More on VPN and End-to-End Encryption

VPNs
One of the most basic forms of encryption that you’re probably familiar with is the Virtual Private Network, or VPN.   There are a variety of different VPNs for different purposes, such as:

• Corporate VPNs that encrypt an entire network’s traffic
• VPNs to connect to corporate servers away from the office (ex. The UA VPN) 
• VPN routers that automatically reroute and encrypt users’ network traffic
• Web or application-based VPNs for personal use

Among the many VPN protocols, IPSec is considered the most secure. In fact, our friend Edward Snowden (or enemy and national traitor, depending on your point of view) has stated that the US Government has yet to crack IPSec, although they have in fact cracked other VPN encryption protocols. Below are a few free IPSec VPN options for personal use:

• CyberGhost

• TotalVPN

• Hotspot Shield (750MB per day limit, which is generous) 

End-to-End Encryption – Things to Know

Here are some examples that have end-to-end encryption technologies in place (with some caveats):

• WhatsApp: The company claims that it does not store messages on its servers, which means it can’t hand over messages if approached by law enforcement officials. 

• iMessage - Apple’s iMessages are end-to-end encrypted, which means they can only be read on users’ phones and the company can’t read them. But, you back up your messages in iCloud, then Apple can read them and could be forced to hand them over to authorities if provided with an appropriate warrant.

• Telegram: Telegram messages can be totally private if you want them to be. The company offers end-to-end encryption if users turn on the app’s “secret chat” feature and thus can’t read those user messages. Regular messages are stored on Telegram’s servers. 

• Signal: Owned by Open Whisper Systems, Signal is also end-to-end encrypted. The company explicitly states on its website that it “does not have access to the contents of any messages sent by Signal users.”

• Line: Line offers end-to-end encryption, but only if both the sender and recipient of a message turn on a feature called “Letter Sealing.” This will encrypt your messages so the company can’t read them, but regular messages without the feature are not end-to-end encrypted and Line may have to hand them over if required by Japanese law.

• Cyber Dust: Cyber Dust messages are encrypted end-to-end and the company claims they never even touch company servers. They’re also deleted from user phones as soon as they’re read (a la Snapchat). That means the company cannot hand over messages to authorities, even if a formal warrant was provided. “Once it’s gone it’s [gone],” CEO Ryan Ozonian told Re/code.

These Companies Can Read Your Messages

• Facebook (Messenger and Instagram):  Both Facebook Messenger and Facebook-owned Instagram encrypt messages only when they are en route between a user’s device and company servers where they are stored. This means Facebook might have to hand over private messages if required by law. 

• Google:  Messages sent via Google Hangouts are also encrypted en route and even on the company’s servers, but Google can still read them if needed. Encrypting the messages while on Google servers is intended to keep others from jacking in and reading them, but Google itself has the encryption key. This means Google might have to hand over private messages if required by law. 

• Snapchat:  Like Google, Snapchat messages are encrypted while at rest on Snapchat’s servers (though the company has the encryption key if needed). Snaps are deleted from the servers as soon as they’re opened by the intended recipients, and Snapchat claims  these delivered messages “typically cannot be retrieved from Snapchat’s servers by anyone, for any reason.” But unopened Snaps are kept on the servers for 30 days before being deleted. That means Snapchat might have to hand over unopened, private messages if required by law. 

• Twitter:  Direct messages on Twitter are not end-to-end encrypted. The company might have to hand over private messages if required by law. 

• Skype:   Microsoft-owned Skype does not offer end-to-end encryption for instant messages. They are stored on Skype’s servers for a “limited time,” which means Skype might have to hand over private messages if required by law.

• and soon, Comcast, Cox, and all IPSs...  (without an end-user agreement).  😱

Why End-to-End Encryption is So Important

Some of you may have read about the Wikileaks hack today (3/7).  But OF ALL THE revelations to come out of the 9,000-page data dump of CIA hacking tools, one of the most explosive is the possibility that the spy agency can compromise Signal, WhatsApp, and other encrypted chat apps. If you use those apps, let’s be perfectly clear: Nothing in the WikiLeaks docs says the CIA can do that.

Here is a great video explaining why end-to-end is so important these days.  (Click on the link; after ad is a video explaining end-to-end).  It's rather predictive of things to come.  But some important end-to-end tools - some of which you may already know about, but others may want you to consider.

