It's obvious they spy on your mails! 🤦♂️
Indeed, in case of crash, they even send to "their" #AWS servers a memory dump that contains sensitive data crash reports.
This likely include, your emails in clear, your private encryption keys¹ and everything else the program has loaded and kept in memory.
What does this means for an hypothetical attacker that can access such reports?
I mean... like a #USA agency arguing that you might be a terrorist or something.
Oh but sure... they shall do no evil...
I was hoping investigative journalists start investigating malware vendors and APTs for years.
And I do hope that this project will lead to malware vendors and APTs thinking twice (or more) before they target a journalist or activist in the future.
A great piece on cryptography and email, specifically PGP/GPG.
QT nwalfield: New blog post: Yes, We Want Cryptographic Protection for Email https://sequoia-pgp.org/blog/2021/06/29/202106-yes-we-want-cryptographic-protection-for-email/ #pgp #gpg
#GnuPG 2.2.29 (LTS) is available. It has a few regessions from 2.2.28 fixed and changes the the default keyserver to keyserver.ubuntu.com (temporarily).
https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html As you may know the old SKS keyserver network was attacked and withers out. The future is for https://wiki.gnupg.org/WKD and upcoming new keyserver software like hockeypuck. E.g. there are some candidate public keyservers you could try
https://lists.gnupg.org/pipermail/gnupg-users/2021-June/065278.html #EndtoEndCrypto #FreeSoftware #EmailSecurity #FileSecurity
Perhaps there is no perfect way to convey how absurdly obscene it is that a single person can "have" over a hundred billion dollars.
But "You Are Jeff Bezos" is damn close:
Also, perhaps there is no perfect way to satirize #DonaldTrump.
My little parody of the aforementioned game is definitely not even close:
Rust GCC Backend was officially merged in the compiler.
For the record it’s possible to implement Double-Ratchet scheme using pure OpenPGP thus avoiding issues with libsignal: https://sequoia-pgp.gitlab.io/openpgp-dr/openpgp_dr/index.html
Freie Software für automatische Mailverschlüsselung (Android, iOS, Outlook & Thunderbird): 👉 https://pep.software
Artikel @firstname.lastname@example.org: 👇
@nwalfield Services started during the mobile first era take the approach of replacing e-mail with phone number as a trust anchor.
While appealing at a first look, this is horrible in all aspects related to pseudonymous identity management or protection against nation state adversaries.
I work on Sequoia, a project to improve the OpenPGP ecosystem.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!