Tootfinder

One to keep an eye on. https://it.slashdot.org/story/26/01/27/0550249/lawsuit-alleges-that-whatsapp-has-no-end-to-end-encryption?utm_source=rss1.0mainlinkanon&utm_medium=feed<…

I’m looking at age for many times especially to replace OpenPGP. They did a new release and for encryption at rest, it’s indeed a good replacement.
But how to integrate it with email encryption ? They recently did a keyserver https://words.filippo.io/keyserver-tlog/ and releas…

Rule of thumb: End-to-end encryption is meaningless unless you know and control exactly who the ends are. (Let’s call this the Waltz principle.)
Same goes unless the context your encrypted messenger is running in is secure. Signal can encrypt your messages all day long but you’re still screwed if the custom keyboard app you installed on your phone is sending them off to someone else before they even reach Signal.

‼️ Wer Windows 11 mit einem Online-#Microsoft-Konto nutzt, speichert seine #BitLocker-Schlüssel automatisch in der #Cloud.
Diese können bei einem rechtlichen Ersuchen an das

Microsoft confirms it will give the FBI your Windows PC data encryption key if asked — you can thank Windows 11's forced online accounts for that
Microsoft says it will provide the FBI with BitLocker encryption keys if requested for PCs that upload their key to the cloud via your Microsoft Account.

»Microsoft confirms it will give the FBI your Windows PC data encryption #key if asked—you can thank Windows 11's forced online accounts for that:
#Windows 11's online Microsoft Account requirement means your #PC

Microsoft confirms it will give the FBI your Windows PC data encryption key if asked — you can thank Windows 11's forced online accounts for that
Microsoft says it will provide the FBI with BitLocker encryption keys if requested for PCs that upload their key to the cloud via your Microsoft Account.

Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops: Reports https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/<…

Turns out that Microsoft's BitLocker security for the data stored on your hard drive is just a placebo.
Might as well give your password to everyone:
https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-s…

Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch
The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam.

Microsoft provided the FBI with the recovery keys to unlock encrypted data on the hard drives of three laptops as part of a federal investigation, Forbes reported on Friday.
Many modern Windows computers rely on full-disk encryption, called #BitLocker, which is enabled by default.
This type of technology should prevent anyone except the device owner from accessing the data if the computer is …

Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch
The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam.

@… I should probably change my vote, but I'll stick with first choice, which involved root-on-ZFS.
That's not particularly neckbeardy, but then it took more than six months for me to notice that I also had OpenZFS-native encryption. A hidden beardy quality …
@…

X replaces DMs with Chat, a new messaging system that it says is E2EE, supports file sharing, video calling, and more, rolling out first to iOS and the web (Karissa Bell/Engadget)
https://www.engadget.com/social-media/x-is

X is finally rolling out Chat, its DM replacement with encryption and video calling
X has finally revealed its long-promised chat platform, which replaces the service's basic DM functionality with features more like the messaging...

The truth is, I’ve never trusted FileVault or really any whole-disk encryption.
I have a couple of FreeBSD machines using geli but not on their boot disk (is that even a thing?) and I’ve never been willing to jump into FileVault because it seems to have had a steady stream of “Oh, well, hope you have a backup” problems.
#Sysadminnery

@… : Just a quick shoutout and thank you!
Your tutorial on setting up VoidLinux, on ZFS, with encrypted swap worked great. Followed all steps, and everything (including hibernate and restore) works exactly as expected.
Learned some things along the way (encryption, zfsbootmgr) and, most of all, had a lot of fun doing it ;-)
Tomorrow I'll be…

RE: https://infosec.exchange/@oots/115794083146524045
Reminder: Bluetooth isn't secure, even with its encryption.

