I'm running an OnionShare receive mode server in a Qubes AppVM on a desktop computer that I'll just leave online for a long time.
It's not quite stable yet, but here's the work-in-progress pull request: https://github.com/micahflee/onionshare/pull/695
Anyway want to try sending me some files, anonymously and securely? Load this address in Tor Browser: http://uxhsndx5d3ufxqoj.onion/
For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.
I wrote about my experience and methodology here: https://theintercept.com/2018/04/28/computer-malware-tampering/
If you're going to Hackers on Planet Earth in NYC next weekend, check out my talk! It's Friday at 3pm.
Qubes OS: The Operating System That Can Protect You Even If You Get Hacked
Police raids Show more
German police raided homes of members of a privacy group that runs Tor exit nodes.
Their excuse was an unrelated blog called for violence at a right-wing event, this blog uses Riseup email, and the privacy group handles European donations for Riseup.
Super interesting paper and presentation on recent mix-net research. They propose a new anonymous communication system called Loopix which is secure against global passive adversaries (which Tor isn't secure against) https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/piotrowska
Meet the open-source Twitter bot to help you surface stories on anything, developed by @xor https://freedom.press/news/meet-open-source-twitter-bot-help-you-surface-stories-anything/
It currently powers the FOIAFeed birdsite bot, which posts news articles that are based on documents from Freedom of Information Act or other public records: https://twitter.com/FOIAFeed
Here is the source code: https://github.com/freedomofpress/trackthenews
"Deep in your innermost being, you’ve always known you were destined to learn Clojure. Every time you held your keyboard aloft, crying out in anguish over an incomprehensible class hierarchy; every time you lay awake at night, disturbing your loved ones with sobs over a mutation-induced heisenbug; every time a race condition caused you to pull out more of your ever-dwindling hair, some secret part of you has known that there has to be a better way."
Should I take the first step?
Just opened a pull request for SKS Keyserver that fixes a "wontfix" bug. Let's hope they merge it!
@micahflee Another SKS bug. Anyone can make a key unimportable: try `gpg --keyserver pgp.mit.edu --recv-keys 0x4F3F50786C401DCE`, it will fail. Also see https://pgp.mit.edu/pks/lookup?op=vindex&search=0x4F3F50786C401DCE
Pushed a fake UID to SKS keyserver signing key: https://pgp.key-server.io/search/0x41259773973A612A Source code (crawler next up): https://gitlab.com/yegortimoshenko/sks-tools (cc @micahflee)
I recently had someone contact me asking if my PGP key was safe to use because there appears to be a user id called "Dontuseee" on it -- it's actually a malicious user id that someone else added, not signed by key.
It prompted me to re-read this bug report that would be trivial to fix, but the sks keyserver devs *refuse* to make PGP simpler to to use at all, so instead they marked it wontfix.
#Error451 this week: @micahflee of @theintercept breaks down #Efail, safer practices with #Encryption, threat modeling and explains a bit about the future of encryption in the face of #QuantumComputing.
Police broke into Chelsea Manning's home with guns drawn last week during a 'wellness check' after she posted, then quickly deleted, seemingly suicidal tweets. She provided us with security footage of the armed raid.
Luckily she wasn't home at the time and she's safe. Here is the video and more info: https://theintercept.com/2018/06/05/chelsea-manning-video-twitter-police-mental-health/
Whatever you think of the Trump-Russia investigation, whistleblower Reality Winner deserves your support
Reality Winner has been in jail for a year. Her prosecution is unfair and unprecedented.
5 years on, US government still counting Snowden leak costs
After giving the PGP ecosystem time to fix the EFAIL vulnerabilities, EFF believes it's safe to use PGP in the latest Thunderbird and Enigmail, with HTML email disabled https://www.eff.org/deeplinks/2018/05/how-turn-pgp-back-safely-possible
Why the Alt-Right Thinks Porn is a Jewish Conspiracy
What It’s Like When Elon Musk’s Twitter Mob Comes After You https://www.thedailybeast.com/what-its-like-when-elon-musks-twitter-mob-comes-after-you
Yesterday I got block by WikiLeaks on Twitter, lol