Nedelne rano @nedelne_rano@mastodon.opencloud.lu

Do you know you can use Google Fonts without Google tracking your visitors and stealing the metrics?

https://git.occrp.org/libre/fonts-degooglifier

That moment when you test in production and deploy it on Friday

Public archive of police files in size of 57 TB.

Good job OCCRP

https://www.occrp.org/en/62-press-releases/11170-police-files-in-kuciak-murder-to-be-opened-to-journalists

Frontex, the EU border agency, have cancelled plans to give up to €400,000 to a surveillance company to spy on the social media of migrants and “civil society and diaspora communities in destinations (EU)”.

https://privacyinternational.org/long-read/3288/privacywins-eu-border-guards-cancel-plans-spy-social-media-now

https://www.nytimes.com/2019/10/15/opinion/facial-recognition-police.html

Breaking Trusted Execution Environment (TEE) for mobile devices backed by ARM hardware-based access control

https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/

Celebrating 100k uploaded keys on Hagrid :)

https://keys.openpgp.org/about/news#2019-11-12-celebrating-100k

Following are cipher suites that is being used for encryption in all pEp projects:

1 Curve25519
2 NIST P-256
3 NIST P384
4 NIST P521
5 RSA 2K
6 RSA 3K
7 RSA 4K
8 RSA 8K

Depending on the project, users will be able to choose themselves the cipher suite they want to use.

https://sequoia-pgp.org/status/#algorithms

Is RSA 2k enough to use as default cipher suite? If not, can you write some reasoning?

#encryption #algorithms #RSA #Curve25519 #pEp

Encryption, a necessary evil or an underrated necessity?

breakfast@Luxembourg

https://securitymadein.lu/events/cybersecurity-breakfast-32-standardized-security-assessment-for-startups-1/

pEp for iOS will be released in November, I like how it syncing the private keys between multiple devices already

A Manifesto for the Self-Empowerment of Internet Users

https://webisours.github.io/

We, the signatories of this manifesto, are firmly convinced that the Internet can and must be owned by the users. This requires trustworthy communication technology, which:

Guarantees the privacy and rights of users by technical means.
Is developed under an approved free and open source license.
Is solely run de-centrally and collectively by the users.
...

Nice article about readability of the privacy policies

https://www.nytimes.com/interactive/2019/06/12/opinion/facebook-google-privacy-policies.html

Testing p≡p OpenPGP private key synchronisation protocol between multiple iOS, Windows and Android devices and it works great :)
Linux and OSX testing in the queue.

I can read and write encrypted emails on all devices finally with the same private/public key and 1 click setup.

p≡p for Thunderbird Plugin is now alpha

https://pep-security.lu/dev/repos/pEp_for_Thunderbird

Google doesn't want to give access to Gmail for pEp apps, because they are not email clients but security and privacy apps. Security and privacy apps are not allowed to access Gmail under Google user data policy.

pEp apps will drop support for key servers in the upcoming releases.

Only peer2peer key exchange will be supported.

Encryptioneurope.eu

Reading few recent articles about so called experts recommending What'sApp or Signal instead of GPG.

How is centralized service, without possibility to federate supposed to be better?

Or better how could ever be completely closed source service managed by Facebook with new privacy violations every week be better?

Someone should teach the journalists the differences..

It seems that pEp email clients will loose access to Gmail accounts bcs Google is too slow to verify the apps.

I'd suggest to switch from Gmail to selfhosted email.

Testing Sequoia encryption/decryption speed. Results are significantly better than GnuPG. Time to switch your projects from GnuPG to Sequoia.

https://web.pep.security/Sequoia.bench.pdf

https://sequoia-pgp.org

#PGP #GnuPG #Sequoia #encryption