Monthly Archives: October 2015

You’ll soon be able to use end-to-end encryption on your laptop the same way you can on your smartphone. Open Whisper Systems, maker of the Signal encrypted messaging app, just announced that it has released a beta version of the product for desktops.

The open source application is designed to keep your messages private, even from the prying eyes of government agencies such as the NSA (National Security Agency). The company first released Signal for the iOS platform in July of 2014, and just last month introduced an Android version. The desktop client (pictured) will also allow users to switch between platforms in the middle of conversations.

Switching Between Devices

One of the advantages Open Whisper is highlighting is the ability to link multiple devices to the same account. “All incoming and outgoing messages are displayed consistently on all your devices,” the company wrote in a blog post. “Your contacts don’t have to guess where to message you, and when you switch devices the conversation you started will already be there.”

The desktop version is actually a Chrome extension, so you’ll have to download the browser if you haven’t already. Currently, only Android users are able to link their mobile apps to the desktop version, but that function will likely extend to the iOS platform once Signal Desktop is out of beta testing.

The app is free, and its source code is posted on a GitHub repository. The company said Signal Desktop will support private group, text, picture, and video messages.

Snowden Approved

Signal first started making waves when its original iOS version was released in 2014 as a way for iPhone users to make encrypted voice calls anywhere in the world without having to worry about government eavesdropping. In fact, the platform has been endorsed by no less a luminary in the privacy world than former NSA contractor and whistleblower Edward Snowden.

The platform is based on ZRTP, an encryption protocol designed to keep voice communications secure. Signal was originally designed specifically for mobile devices, using a jitter buffer tuned to the characteristics of mobile networks, and using push notifications to preserve battery life while still remaining responsive.

Open Whisper also pointed out that by publicly posting Signal and Signal Desktop’s source code on GitHub, the platform will be vetted by more security experts, who can examine the code for possible weaknesses, exploits, or backdoors. In fact, the company even makes small Bitcoin payments to users who work on the code.

Signal combined the functionality of two existing mobile apps, TextSecure and Redphone, which secure text and voice messages. Because Signal uses end-to-end encryption, not even Open Whisper has access to the content of your communications, and so can’t be forced to turn that data over to government officials. A number of secure communication apps and devices have been developed since Snowden exposed the NSA’s surveillance program in 2013, including Silent Circle and the new Blackphone.

Via: enterprise-security-today

Unlimited data has long been a big competitive promise. Now, Verizon Wireless customers will pay a little more for the right to watch all the videos, check all the e-mail and do all the social media they want on their smartphones.

Verizon Wireless just announced that subscribers who have long enjoyed low rates on unlimited data plans will be hit with higher bills. Customers who signed up for Verizon’s unlimited plan before 2011 will now pay another $20 a month for access beginning with their November 15 bills, save a few who won’t experience the price increase until their contracts expire.

“We continuously evaluate the price of our plans and service, so we’re increasing the price of unlimited data plans by $20 per line per month for customers no longer under contract with Verizon Wireless,” the company said in a statement. “At the same time, we’re also offering customers currently on our unlimited data plan the added benefit of purchasing a new phone using our monthly device payment plan, instead of paying full price upfront for the device. This option is available to all unlimited data plan users once their current contract period ends.”

For the Sake of Service?

The tail end of that quote seems to points to Verizon’s reasoning. The company is working hard to get customers to transition into tiered plans with clear restrictions on how much multimedia — movies, songs and videos — they can watch on their smartphones.

Practically speaking, the change means that customers who are paying $30 a month for unlimited data will now pay $50. That pushes the average monthly bill up to $100 by the time you add talk and text into the bucket. Verizon is trumpeting the “better service” message in its announcement.

“These changes will allow Verizon to continue to maintain the highest standards of network performance for all our customers,” the company said. “And it’s worth noting that Verizon does not manage the data connection speeds — often called throttling — for its customers, including those who have kept or plan to keep their unlimited data plans.”

