Some turtles got together this weekend to hack on a thon—err, for a Group Income hackathon! Continue reading
Dell's Tumble, Google's Fumble, And How Government Sabotage Of Internet Security Works
On Monday, the Internet received another reminder about its sad state of security. It was discovered that Dell decided to compromise their users’ Internet security in a way that’s difficult to top.
As elaborated further in this post, Dell, in tandem with Google, made it possible for anyone on earth, you or me, to break every single type of HTTPS connection that Dell users were making (including HPKP connections)—shiny lock icons be damned. Their reason? Continue reading
Five Open-Source Slack Alternatives
Translations: 中文
Update: We made a huge mistake in forgetting to review Riot — the only Slack alternative based on an open protocol, and the only Slack alternative to support end-to-end encrypted group chats.
Slack is a popular team communications application for organizations that offers group chat and direct messaging for mobile, web, and desktop platforms. While Slack offers many benefits to customers, there are also downsides to using the platform, including high subscription fees and the risk of a massive leak of private data if Slack’s servers are ever breached (again).Today there are a growing number of open-source Slack alternatives available for people who want to avoid the trap of walled gardens and have more control over the security of their data. As part of our own search for a self-hosted Slack alternative, we reviewed the options out there.
Here are five of our favorites: Continue reading
Proof of Transition: New Thin Client Technique for Blockchains
Blockchains are difficult to run on most end-user devices.
Although MITM-proof proxies are a great way to address this problem, they are unlikely to scale well to all Internet users (not everyone will be able to run their own full node). Therefore, most people will need to rely on thin client techniques to reduce the trust placed in such proxies.
Continue readingCertificate Transparency's improved gossip protocols show promise
After publishing our Certificate transparency on blockchains we learned of a recently updated IETF draft proposal that updates how Certificate Transparency (CT)1 gossip protocols work. Continue reading
Certificate transparency on blockchains
This week Google learned of another batch of fraudulently issued certificates for several of their domains. At the end of the post they made a renewed call for Certificate Transparency. In this post, we’ll use the acronym CT to refer to Google’s implementation of the general concept of certificate transparency, and we’ll explore other technologies that also provide it. Continue reading
DNSChain 0.5 Released: HTTPS + Openname Resolver API + More!
DNSChain 0.5 brings about many new features.
It’s important to remember, however, that this project is not really about new bells and whistles. It’s about what kind of a world we want to live in, and for us the answer is clear: we want to live in a free world, and that means addressing these problems:
- The Internet has been turned into a weapon for surveillance, and this has led to mass self-censorship.
- The Internet is being used as a battleground to wage "cyber war". Much of our infrastructure relies on TLS to protect us, but its protection is undermined by X.509, a system that forces everyone online to trust the bad apple.
- Websites rely on TLS/HTTPS to protect them, but it does a very poor job. Even worse, it's common practice for websites to pay for this "non-protection" (although, thanks to StartSSL and Let's Encrypt, it's no longer mandatory to pay).
[Job] Fundraising Genius (Update: Filled!)
Update October 28, 2014: John Light, welcome aboard! Continue reading
The Trouble with Certificate Transparency
Update: March 25, 2015, see also: Certificate transparency on blockchains
Ben Laurie, project lead for Google’s Certificate Transparency (CT), recently published an article wherein he compared CT against various efforts to secure Internet communication world-wide from Man-In-The-Middle Attacks (MITM), including DNSChain.
In it, he made several claims about CT and related topics:
- That CT leads to a situation where "It becomes impossible to misissue a certificate without detection"
- That no one has come up with a way to "effectively revoke self-signed certificates"
- That CT is a "Generally applicable" system where "No one is special" and where everyone "[is] able to participate"
- That CT doesn't introduce trusted third-parties
- That CT doesn't push decisions onto the end user
- That DNSChain wastes energy and "has no mechanism for verification"
And yet, decisions that impact the security of the entire Internet are being made based on these statements. We (the Internet community) need more eyeballs and brains on this.
In this post, I will:
- Give a summary of what Certificate Transparency is
- Explain why Certificate Transparency does not live up to its name
- Respond to Laurie's criticism of DNSChain, Bitcoin, and blockchain systems in general
okTurtles Demo at SOUPS 2014 (EFF CUP Crypto Usability Prize)
Oh boy! Lots of news to share about okTurtles and DNSChain in the upcoming days:
- These projects are now officially under the stewardship of a new non-profit organization called the okTurtles Foundation (more on this coming soon).
- We're going to be moving the site from okturtles.com ➜ okturtles.org
- We gave a very successful demo at SOUPS 2014's EFF CUP workshop (see the video below!)
- Simon Grondin of Unblock.us.org is joining our team to bring awesome new anti-censorship features to DNSChain.
- Development on the okTurtles browser extension is ongoing!
- We're looking forward to working with many of the wonderful people we met at the SOUPS 2014 conference! So many awesome folks in attendance! 😀