Did you ever wish to have all relevant information about a visitor right when he hits your site? Think of (full) name, gender and maybe hobbies and interests? Thanks to social networks we could at least get some of that data. All you need is the URL to that visitors (public) Facebook or Google+ profile – but if he doesn’t actively give it to you, you’re probably out of luck.

What if we could get that profile URL without the user even noticing it?

Avast, which makes security software for Windows, Mac, and Android, recently bought 20 used Android handsets on eBay. Then company employees used digital analysis software that's readily available and fairly easy to use to see if there was anything left on the 20 devices from the original owners. It turns out there was. Avast researchers found more than 40,000 photos, 750 emails or text messages, and 250 contacts. The group was also able to deduce the identities of the previous owners of four of the phones.

...

It's important to note that Avast makes its own reset software, which the company claims does a much better job of completely wiping Android devices. So part of the motivation for this study is presumably to promote Avast's alternative service. Still, the results are pretty startling. Whether they make you want to buy Avast's software or someone else's, this test at least raises awareness of how hard it is to scrub personal data before reselling or donating old devices.

Since the very first Snowden leak a year ago, one of the more common refrains from defenders of the program is "but it's just metadata, not actual content, so what's the big deal?" Beyond the fact that other programs do collect content, we've pointed out time and time again that the "just metadata, don't worry" argument only makes sense if you don't know what metadata reveals. Anyone with any knowledge of the subject knows that metadata reveals a ton of private info. Furthermore, we've even pointed out that the NSA regularly uses "just metadata" to pick targets for drone assassinations. As one person called it: "death by unreliable metadata."

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the protocol is incentive-compatible and secure against colluding minority groups, i.e., it incentivizes miners to follow the protocol as prescribed.

We show that the Bitcoin protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have signi cant consequences for Bitcoin: Rational miners will prefer to join the sel sh miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.

So you have the choice, buy an overpriced SSL certificate from a CA (certificate authority), or get those errors. Well, there’s a third option, one where you can create a private certificate authority, and setting it up is absolutely free.

At the time, a gag order prevented him from discussing the details of his situation. But court documents unsealed on Wednesday reveal that the FBI wanted Levinson to hand over encryption keys that would have given federal agents "real time" access to not just Snowden's account, but the accounts of all 40,000 of Lavabit's customers. § [...] § He certainly deserves credit for his pluck. Levinson complied with the letter of the order, but he delivered the encryption keys as strings of numbers printed out on paper, rather than as electronic files. What's more, he intentionally printed them in a font designed to be hard to scan, one prosecutors described as "largely illegible."

LEAP's multi-year plan to secure everyday communication breaks down into discrete services, to be rolled out one at a time. When we introduce a new service, integrated support will be added to both the user-facing LEAP Client and the server-side LEAP Platform for Service Providers. All communication content will be client-side encrypted, and as much of the metadata as possible. Most importantly, all LEAP services will be based on our plan for federated secure identity and unmappable routing.

On Sunday, Brazilian TV show Fantastico published previously undisclosed details based on documents obtained by Guardian journalist Glenn Greenwald from former NSA contractor Edward Snowden. The 13-minute news segment focused on the revelation that, according to the leaked files, the NSA apparently targeted Brazil’s state-run Petrobras oil producer for surveillance—undermining a recent statement by the agency that it “does not engage in economic espionage in any domain.” The Petrobras detail has been picked up internationally, and is likely to cause a serious stir in Brazil. (The country is still reeling from the revelation last week that the NSA spied on its president.) But Fantastico delivered several other highly significant nuggets that deserve equal attention.

Speaking at the keynote LinuxCon panel this year, Linus Torvalds, who created the open-source Linux operating system 22 years ago, revealed that the government had approached him about installing a backdoor into system’s structure. Linux is the preferred operating system for the privacy conscious infosec community.

The news broke this morning that the NSA (US), the GCHQ (UK), and the FRA (Sweden) have been actively working to subvert the cryptography that makes our society tick, by planting backdoors in most if not all commercial cryptography software. This means that these agencies have deliberately made all of us vulnerable as we conduct our banking business, as we go to the hospital, and as we talk privately online. Our society depends on our ability to keep secrets, and the deliberate planting of backdoors, the deliberate subversion of our infrastructure, is nothing short of a declaration of war. Even according to U.S. Generals.