Worried About Your Privacy Now? Here’s How to Protect It

Which leads to another recent and interesting piece of news related to encryption the media is using.  "How The Media Are Using Encryption Tools To Collect Anonymous Tips".
Like the video (above - please watch it), the article points out that there there is a renewed interest in leaks since Donald Trump's surprise election victory last fall, and a growth in the use of end-to-end encryption technology, have led news organizations across the country to highlight the multiple high-tech ways you can now send them anonymous tips.

The Washington Post, The New York Times and ProPublica have launched webpages outlining all the ways you can leak to them. ProPublica highlights three high-tech options on its page (in addition tthe Postal Service): the encrypted messaging app Signal, an encrypted email program called PGP (or GPG) and an anonymous file sharing system for desktop computers called SecureDrop. The Washington Post goes even further, highlighting six digital options.  Check this out!

Commenting is encouraged.  If you have nothing to say about this, you probably don't care who can hack your phone, or your laptop, or your text messages.  Just keep doing what you're doing.  Why should you worry?  You've done nothing wrong.

IoT Security

There are a number of good articles on this topic.  For example, Tech Crunch posted an article on "Why IoT Security Is So Critical".   "With the advent of IPv6 and the wide deployment of Wi-Fi networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 40 billion."

There is also the IoT Security Foundation, with links on news and encryption.  From there, there is a link to the 2016 IoT Security Foundation Conference. It includes videos on “Why is IoT Security so Hard and What Can We Do About It? and “Protecting the Connected Car". Great videos for those interested in this topic.

If you are working in this area, or just interested in IoT security in general, check out these links.

Music Licensing

A few of you are looking at music streaming, but some are looking into who is making money in this business.  I found this link on Public Knowledge (PK).  Their mission is to promote freedom of expression, an open internet, and access to affordable communications tools and creative works. They work to shape policy on behalf of the public interest.  PK works at the intersection of copyright, telecommunications, and Internet law, at a time when these fields are converging. PK's experience in all three areas puts it in an ideal position to advocate for policies that serve the public interest. They have a number of focus issues, including broadband privacy, net neutrality, copyright reform, and music licensing (to name but a few).

What's interesting about music licensing, is that you really can't listen to music streaming on most devices without it, but it is in dire need of improvement.  Briefly,

The complexity of music licensing is one of the main impediments to an optimal licensing system, both for compositions and for sound recordings. Another impediment is the impact of consolidation of big corporate rightsholders on the development of new platforms that give more options for independent artists and music fans alike.

PK believes the music distribution system should serve musicians and listeners. 

• Every company in the middle--from record labels to online services--exists to serve those two groups.
• The music licensing system should encourage a competitive, innovative market of new services that are accountable to music fans and musicians. 
• The largest content owners (major labels and publishers) should not take advantage of the current music licensing system to stifle competition and entrench their own gatekeeper positions.

Thus, PK is working for a fairer music marketplace where:

• artists can get their music on the market and receive a fair price for it,
• users can experience the music they want how they want, and
• new services can innovate without being beholden to gatekeepers.

There are some great links on this site.   To learn more check out the following:

• PK submitted these comments to the U.S. Copyright Office about the music licensing marketplace.
• Jodie Griffen (staff attorney, PK) testified for the House Judiciary Committee on the topic of music licensing.
• PK also produced a Copyright Tutorial for Musicians.

What has been your experience with music licensing?  Any comments?

Elon Musk's Hyperloop

Meet the Students Racing to Make Elon Musk’s Hyperloop a Reality.   Saw this article on Wired, and know that some of you are working on this topic.  This is a great article about a global competition, and links about how other countries are getting involved.  Here is a brief description:

If you (somehow) haven’t heard, hyperloop is a proposed long-distance, high-speed transportation system, Tesla and SpaceX CEO Elon Musk mentioned in 2012. Cargo or passengers would ride in pods (size TBD) that run through large tubes (above or underground) in something approaching a vacuum. With minimal air resistance, the pods would levitate above the floor of the tube with almost no friction. Propelled up to 700 mph or more, they could cover the distance between Los Angeles and San Francisco in just 30 minutes—a tantalizing alternative to an expensive flight or day-long slog through highway traffic. You can read way more about how the system works and the competing efforts to make it happen right here.

The articles goes on to explain the competition. In 2015, through SpaceX, Musk launched a global competition asking mainly student teams to give it a whirl. The mandate is to build a practical, safe, scalable, pod. The designs are judged for safety, innovation, and construction, but most really covet the prize for highest speed reached (with the caveat that the pod safely decelerates, too).

“What this was intended to do is encourage innovation in transportation technology,” Musk said on race day. “To get people to do things in a way that isn’t just a repeat of the past.”  Read more to find out what the global teams are doing.  Here is a video of some results: