Why I say Linux instead of GNU/Linux

Posted September 18, 2015 in drama linux openpgp

I’ve been writing a computer security column for the Intercept. In most of my columns I mention Linux. Even when it’s not directly relevant (though it often is), most of my columns are in the form of tutorials, and I’d like my tutorials to be equally useful for Linux users as they are for Windows and Mac users.

Continue reading →

Transitioning PGP keys

Posted August 17, 2015 in crypto

I’m switching from my old key:

Continue reading →

Fact-checking Pando’s smears against Tor

Posted December 11, 2014 in drama tor

If you’ve been able to ignore Pando Daily’s 100% non-technical smear campaign against the Tor Project and its developers and supporters, you’re lucky, and you may wish to stop reading now. Otherwise, read on, and perhaps prepare to lose a few brain cells.

Yasha Levine’s “investigation” against Tor unveiled what’s already prominently displayed on Tor’s website: that it was designed by the Navy and that it receives a lot of federal funding, the bulk of which comes from the Department of Defense.

Continue reading →

Security Advisory: Upgrade to OnionShare 0.4 Immediately

Posted July 16, 2014 in advisory onionshare

Yesterday Jacob Appelbaum discovered an input sanitation bug in OnionShare 0.3. It is now fixed, and you should upgrade to the latest version before using it again. You can download the latest version from https://onionshare.org/.

Continue reading →

The Universe Believes in Encryption

Posted June 5, 2014 in crypto

Our universe is built out of mathematics. Humans have been learning, discovering, and using mathematics for thousands of years because it’s the only thing that can accurately describe what happens around us. The laws of physics are written in mathematics, and they cannot be broken.

One year ago today the Snowden revelations began. Since then there has been a flood of calls for reform. A federal judge called the NSA “almost Orwellian”. Congress and President Obama have admitted that bulk surveillance of Americans is wrong and should end. But so far we haven’t seen real reform in the US, and we might never see it. Even if the US does pass meaningful surveillance reforms the problem won’t be solved. There are billions of people all over the world that rely on the Internet, and their privacy will continue to get violated by governments around the world.

Continue reading →

Using Tor Browser Launcher in Qubes

Posted May 9, 2014 in tor qubes

I maintain a piece of software called Tor Browser Launcher. It takes care of downloading Tor Browser Bundle for you, verifying the gpg signature, making sure you’re always using the latest version of Tor Browser, and making it easier to launch.

I originally only made Tor Browser Launcher work in Debian-based distributions, but since the default templates in Qubes are based on Fedora, I recently ported it to RPM-based distributions as well. Here’s how to set it up.

Continue reading →

Dual-booting Qubes and Ubuntu with Encrypted Disks

Posted April 23, 2014 in crypto linux security qubes

Qubes is my preferred operating system, but occasionally you need to run something else. It’s hard to get certain hardware working the way you expect in Qubes, like webcams or non-disk USB devices. And Qubes VMs don’t support 3D acceleration, which you might occasionally need. You also can’t run VirtualBox inside of Qubes. You normally don’t have any reason to do this, except for very specific cases, like software development with Vagrant.

So here are instructions for how to dual-boot Qubes R2 rc1 and Ubuntu 14.04 LTS, using disk encryption for both. You should be able to adopt this same technique to dual-boot pretty much any two GNU/Linux distros with disk encryption. Keep in mind that if you’re booted into Ubuntu and you get owned, it’s possible for the attacker to then compromise Qubes. (You have to get really, really, really owned for an attacker who compromised Qubes to then compromise Ubuntu.)

Continue reading →

The Operating System That Can Protect You Even if You Get Hacked

Posted April 10, 2014 in security linux qubes

This was originally published on the Freedom of the Press Foundation’s blog.

We wrote about the importance of the Tails operating system to all of the NSA journalists last week, but there’s also another little-known operating system that journalists should consider using if they find themselves in high-risk scenarios. It’s called Qubes.

I’ve only been using Qubes for a few weeks, but I feel like my operating system is now a digital fortress. Let me try to explain why, and how Qubes differs from Tails.

Continue reading →

Ubuntu is finally taking privacy seriously

Posted April 3, 2014 in linux

Update: A couple people have pointed out that the privacy changes won’t actually take affect in 14.04, which means that fixubuntu.com will still be necessary until at least 14.10, which will be released in October. Oops.

In October 2012, Canonical made a horrible mistake. They included a “feature” in Ubuntu 12.10 that has been widely considered adware and spyware. I blogged about the new Ubuntu’s Amazon ads and data leaks for EFF at the time, with the main ask being that Dash’s online search should be an opt-in feature and not enabled by default.

Continue reading →

Two really simple things Microsoft can do to make Windows more secure against NSA

Posted December 29, 2013 in crypto spies security tor

Thanks to Edward Snowden and journalists at Der Spiegel, today we learned about Tailored Access Operations (TAO), NSA’s world-class hacking team. There was a lot of interesting information in that article (like how they divert shipping of electronics to a secret warehouse where they can modify it to install backdoors!).

But I’m just going to talk about how they use Microsoft error reports to gather private information about Windows computers that can be used to compromise their security — a problem that’s trivially easy for Microsoft to fix.

Continue reading →