Telnet is a remote login protocol that became obsolete in 1995 when SSH became available because SSH offers transport encryption while telnet does not.
Those who kept a telnetd running for whatever reason (and did not hide it behind a firewall) have had a root backdoor for the last ten years.
The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USE…

#LB Mas quando eu digo que não tenho confiança em nenhum software de código fechado, me chamam de neurótico...
https://mastodon.sdf.org/@dlakelan/115945710595314492

“The core idea is that your conversations with an AI assistant should be as private as your conversations with a person. Not because you’re doing something wrong, but because privacy is what lets you think freely.”
Moxie Marlinspike, Confessions to a data lake https://confer.to/blog/2025/12/confess

Confessions to a data lake
I’ve been building Confer: end-to-end encryption for AI chats. With Confer, your conversations are encrypted so that nobody else can see them. Confer can’t read them, train on them, or hand them over – because only you have access to them.

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--Chinese state hackers used Anthropic to automate cyber intrusions,
--UK MoD knew of Excel's security risks before Afghan data leak,
--NHS investigates Clop's attack claims,
--ASUS patches DSL router critical flaws,
--DoorDash reveals October security incident,
--US feds warn of Akira's expanded encryption …

Chinese state hackers used Anthropic to automate cyber intrusions
UK MoD knew of Excel's security risks before Afghan data leak, NHS investigates Clop's attack claims, ASUS patches DSL router critical flaws, DoorDash reveals October security incident, US feds warn of Akira's expanded encryption capabilities, Kraken is testing how fast it can encrypt, much more

Great, ecryptfs was dropped from nixpkgs, because apparently it wasn't updated in 10 years 😑
ecrypts was always my go-to solution for encrypting only my home directory, if full disk encryption is not available.
So what does one use now for homedir encryption?
https://github.com/NixOS/nixpkgs/pull/

ecryptfs: drop by Sigmanificient · Pull Request #479934 · NixOS/nixpkgs
While looking into python2 remaining bits, i come across this package, and it seems appropriate to remove it. ecryptfs hasn't been updated sine May 2016, and seems to have questionable maintena...

Microsoft confirms it does provide BitLocker recovery keys for encrypted data if it receives a valid legal order and the user has stored the keys on its servers (Thomas Brewster/Forbes)
http://www.forbes.com/sites/thomasbrewste

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw
The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

Dziś dowiedziałem się, że ludzie na serio przetłumaczyli "end-to-end encryption" jako "szyfrowanie od końca do końca" 🤦.

#Microsoft hands out your #Windows #Bitlocker disk #encryption recovery key if

🔬 Seeing "post-quantum key exchange" warnings in your SSH sessions?
Here's what it actually means and whether you should worry about it.
Modern #SSH connections use #encryption that could theoretically be broken by future

ML-KEM Mythbusting
"There have been some recent concerns about ML-KEM, NIST’s standard for encryption with Post-Quantum Cryptography, related standards of the IETF, and lots of conspiracy theories about malicious actors subverting the standardization process. "
#pqc #pqcrypto

Checking out, before cooking, that guide by @… .Installing VoidLinux, zfs, encryption and hibernation. Gonna follow all those steps meticioulsy., but not today.
It is no surprise ssh works ootb on Slackware.
Pots and pans are calling, happy xmas all!!

One of the world’s premier security organizations has canceled the results of its annual leadership election
-- after an official lost an encryption key needed to unlock results stored in a verifiable and privacy-preserving voting system.
The International Association of Cryptologic Research (IACR) said Friday that the votes were submitted and tallied using Helios,
an open source voting system that uses peer-reviewed cryptography to cast and count votes in a verifiable, con…

Oops. Cryptographers cancel election results after losing decryption key.
Voting system required three keys. One of them has been “irretrievably lost.”…

#Applied #cryptography cannot solve a #security problem. It can only convert a security problem into a key-management problem.
Corollary: If you aren’t actually solving the key-management problem, yo…

ahh, the good old times before ssh and its smug encryption
https://www.openwall.com/lists/oss-security/2026/01/20/2

Black Coffee from lnbits likes internet of things, but doesn't like the way it tends to work with centralised servers and spying companies running them.
But what if your coffee pot and lights and smart plugs were nostr instead?
Nobody can cut your machine off, it has it's own keys and encryption, you could even ruin your own relay to talk to it instead of using public relays.
Remote control without having to expose the home network.
You could even make it require zaps and so make a vending machine.
Demonstration by sending lightning requests to the coffee pot on stage works better than the mikes that have been feeding back this afternoon 😆
#nostr #nostrshire #internetOfThings

I really wish #Mastodon had end to end encryption for DMs.

