Un pequeño consejo, eso si... cuidado con el copypaste de otros sitios. Es bastante triste ver un link que dice ser a fb.me (acortador espia de facebook, pero sin entrar en eso...), pero es realmente a t.co (acortador espia de twitter).
Twitter, engañando a la gente desde... xD
Fanta, Linux Spain likes this.
I don't doubt of the importance of this revelations, but... "most encryption"?
Should we suppose that open source encryption is not used too much, in favor of closed source encryption systems?
Or should we suppose that open source encryption systems have backdoors too? See references below.
via Christopher M. Hobbs ( email@example.com )
"I think today's revelations make it unavoidable: #SELinux and #OpenBSD ( and possibly #OpenSSL ) need full audits. At least the first two had some #NSA assistance in the past, so very likely to have backdoors."
I have no idea of the spread (or not) usage or open source encryption, but it makes common sense for me to use precisely open source software (or home made software) for that kind of tasks (encryption). If I am a government, public administration, company or individual that needs to share secrets, how can I trust a program that I cannot audit? Even more if the program comes from a different country/group of interest than yours).
Other thing that came to my mind reading the article is that it mentions "Google + Facebook + Hotmail + Yahoo". I don't discuss that the importance of all that services and the importance of this issue, but frankly, I doubt that the messages that they (NSA, GCHQ) say that they try to intercept are transmitted by those channels. Even me (a poorwoman IT assistant in a public University in Spain) advice teachers and researchers to not share confidential data or sensible research data by Dropbox, Gmail or Google sites, and better use our inhouse facilities or other (safer) means...
Christopher M. Hobbs (inactive) likes this.
Well, if they had backdoors in those they wouldn't need to ask the companies for the keys to decrypt all the encrypted communications they archived (they can get the session key used for a SSL-connection with the server's SSL-key and the archived traffic of key negotiation phase).
If everyone would implement ephemeral session keys / perfect forward secrecy they would try to a) get a way to get the cleartext from the company (or push for means to collect it inside the company) and b) probably also try harder to get backdoors in the software on both ends.
Linux Spain likes this.