Cryptography/privacy general

package signatures were implemented*

>There just aren't any other messaging services that have been reviewed by a third party, until someone looks at wire I'm going to trust moxies judgement.

Yeah thats true. I recommend XMPP or IRC encrypted with GnuPG

>Not forward secure, so utterly user unfriendly that you'll probably make a mistake and compromise yourself.

Thats where your research and effort comes in. I use Kleopatra for easier use.

no phone or at least no "smart" phone if you're paranoid, else use Cyanogenmod as an android version (without the google apps package).

The double-edge of going with a dumbphone is that you obviously can't encrypt any of your communication from it.

The problem with the security world is that there are certain people that somehow got elevated to godlike status and no one even think of going against them.
Moxie, the jew commie motherfucker, marlinspike is one of them.
The best freedom respecting instant messaging app is Conversations.

thingsandroidusersactuallybelieve.txt

That's more of a problem. The NSA/CIA doesn't spy on American citizens, only on foreigners and foreign nations

Yea his intolerance of other implementations is a little unusual but calling him a shill for google is extreme and unfounded. He stated his reasons for the web sockets implementation and f-droid, stop muddying the waters.

I think he's just a little jaded and tired of other people ignoring or writing over his work, that doesn't mean he's a sellout.

>The NSA/CIA doesn't spy on American citizens, only on foreigners and foreign nations
Ahahahahahahahahahahahaha

Didn't showden show the exact opposite?

>he forgot usbkill
dumbass
the cops will get your cp

>2013+3
>still believing this
Get it together user.

The problem with the security world(and open source communities in general) is the existence of fuckwits like you who think your baseless opinion are important enough to derail legitimate discussions and forums. If you want to call people jews or nigger and get nothing done go to pol.

Moxie why don't you go back sucking Google's circumcised cock?

its a meme.
Thermite on the other hand is not but its expensive.
>cp
nice meme.
But its probably some abstract disorder for me. I cannot enjoy anything if it has to do with tracking DRM or in some cases nonfree software.
Seeing friends logged into a google acc on their phone leaves a bad taste in my mouth

>its a meme.
sure, if you're retarded.
how is crashing your computer with no survivors just by pulling a USB drive a meme?

At least it doesnt have AI and 20 sensors that track you (gps, fingerprint, heartrate, browsing habits, you name it)

the disk in your hdd will be still readable.
your RAM might be still vurnable to ColdBoot.

If you are scared of actual raids investing in thermite is a good idea

this is not the case for me fortunately

>encrypt disk
>usbkill wipes ram on crash
do you even know what it is?

Doesn't rule41 apply to european citizens too?

Like, if you are being investigated for anything, they can ask the ISP if you use Tor or VPN and if you do, you get raided? It's fucking insane.

So the only way to not get raided is to not be investigated? I don't think I have done anything wrong, but for example imagine you fuck up on your taxes or something, the goverment asks the ISP if I use Tor or VPN, and I get raided because I didn't properly do my taxes. It's fucking ridiculous.

What is the best OS to open sensitive material?
I have a windows 7 installation in a HDD that I never use, and unplug modem when I access it.
Should I encrypt the entire HDD with veracrypt or truecrypt? And what's the point of encrypting if you are forced to tell your pass to authorities anyway?

>what's the point of encrypting if you are forced to tell your pass to authorities anyway?
don't be a britcuck.

>this is not the case for me fortunately
If you ever used VPN or Tor its the case for anyone after rule 41. Again, you may commit a crime and you don't even know it, and you get raided.

>Cryptography/privacy general
>doesn't mention anything specific about encryption
why not just put privacy general?

also I've made an encrypted chat/server service it's currently using RSA but I want to make it have groupchats what's a good way to do this? my current thinking is having one keypair for each groupchat or maybe switching encryption to FiSHLiM - what should I use if the attackers are hackers and not government agencies?

Im not, but I think every country will eventually have that law.