#telegram is so shit, Ads, unable to block unknown invites, shit encryption if any.
And the foss community is just bending over backwards.
I have a #matrix server I’m happy to share with anyone who wants to move off of telegram.

RE: https://mastodon.social/@404mediaco/115918464978934903
This is why we should continue to fight for our right on privacy, encryption, and don't give away all our data to big tech. Germany should not buy Palantir!

The list of members for the newly starting "Expert Group for a Technology Roadmap on Encryption (E04005)" is now online: https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupI…

Signal's Meredith Whittaker says deeper integration of AI agents into devices is "perilous" for encryption, since agents need access to lots of data across apps (Shona Ghosh/Bloomberg)
https://www.bloomberg.com/news/articles/20

“EU Revives Plan for Year-Long Data Retention Across Digital Services, Including Encrypted Apps … Officials insist they do not intend to compromise encryption or read private messages. What they want is the so-called metadata: who contacted whom, from where, at what time, and through which service.” – https://

Even as much of the internet is inaccessible right now, Metacurity appears unaffected. So check out today's issue for the most critical infosec developments you should know, including
--CISA says it will rebuild with more staff in 2026 to rectify cuts in 2025,
--Microsoft’s Azure cloud computing service was hit with 15.7 Tbps DDoS attack,
--Russian telecom Protei was hacked and site defaced,
--Companies warn of inflexibility if UK bans ransom payments,
--A cr…

CISA says it will rebuild with more staff in 2026 to redress cuts in 2025
Microsoft’s Azure cloud computing service was hit with 15.7 Tbps DDoS attack, Russian telecom Protei was hacked and site defaced, Companies warn of inflexibility if UK bans ransom payments, A crew of companies reject efforts to weaken encryption, 460k FTSE compromised credentials found, much more

... why?
"State file encryption and hardware attestation keys are no longer enabled by default."
#TailScale

My motivation to get into PGP fights these days is very limited, but, well, sometimes I can't escape the "someone is wrong on the Internet" feeling.
The author of @… still does not understand what "Authenticated Encryption" means ("still", because I've seen these discussions back in the efail days). It is a pretty central conce…

Very strange thing happened with my files on the tab.digital @…… I noticed today they have been spontaneously encrypted; apparently not by some cryptoransomer, but a known bug that has plagued random users for at least two years. All the text files, regardless of file type, now start with the header HBEGIN:oc_encryption_module:OC_DEFAULT_MODULE:cipher:AES-256-CT…

Or one could use LibreOffice or Apache OpenOffice and not be dependent on some distant service provider.
Online office suites confuse me. It’s unclear what *modern* problem they address. Sharing files is a solved problem. Common data formats exist. https://mastodon.social/@DevOpsPink/11

Tatiana Mikhaleva (@DevOpsPink@mastodon.social)
Attached: 1 image Proton rolled out Proton Sheets - a spreadsheet Google can’t peek into. Gemini: “Show me your data?” You: “No.” Sheets: also no, but in Swiss.🇨🇭🔐 End-to-end encryption, zero-knowledge, even file names get the Swiss-bank treatment. You open a spreadsheet - Big Tech immediately cries. Somewhere in California, an AI whispers: “But… my training data…” Privacy 1 : 0 AI https://proton.me/blog/sheets-proton-drive #Proton #Privacy #Encryption #CyberSe…

🔐 AES encryption & space-saving compression protect your data from unauthorized access
💿 Creates rescue disk & backup images in VHD/VHDX format - opens
directly in #Windows Explorer
🛡️ Protects against data loss from viruses, hackers or defective hard drives - suitable for beginners
🌐

WhatsApp launches passkey-encrypted backups for iOS and Android, letting users encrypt their stored message history using their face, fingerprint, or a code (Jess Weatherbed/The Verge)
https://www.theverge.com/news/809842/whatsapp-passkey-chat-backup-encryption…

WhatsApp can now use passkeys to secure your backups
WhatsApp is launching passkey-encrypted backups for iOS and Android that can protect stored messages using your face, fingerprint, or device screen lock code.

