Scientific American: New Encryption Technique Better Protects Photographs in the Cloud

Scientific American: New Encryption Technique Better Protects Photographs in the Cloud. “This year researchers expect the world to snap 1.35 trillion photographs, or about 3.7 billion per day. All those pixels take up a lot of room if they are stored on personal computers or phones, which is one reason why many people stash their images in the cloud. But unlike a hard drive, which can be encrypted to protect its data, cloud storage users have to trust that a tech platform will keep their private pictures safe. Now a team of Columbia University computer scientists has developed a tool to encrypt images stored on many popular cloud services while allowing authorized users to browse and display their photographs as usual.”

Wired: WhatsApp Fixes Its Biggest Encryption Loophole

Wired: WhatsApp Fixes Its Biggest Encryption Loophole. “Over the next few weeks, WhatsApp will roll out an update that adds end-to-end encryption to backups, should you so choose. Facebook CEO Mark Zuckerberg announced the feature in a Facebook post this morning. It’s a complex solution to a longstanding issue, and one that sets a precedent for companies that don’t want to rely quite so extensively on the security of the world’s handful of dominant cloud providers.”

Wired: ProtonMail Amends Its Policy After Giving Up an Activist’s Data

Wired: ProtonMail Amends Its Policy After Giving Up an Activist’s Data. “As usual, the devil is in the details—ProtonMail’s original policy simply said that the service does not keep IP logs ‘by default.’ However, as a Swiss company, ProtonMail was obliged to comply with a Swiss court’s demand that it begin logging IP address and browser fingerprint information for a particular ProtonMail account.”

TechCrunch: Facebook is bringing end-to-end encryption to Messenger calls and Instagram DMs

TechCrunch: Facebook is bringing end-to-end encryption to Messenger calls and Instagram DMs. “End-to-end encryption (E2EE) — a security feature that prevents third-parties from eavesdropping on calls and chats — has been available for text conversations on Facebook’s flagship messaging service since 2016. Although the company has faced pressure from governments to roll back its end-to-end encryption plans, Facebook is now extending this protection to both voice and video calls on Messenger, which means that ‘nobody else, including Facebook, can see or listen to what’s sent or said.’”

Ars Technica: Stingle is a privacy-focused open source photo backup application

Ars Technica: Stingle is a privacy-focused open source photo backup application. “With Google Photos killing off its Unlimited photo backup policy last November, the market for photo backup and sync applications opened up considerably. We reviewed one strong contender—Amazon Photos—in January, and freelancer Alex Kretzschmar walked us through several self-hosted alternatives in June. Today, we’re looking at a new contender—Stingle Photos—which splits the difference, offering a FOSS mobile application that syncs to a managed cloud.” If you’re interested in the nuances and potential problems with a service like this, Ars Technica is one of the few sites online that generally has an interesting and useful comments section.

Ubergizmo: Facebook Reportedly Researching How To Analyze Your Encrypted WhatsApp Messages

Ubergizmo: Facebook Reportedly Researching How To Analyze Your Encrypted WhatsApp Messages. “According to a report from The Information (paywall), it seems that Facebook is apparently researching ways that they might be able to analyze your messages, even if it was encrypted. We’re not talking about Facebook trying to break their own encryption, but rather to make sense of already-encrypted data and to extract information from it that could in turn be used to help bolster targeted advertising.”

VentureBeat: USC and Stanford launch Starling Lab to protect human rights with decentralization

VentureBeat: USC and Stanford launch Starling Lab to protect human rights with decentralization. “The University of Southern California’s Shoah Foundation and Stanford University have partnered on The Starling Lab, which will be dedicated to using decentralized tools based on cryptography and blockchain to advance the cause of human rights.”

New York Times: The Criminals Thought the Devices Were Secure. But the Seller Was the F.B.I.

New York Times: The Criminals Thought the Devices Were Secure. But the Seller Was the F.B.I.. “The devices, procured on the black market, performed only a single function hidden behind a calculator app: sending encrypted messages and photos. For years, organized crime figures around the globe relied on the devices to orchestrate international drug shipments, coordinate arms and explosives trafficking, and discuss contract killings, law enforcement officials said. Users trusted the devices’ security so much that they often laid out their plans not in code, but in plain language. Unbeknown to them, the entire network was run by the F.B.I.”

Information Age: How Confidential Computing is dispelling the climate of distrust around cloud security

Information Age: How Confidential Computing is dispelling the climate of distrust around cloud security. “In a standard cloud configuration, data is encrypted when it’s ‘at rest’ or ‘in transit’ but the moment that data is processed it is decrypted, leaving it potentially vulnerable. The evaluation of business-critical data migrating to the cloud has increased since the start of the pandemic, heightening concerns about this weakness. Confidential Computing solves this problem in hybrid cloud environments by directing data in use into a hardware-based Trusted Execution Environment (TEE), an area separated from other workloads. Data remains encrypted right up until the application notifies the TEE to decrypt it for processing.”

Priti Patel: Facebook encryption plan ‘must not hamper child protection’ (BBC)

BBC: Priti Patel: Facebook encryption plan ‘must not hamper child protection’. “Facebook’s plans to roll out encryption across its messaging services could jeopardise ongoing work to combat child abuse, the Home Secretary is to warn. Such encryption means only the sender and recipient can read messages. ‘We cannot allow a situation where law enforcement’s ability to tackle abhorrent criminal acts and protect victims is severely hampered,’ Priti Patel will tell a charity-hosted event.”

ZDNet: The good and the bad with Chrome web browser’s new security defaults

ZDNet: The good and the bad with Chrome web browser’s new security defaults. “First, the good news. Starting with the mid-April release of Google’s Chrome 90 web browser, Chrome will default to trying to load the version of a website that’s been secured with a Transport Layer Security (TLS). These are the sites that show a closed lock in the Chrome Omnibox, what most of us know as the Chrome address (URL) bar. The bad news is that just because a site is secured by HTTPS doesn’t mean it’s trustworthy.”

Politico: The Pentagon had an email security problem. The pandemic fixed it.

Politico: The Pentagon had an email security problem. The pandemic fixed it.. “In December, the Pentagon quietly adopted a security measure for ensuring that its email conversations with outsiders would be encrypted — more than a decade after many private companies and other institutions had done the same. Attempts to permanently fix the flaw didn’t gain momentum until last year, when DoD officials realized that the weakness was exposing electronic conversations with a host of civilian agencies and companies developing Covid-19 vaccines.”