Archive | April, 2015

End-To-End Web Crypto: A Broken Security Model

End-to-end encryption of web services is increasingly popular: Mailvelope aims to bolt a PGP client onto webmail and both Yahoo and Google are working to add support directly. However, the fundamental nature of the web and the limits of human cognition make web-based E2E encryption susceptible to MITM attacks.  While still potentially useful, such systems should not […]

Debunking okTurtles, DNSChain, & Unblock.us

okTurtles, DNSChain, and Unblock.us.org form a software stack that is being sold as a panacea to online surveillance and DNS censorship.  This hyperbolic marketing is disingenuous if not dangerous.  I would like to outline exactly what each piece of software does and how the stack relates to the field as a whole. (more…)

Powered by WordPress. Designed by WooThemes