Meta plans to launch WhatsApp third-party app integration in Europe "over the coming months" as required by the DMA, starting with BirdyChat and Haiket (Thomas Ricker/The Verge)
https://www.theverge.com/news/820858/whatsapp-third-party-messaging-dat…

WhatsApp is launching third-party chat integration in Europe
Meta is rolling out support for third-party messaging with end-to-end encryption preserved. BirdyChat and Haiket will be first.

Got home early today. Of course I had to geek out 🤣 KDE is under the bus, so I reached for VoidLinux (to add dwl to it later). And hey, other distro's: look at their documentation. Can be brief, but It Just Works. Diligently followed the disk encryption setup, very well written and laid out. A pleasure, I love runit.And VoidLinux, another great distribution.
#voidlinux

404 Media speaks with @meredithmeredith.bsky.social,
the president of the Signal Foundation to talk all about the state of Signal today,
the threat of AI to end-to-end encryption,
what backdoors actually look like, and much more.
When did you start using Signal?
Listen now:
https://youtu.be…

Based on another report I just read from Iran's PressTV (state-sponsored service with an expired encryption cert today), this sounds like a giant DDoS attack.
Iran says repelled ‘one of world’s most complex’ cyberattacks on national infrastructure
https://

Iran Says Repelled ‘one Of World’s Most Complex’ Cyberattacks On National Infrastructure - Iran Front Page
Iran’s Minister of Information and Communications Technology said the country faced “one of the most complex cyberattacks” globally in recent days, targeting critical infrastructure linked to a domestic telecom operator.

A look at Confer, an open-source AI assistant project from Signal creator Moxie Marlinspike that is designed to provide end-to-end encryption for AI chats (Dan Goodin/Ars Technica)
https://arstechnica.com/security/2026/0…

Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.

Future Plans:
I have like ten years of data in my log, converted from those prior prototypes. I will be adding ways to more usefully compare and analyse data going this far back.
It could maybe use a milestone function, to track singular events which don't take actual time so don't spread on the grid. Snack tracking and the like.
It could likely use a flashcard system, with spaced repetition to review the flashcards, for better memory and recall.
Synching between devices might be nice, and lots will suggest doing that through Nostr, but Nostr is a bit public. Would need an encryption layer. Do nostr relays want to relay encrypted data from one user to themselves I suspect Veilid ( https://veilid.com/ ) would be a better option. The "no servers" ethos probably includes nostr relays.
Mostly I plan just more and better ways to view the ten years and growing of data I already have. And to do some other things for a bit so my log isn't just full of "Vibecoding Exocortex" like it is the last two weeks 😉

Google is rolling out Android RCS Archival on Pixel
and other Android phones,
allowing employers to intercept and archive RCS chats on work-managed devices.
In simpler terms, your employer will now be able to read your RCS chats in Google Messages, despite end-to-end encryption.”

Google Starts Sharing All Your Text Messages With Your Employer
Warning: What happens on your Android, doesn’t stay on your Android — not if it's a work phone.

A look at Phreeli, a privacy-focused phone carrier that lets users sign up with only a ZIP code and uses an encryption system based on "zero-knowledge proofs" (Andy Greenberg/Wired)
https://www.wired.com/story/new-anonymous-phone-carrier…

A New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip Code
Privacy stalwart Nicholas Merrill spent a decade fighting an FBI surveillance order. Now he wants to sell you phone service—without knowing almost anything about you.