Maybe the plausible deniability hidden volume shit? Im not sure how that even works desu. Can you do that for an entire HDD?

This thread is pure autism!

>why not just put privacy general?
My own ignorance, and hoping to see some Sup Forumsents bring encryption to the conversation. I will try to include more encryption info and a more comprehensive list of software options should I create a thread like this in the future.

don't live in any of the countries that have those laws then.

it's very rare Sup Forums talks about actual cryptography outside of /dpt/ all memes aside try reddit, /r/cryptography /r/ciphers /r/codes /r/privacy - you'll get more responses, just make sure to read rules before posting

I dont use tor because i dont have business there also its a surefire way to get flagged at NSA HQ.

Also im not American and my goverment is too poor/stupid to monitor us 24/7

if its a serious project just use libGnuPg and be done with it.

>The NSA/CIA doesn't spy on American citizens

And you say this even AFTER Snowden leaked his shit? This is the dumbest meme that anyone can think up.

There is literally NO evidence that the NSA does not spy on American citizens. Even NSA documents say that they do, the Patriot act that gave the NSA these new rights even EXPLICITLY states that it is mainly to spy on Americans to look for "domestic terrorists". This is in the public domain and is not even a leaked secret. All evidence that say anything about it shows that the NSA spies on American citizens.

What kind of mental gymnastics do you need to have to come up with such a outrageous claim?

He did, apparently Americans don't believe in leaked NSA documents and what snowden did was a waste of time.

In these times of propaganda induced insecurity and orwellian laws the easiest way to someone be truly private is security by obscurity.

While it might be fairly easy to an attacker to figure your system. One must not forget, that the attacker is a goverment employee that, as most cases, does not give a fuck.

Obsurity might not be best apllied if the attacked is someone that the attacker is emotionaly involved with. Think pardoned Snowden living in america.

get a nexus or pixel and run copperheados. android is really insecure, just look at the technical overview section of copperheados.

There is a signal alternative called ring
ring.cx
it is on the F-droid repos

even before snowden this was known.they have been spying everyone pretty munch since the 70's

my president!

huh, interesting.
>App permission model including the ability to revoke permissions and supply fake data. Most permissions are based on dynamic checks for IPC requests, while a small subset make use of secondary groups
>Chromium supports per-site-instance sandboxing

i'm very intrigued by this.

What is Sup Forums opinion on Wick? Is not FOSS but it werks and has end-to-end encryption

he said all countries will have those laws mong

My understanding is this is an attempt to bring latent cypherpunks out of the woodwork. It would be nice to have these kinds of discussions on a fast moving anonymous forum such as g.

This is just a great place to conglomerate people.

Use Conversations. It supports OMEMO which is basically the same as Signal without giving anybody your phone number or having to use GCM.

>libressl
It sounds good in theory. But trying to use it on a distro that doesn't have it by default is a pain - I tried it with a fresh gentoo install:
Emerge fucking broke.
And when I got it working barely any packages were comparable with libressl.

I use it with gentoo and it works fine, maybe you should have followed the wiki

I did.
Maybe I fucked up in some other way.
I'm doing a fresh reinstall though - maybe I'll try again then.

Doing a research paper on IDS/IPS evasion.

So far got packet overlapping, obfuscation/encoding and fragmentation. Anyone knows of some cool attacks or interesting traffic one could generate?

Who is a good email service to use? I want to get away from gmail.

>Protonmail
>tutanota
>cock.li

I use Protonmail and Cock.li regularly.
I moved away from Tutanota just because the UI is shit.

>cock.li

are you retarded? Shit is hosted in Germany, they have been raided before for having domains such as hitler.rocks

I know but I don't even use it for important shit.
I use it for when I sign up to a shit website as a throwaway.

cock.li isn't even hosted in Germany anymore. It's in Romania.

Tox for secure instant messaging. I tried it with a few anons, and it seems to work fine.

GCM free Signal is coming soon dickhead. Stop expecting awesome shit to me made instantly.

