger has some new features to enable as well. Now, in end-to-end encrypted chats, you can use GIFs, stickers, reactions, and long-press to reply or forward messages. The encrypted chats also now support verified badges so that people can identify authentic accounts. You can also save media exchanged in the chats, and there's a Snapchat-style screenshot notification that will be rolling out over the next few weeks.

Read more of this story at Slashdot.

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. From the report: One key objective: mobilizing public opinion against Facebook's decision to encrypt its Messenger app. The Home Office has hired the M&C Saatchi advertising agency -- a spin-off of Saatchi and Saatchi, which made the "Labour Isn't Working" election posters, among the most famous in UK political history -- to plan the campaign, using public funds. According to documents reviewed by Rolling Stone, one the activities considered as part of the publicity offensive is a striking stunt -- placing an adult and child (both actors) in a glass box, with the adult looking "knowingly" at the child as the glass fades to black. Multiple sources confirmed the campaign was due to start this month, with privacy groups already planning a counter-campaign.

Read more of this story at Slashdot.

JoeyRox shares a report from CNBC: Federal investigators claimed to access encrypted Signal messages used to help charge the leader of the Oath Keepers, an extremist far-right militia group, and other defendants in a seditious plot on Jan. 6, 2021. It's not clear how investigators gained access to the messages. One possibility is that another recipient with access to the messages handed them over to investigators. The complaint references group messages run on the app, so it's possible another participant in those chats cooperated.

Read more of this story at Slashdot.

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...." Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message. There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people. Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity. The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so. "Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Record: A recently discovered FBI training document shows that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr. The document, obtained earlier this month following a FOIA request filed by Property of the People, a US nonprofit dedicated to government transparency, appears to contain training advice for what kind of data agents can obtain from the operators of encrypted messaging services and the legal processes they have to go through. Dated to January 7, 2021, the document doesn't include any new information but does a good job at providing an up-to-date summary of what type of information the FBI can currently obtain from each of the listed services. [...] While the document confirms that the FBI can't gain access to encrypted messages sent through some services, the other type of information they can glean from providers might still help authorities in other aspects of their investigations. The content of the document, which may be hard to read due to some font rendering issues, is also available in the table [embedded in the article]. Of note, the table above does not include details about Keybase, a recent end-to-end encrypted (E2EE) service that has been gaining in popularity. The service was acquired by video conferencing software maker Zoom in May 2020.

Read more of this story at Slashdot.