Autonomía digital y tecnológica

Código e ideas para una internet distribuida

Linkoteca. Ciberseguridad


Confidential Mode will push users further into Google’s own walled garden while giving them what we believe are misleading assurances of privacy and security.

It’s important to note at the outset that because Confidential Mode emails are not end-to-end encrypted, Google can see the contents of your messages and has the technical capability to store them indefinitely, regardless of any “expiration date” you set. In other words, Confidential Mode provides zero confidentiality with regard to Google.

But that’s only the beginning of the problems with Gmail’s new built-in IRM. Indeed, the security properties of the system depend not on the tech, but instead on a Clinton-era copyright statute. Under Section 1201 of the 1998 Digital Millennium Copyright Act (“DMCA 1201”), making a commercial product that bypasses IRM is a potential felony, carrying a five-year prison sentence and a $500,000 fine for a first offense. DMCA 1201 is so broad and sloppily drafted that just revealing defects in Google IRM could land you in court.

We believe that using the term “Confidential Mode” for a feature that doesn’t provide confidentiality as that term is understood in infosec is misleading.

Un cliente de mensajería que no depende de servidores centralizados, usa la red Tor para ofrecer comunicaciones cifradas de extremo a extremo y es de código abierto.

A diferencia de las aplicaciones de mensajería tradicionales, Briar no depende de un servidor central – los mensajes se sincronizan directamente entre los dispositivos de los usuarios. Los mensajes se envían a través de la red Tor, protegiendo a los usuarios y en caso de que Internet no funcione, puede sincronizarse vía Bluetooth o Wi-Fi.

Su sistema para añadir contactos tampoco es convencional ya que, se genera un código que la persona a añadir debe escanear con su dispositivo móvil. De esta forma se busca que haya un encuentro físico entre el usuario y el futuro contacto. La lista de contacto se cifra y se almacena localmente en cada dispositivo.

Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.

pass makes managing these individual password files extremely easy. All passwords live in ~/.password-store, and pass provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It’s capable of temporarily putting passwords on your clipboard and tracking password changes using git.

Pourquoi donc l’opérateur télécom [Orange] s’est-il décidé à investir dans le secteur de la cybersécurité ? Justement parce que c’est un opérateur. Son réseau, ses millions de données sont des cibles de choix pour les pirates. De sa fragilité, Orange a donc décidé de faire un business.