« Home


The WhatsApp Non-Backdoor

Jan 12, 2017

The Guardian have just released an article supposedly revealing a Backdoor in WhatsApp that allows snooping of users' messages. That's what I'll be addressing here...

I'd like to start out by saying that this is a very technically accurate and concise article. While reading it, I found that all the questions I would have had as someone in the security community were answered. However, it is sensationalist, in particular the headline.

Backdoors are traditionally discreet and unnoticeable, you would sneak it in, and certainly not see anything in the UI. In this instance however, it is completely observable in the UI (if you have the security notifications enabled), although if you aren't keeping a close eye, it may be difficult to determine exactly which messages were re-sent to the new key.

So this is not a backdoor, at least I wouldn't call it that, I would call it a design flaw... a design flaw with security consequences. But some wouldn't even consider it something as severe as that, to some this is working as intended.

Back when this behaviour / flaw was first talked about in April 2016, Facebook responded with:

[...] We were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." [...]

And Facebook are likely to come out with a similar (perhaps more fluffy) response now that this is being re-hashed in the mainstream media.

Read More…

The Tor and CloudFlare Problem

Mar 06, 2016

For a while, users of Tor have been exposed to a great deal of frustration while browsing the web; when visiting websites that are using CloudFlare, they are presented with a Captcha before being able to load the website. (for every, single new website they navigate to in a single session).

This makes navigating the web a particularly tiresome experience, especially as so much of the web is protected by CloudFlare's services.

Right now, there is an ongoing discussion on the Tor Project's ticket system regarding this problem, inviting anyone to propose potential solutions to the problem. There have been a few potential solutions discussed, but ultimately nothing that solves all the problems for all concerned parties.

Over the course of this ticket being open though, CloudFlare's CTO has been very active in this thread, and CloudFlare now provides the option for its customers to decide on how to treat tor traffic, specifically, it allows customers to whitelist Tor exit nodes. This is great news and shows CloudFlare's willingness to discuss and come to a solution with the community.

In this post I propose a take a critical approach to discussing the existing suggestions and propose a new potential solution.

Read More…

Why Democracy Doesn't Work

Jan 28, 2015

Democracy is a beautiful concept:

Democracy is a form of government where citizens choose and replace the government through free and fair elections. Democracies allow active participation of the citizens in politics and civic life, protect the human rights of its citizens and apply laws and procedures equally to all citizens.

(source: Wikipedia)

Equal distribution of power among citizens: power to vote, power to stand for office, power to be free... Surely such a system would lead to a society which is best for everyone.

Unfortunately this is not the case, and as far as I can tell, a large part of it is down to 3 particular human traits:

Read More…

The Key to a Perfect Society

Jan 22, 2015

Our society, our civilisation, as we know it today, is by no means perfect. No nation on this planet has a majority population who are completely happy with the status quo. On average, people labour away for a ridiculous number of hours each day, in a constant effort to bolster income, and increase property and possessions. Technology came with the promise that we would be able to work less hours, and yet be more prosperous, however the truth is we have way less free time than our ancestors ever did. And what do we have to show for it; globally, we have wars (big and small, civil or otherwise), poverty, disease, hatred, global warming, resource scarcity, lack of unused space, civil liberty and human rights violations (mass surveillance, oppression, unjust imprisonment etc...)

How have we landed where we are today? And where is our current trajectory taking us?

Read More…

But What About The Terrorists

Jan 03, 2015

Lately, I've been having more and more conversations with people about privacy, surveillance, encryption, censorship etc... generally after disclosing my core interests in technology, and that I want to make end to end encryption easier. Inevitably the usual "So you want to enable terrorists to communicate without the government watching" argument springs up. Here are a few of the arguments that I now use.

Read More…

What Deniability Is and What Deniability Isn't

Dec 18, 2014

There's been an interesting (and somewhat heated) discussion (or debate) on the moderncrypto mailing lists recently, regarding the value of deniability in cryptographic protocols.

This discussion stems from the fact that deniability, as a feature of a cryptographic security protocol, does not necessarily come for free (more so in channels involving more than 2 people). It involves design and technical effort (and everything that comes along with that), as well as, generally (again more so with more than 2 participants), extra computational work and added complexity in the protocol.

The question that was asked was, given the extra effort required to incorporate deniability as a feature of a protocol... Is it worth it?

This resulted in a lot of back and forth, with people on both sides of the fence.

Read More…

The Future of Tech: Interoperability

Jan 19, 2014

Ubiquitous Computing is a very big passion of mine, in fact I have spent a number of sleepless nights, and many other free hours thinking about this, and the future of technology over the past half year or so. Largely inspired by watching future concept videos by Corning, Microsoft and a few others, and by examining our current technology climate, I started to develop a few thoughts.

Read More…

Sam Lanning

Sam Lanning

Studied Computer Science @ Oxford University. Interested in Communication, Security, Privacy, Anonymity, P2P, E2E, Mesh, Censorship Resistance etc...

Oxford - UK