Verizon Is Not Alone

The good news is this probably doesn’t affect you, even if you are a Verizon customer, at least not yet. The company said 99 percent of its customers are not on unlimited plans and those who are could save money by switching to Verizon plans based on their actual data usage. Not all customers on unlimited plans actually use as much data as they think.

“Verizon will not increase the price on any lines with an unlimited data plan that is currently in a two-year contract until the customer completes that contract or enters into a new contract,” the company said. “This increase does not affect government or corporate accounts that have unlimited data.”

Verizon is not the only wireless carrier to raise its rates in recent days. Sprint last month announced plans to raise the price of its unlimited plan by $10. That puts Sprint’s unlimited talk, text and data at $70 a month starting October 16.

“At $70 a month, Sprint still beats the competition,” Sprint CEO Marcelo Claure said at the time. “Rather than increase the price without warning, we want to give customers one last chance to take advantage of the $60 rate.”

Via: enterprise-security-today

 Last week’s hack against Experian, which exposed details on millions of T-Mobile customers, has privacy advocates up in arms. Dozens of consumer advocate groups and privacy organizations signed an open letter to the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) urging them to launch an investigation into the breach.

“We believe this breach, occurring at one of the nationwide CRAs [consumer reporting agencies], takes this problem to a whole new and dangerous level given the extraordinarily large amounts of critical financial information they hold,” according to the letter. “Identity thieves could play havoc of an unimaginably huge scale with access to such data, with potentially devastating consequences to consumers, financial institutions, and the American economy.”

A Terrifying and Unmitigated Disaster

The breach first made news last week, when Experian announced that a hacker of hackers had stolen the records of 15 million customers and potential customers who had applied for T-Mobile services or credit from September 2013 through September 2015. Among the information were names, dates of birth, addresses, and Social Security numbers, although no payment card or banking information was stolen, according to Experian.

The groups, led by the U.S. Public Interest Research Group, have requested that the agencies investigate both the reported breach and whether any other Experian databases might have been compromised. Experian is one of only three nationwide CRAs, and holds data on more than 200 million individuals. “A data security breach that affected Experian’s credit report files would be a terrifying and unmitigated disaster,” the advocates said.

For its part, Experian is claiming that the breach only affected one server that is kept separate from its credit bureau business, and that the consumer credit database was not impacted. But the information that was stolen could still be considered protected personal information under the Gramm-Leach-Bliley Act, according to the privacy groups.

Unanswered Questions

The letter called on the FTC and CFPB to investigate a number of different issues. In particular, the advocates want to know if Experian violated the data safeguard rules listed in Gramm-Leach-Bliley. This law requires that financial institutions explain their information-sharing practices to their customers and to safeguard sensitive data.

Another unanswered question is how Experian handles information from its partners, such as T-Mobile, differently from information contained in its credit report database. And if there are differences, why did Experian employ one set of safeguards for its credit bureau business and a different one for the T-Mobile customers? If there aren’t any differences, that could indicate that Experian’s other clients could be just as vulnerable to this sort of attack in the future, according to the privacy groups.

The privacy advocates also want to find out exactly what the CFPB is doing to regulate CRAs like Experian. CFPB is required to supervise CRAs as “larger participants.” The groups also encouraged CFPB and the FTC to require CRAs to provide free security freezes to customers affected by data breaches in the future.

Via: enterprise-security-today

With an increasing number of data breaches putting users’ personal information at risk, a company that helps online users better manage their account information with various websites and services, as well as help customers run security checks on their accounts, seems like it would have the potential for serious growth. That’s what remote access software maker LogMeIn is hoping, as the company announced this morning that it has acquired the password management software maker LastPass for $110 million in cash.

In addition, another $15 million in cash is available in contingent payments if LastPass meets certain milestone and retention targets over the two years following the deal’s close, LogMeIn also noted.

The deal is expected to close in the weeks ahead.