>X General
kys my man

Conversations is okay, but its harder to use and has no iOS client yet.

>tox

I tried it and it was a buggy piece of shit cross platform, hopefully it matures more

How solid would it be to combine one of these with something like enigmail? for example protonmail claims to have no access to unencrypted content of your emails. however if your browswer/computer is compromised, your emails are potentially interceptable.

however, if you encrypt the contents of your email using PGP or public key encryption before sending them, and your correspondent does the same, would that actually help? or would it pretty much be redundant?

nevermind. in the case of protonmail at least, it is not compatible with any 3rd party email client

They're supposedly working on it:
>We are working on a solution that will allow you to use ProtonMail with other email clients in the future.

protonmail.com/support/knowledge-base/third-party-email-client-integration-outlook-thunderbird-apple-mail-ect/

Not that user but people made a non-GCM version of Signal a while ago called Libresignal but Moxie freaked out and said it was against stealing intellectual property and that they weren't allowed to use the name Signal or its servers. He through a temper tantrum, making it clear that Signal is a "look but don't touch" FOSS that doesn't allow alternative clients. Libresignal shut down knowing it would be impossible to work with such a man child. Use Telegram, Conversations, Matrix, or any other messaging service that's actually FOSS.

>use Telegram
The only part of this post I disagree with.

Any help is appreciated. I've been working for hours trying to install GPA, a front-end client for GnuPG. I assume GPA must be available through cannonical, but I've somehow found myself trying to compile and install this shit manually. Ubuntu 16.04.

I encounter the error exactly as described here:
dev.openwrt.org/ticket/20465

At the bottom of that page is a snippet of code, a patch that claims to fix this problem. I have no idea what I'm looking at, and I don't want to put it in the wrong place and cause a disaster.

Again, any help is appreciated. Even a link to an appropriate resource would be great.

No, it's a US domestic law. US judges can't issue warrants for outside the US.

I mean, it's a pretty bad law (and I'm sure most eu countries will follow suit) but some of the hyperbole about it is pretty daft, and makes critics of it sound like tinfoil hat wearing retards, when the truth is there are very legitimate concerns with it

Signals' whole business model is to get acquired by either google or facebook as soon as possible, every technical decision they've taken was about boosting their value as a corporate asset.

That's so true now that I think of it.

All of this conversation happened on public parts of the internet where anyone can go read it any time. It's not made up. Here is some of it. You can search around for more if you want:
github.com/LibreSignal/LibreSignal/issues/37
github.com/WhisperSystems/Signal-Android/issues/281

gpg doesn't support forward secrecy

what's wrong with Telegram? is it because a Russia guy wrote it?

it lacks features
it requires your phone number
it has poor crypto

Wire seems decent, but the user base is non existent.

that picture is wrong and/or outdated
wire.com/privacy/

wire server is not open source, though. only wire client is.

It's still better than the alternatives.

Too bad there isn't anyone in there.

That shit does not work

All of this is made up black PR against moxie.

I find moxie an insufferable liberal cunt but I won't spread black PR about him. You can read his posts on HN he's debunked everything you've written, esp the VERY TINY f-droid incident that was blown up into a very big story by shills.

He's opinion for people derping about GCM/GAPPS proprietary apps is reverse it yourself if you care so much. There's plenty of projects around where you can use reverse engineered, GNUgapps. They work fine with signal just you may have some buggy lost messages.

There is also nothing stopping you from building the app yourself instead of trusting jewggle store, but it's more likely your own system is compromised than Moxie's systems.

>reviewed by third party

Yes there is, almost all of them have been audited at one point or another by NCC Group or similar news.ycombinator.com/item?id=11131822

If you need extremely adversary proof messaging, you want to use Subgraph OS's custom chat CoyIM which was rewritten in a memory safe language and the project is lead by guy's in the top tier of security research these days subgraph.com/sgos/

Unless Youre In The Uk