@kylerankin Imagine having 5 different web browsers you had to switch between depending on which website you wanted to visit. If these same orgs had their way, you would (and that's largely what phone apps have become).
I dismissed this product until I realized it's probably the only way to get work done in a modern office with an open floor plan. It's basically a cubicle for your face: https://www.neatorama.com/2018/10/18/Human-Blinders-Block-Out-Distractions/
Google confirms it is building a censored Chinese search engine: https://www.washingtonpost.com/technology/2018/10/16/google-really-is-trying-build-censored-chinese-search-engine-its-ceo-confirms/
@kylerankin Sadly, current e2e msg apps, including Signal, built a world *worse* than CAs in this respect. If WhatsApp backdoors e2e for ad data or for govts (why not both?), to revoke trust you must convince all your friends to revoke trust, or else fall back to insecure SMS.
@kylerankin Applied to CAs, this means if a CA violates your trust, you should be able to revoke your trust in them but still be able to browse the web securely. And if you don't trust, say, Verisign's CA, you can anchor your trust in another vendor and web browsing is secure.
As someone who spends a lot of time working on Heads and thinking about BIOS tampering, it's interesting to read about examples of UEFI/BIOS hacking in the wild: #infosec https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
The thing I am most excited about with the Librem Key is its integration with Heads to make detecting tampering easy. It's something that doesn't exist anywhere else and in this deep dive post I explain the technical details. #infosec https://puri.sm/posts/the-librem-key-makes-tamper-detection-easy/
"Twitter bug sent user direct messages to third-party developers for over a year" #infosec #privacy https://techcrunch.com/2018/09/21/twitter-bug-sent-user-direct-messages-to-developers-for-over-a-year/
Check out the review of the Librem Key by Alessandro Castellani - https://www.youtube.com/watch?v=J4P7RFNHkN4! We'd love to hear your feedback. Remember you can ask questions at https://forums.puri.sm/t/introducing-the-librem-key/3853 #infosec
@kylerankin Put yet another way: what good is e2e encryption if your vendor has remote root onto the endpoint?
I'd be curious to know how many people within Apple and Google have this remote control power, the checks on that power, and what scenarios constitute an "emergency" to remotely take over someone's phone. https://www.cnet.com/news/10-years-later-google-still-has-the-creepy-ability-to-remotely-control-a-phone/
Google's China search engine features a censorship blacklist that "included terms such as “human rights,” “student protest,” and “Nobel Prize” in Mandarin." and makes it easy to link searches to individuals: https://theintercept.com/2018/09/14/google-china-prototype-links-searches-to-phone-numbers/
Looking at the current state of tech it's easy to conclude that people don't care about #privacy. I have to remind myself that people *do* care, they just feel powerless to do anything about it.
Linux sysadmin and security geek, author of Linux Hardening in Hostile Networks, and Linux Journal columnist. CSO at Purism
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!