LastPass, a competitor with Dashlane, 1Password, and others, offered a suite of tools to help users stay safe online. Its core product is a password management software application that helps you create strong, secure passwords for the websites you visit as well as keep other private information in “secure notes.” A native desktop application for OS X, released earlier this year, introduced a “Security Check” tool that let users quickly scan all their passwords to see if they were secured properly.

The company also offers web browser extensions, and a mobile app.

Besides its consumer-facing, freemium products, LastPass offers an enterprise platform used by 15,000 businesses which could manage passwords on things like internal servers, devices and SaaS applications.

According to LogMeIn, the company was interested in LastPass because it believes it could help LogMeIn better position itself in the identity and access management market. The company, though still best-known for its remote access solutions, has been expanding into new lines of business over the years, including remote customer service tools, cloud storage and sync with Cubby, online backup, online meetings with Join.me, and more.

“Identity and Access management represents one of LogMeIn’s top three strategic growth initiatives, along with join.me in collaboration and Xively in the Internet of Things, so LastPass is a great fit for our near and long-term growth plans,” noted a LastPass spokesperson.

When the deal is complete, LogMeIn says it will integrate some of the capabilities of its early identity management investment, Meldium, which it acquired a little over a year ago, into LastPass. But in the near-term, both Meldium and LastPass will operate as separate products and continue to be supported. Meldium, which is a simple password manager for teams, is more focused on business use cases, instead of the consumer market. With this service, when a company hires a new employee, they’re automatically given access to all the online accounts that business uses, but without having to actually share passwords.

This is more complementary to LastPass’s enterprise product, which is likely going to be LogMeIn’s main focus.

LastPass founder Joe Siegrist will lead the development of LogMeIn’s Identity and Access Management product, following the deal’s close.

Founded in 2008, Fairfax, Virginia-based LastPass had 7 million users at the time of the acquisition, across both the consumer market and the enterprise. There are 30 employees at LastPass, and all have been offered positions at LogMeIn.

Via: techcrunch

Marco Arment just released a major update to its popular podcast app for iOS, Overcast. This update brings many under-the-hood improvements as well as a few new major features. Arment is also switching its pricing model entirely as the app is now completely free with an optional patronage subscription.

I’ve been using Overcast for more than a year now, and there are many unique features that make it my favorite podcast app. You won’t find these features in any other podcast app. For instance, Smart Speed speeds up the silences — it makes podcasts shorter without making the podcasters sound weird. Voice Boost fix badly mixed podcasts by leveling the voices.

And yet, you had to make a $5 in-app purchase to unlock these innovative features in version 1. Arment says that around 20 percent of Overcast’s users paid for the full version. This freemium model generated healthy revenue, but also meant that 80 percent of Overcast’s users only had the basic features. In other words, making them understand why Overcast was better than the default Podcasts app on iOS was hard.

That’s why Arment is trying something radically new by removing the in-app purchase and implementing an optional patronage subscription. If you enjoy the app, you can become a patron for $1 per month. To be clear, this purchase doesn’t unlock anything in the app. It’s just a new way to support future development. With this change, many more users will get Overcast’s differentiating features.

In addition to making the app free, There are a few new features in Overcast 2.0, starting with streaming. There are now three settings as you can see in the top screenshot. You can download every episode on Wi-Fi, download every episode on Wi-Fi and cellular or stream every episode. If you choose the last option, new episodes won’t download automatically.

Instead, when you tap on an episode, it will start playback right away and buffer the rest of the episode. Once Overcast has buffered the entire episode, the app keeps the file and it will stay on your phone as a downloaded episode. So it’s a sort of hybrid model between streaming and downloading that works quite well. When you stream an episode, you can take advantage of Smart Speed, and you won’t have to stream the episode again once it’s downloaded.

The other new big user-facing feature is chapters. Very few podcasts support chapters, but the app will now display a bar below the artwork to give you the current chapter name. In the show notes, you will find a table of contents to jump to a particular chapter. Navigating a 90-minute audio file can be tedious, and chapters are definitely a nice feature. I hope more podcasts will support chapters in the future.

Finally, there are a lot of little improvements. Smart Speed and Voice Boost should sound better, the app is easier on battery life and the podcast directory is now powered by the user base. The app also supports the new iPhone and iPad features, such as 3D Touch on the home screen, Split View and Slide Over on the iPad.

Overcast 1.0 was already one of my favorite iPhone apps. The second version adds a bunch of features without making the interface more complicated. Now that everything is free, there is no reason why you should still be using the Podcasts app over Overcast.

Via: techcrunch

Dell Inc. has filed confidentially for an IPO for its SecureWorks cybersecurity unit, TechCrunch has confirmed. The IPO is anticipated to happen before the end of the year.

First reported by the Wall Street Journal, SecureWorks could be valued at up to $2 billion. The report said that SecureWorks is working with Bank of America and Morgan Stanley to manage the IPO.

Dell acquired SecureWorks for $612 million in 2011 for its security software and consulting businesses, in an effort to expand beyond its computer hardware focus.

As part of the Jumpstart Our Business Act, companies with less than $1 billion in annual revenue are able to file confidentially for public offerings, revealing their financials just 21 days before the investor roadshow.

Dell was taken private in 2013 after being bought out for about $25 billion by Michael Dell and private equity firm, Silver Lake.

Texas-based Dell is also rumored to be in merger talks with EMC, the data storage company.

Via: techcrunch

OneGo promises to give subscribers unlimited flights for a monthly fee.

I first wrote about the company in June — at the time, its offerings were limited to a West Coast flights. More recently, it’s added plans covering the different regions of the United States, as well as a nationwide plan for $2,950 per month.

Founder Paulius Grigas pitches OneGo as a way for businesses to consolidate their travel expenses and make their costs “controllable and predictable.” Customers will get unlimited direct flights on major airlines, as well as perks like Gogo WiFi membership and enrollment in expedited security screening program TSA Pre. (Update: OneGo says it’s no longer offering perks because they overlap with benefits that many frequent fliers already receive.)

Under the basic plans, you must book flights at least seven days ahead of time and can’t have more than four open reservations, but you can pay extra for additional flexibility.

OneGo has now divvied up the United States into four regions — west, central, north and south. If you keep your travel to one region, the basic plan costs $1,950 per month (except for the west coast plan, which will only cost $1,500). Or, again, you can pay $2,950 and fly to major airports throughout the United States.

To be clear, people aren’t actually flying with OneGo yet, so this is basically a preview of what the company will be offering. It’s currently accepting sign-ups for its “Founding Flyers” and expects to puts its first subscribers in the air in November. OneGo is also developing an app that will allow users to make bookings from their phone.

Via: techcrunch

Just when you thought the wonderful world of digital messaging couldn’t get any more rich and layered, along comes another app to prove there are more ideas in the digital sphere than can be contained within the average web user’s philosophy… Just don’t call Kibo a messaging app. It is in fact an iOS keyboard app for sending hidden messages within other messaging apps’ messages — be that WhatsApp or iMessage or Facebook or whatever.

Why would you want to do that? Perhaps your parents or siblings are snooping around on your phone. Or you’re worried about message notifications flashing up on your lock screen and being read by the prying eyes of colleagues or your S.O. Or you want to make your friends have to download another app just to read the beer emoji you’re sending them… But it’s probably most useful as an added privacy layer — like an anti-shoulder surfing screen protector for your messaging activity.

“Kibo solves the problem of users’ privacy protection when exchanging messages containing any secrets or private information,” is how the co-founders explain their mission. “People commonly believe that no-one can intercept their private messaging; however, their very personal messages are often seen by their friends, colleagues, and passers-by. So, we are aiming to provide a means of sending and receiving messages in a way that no-one except the sender and the recipient will be able to see and read them.”

Kibo is obviously not the first app to offer some clandestine messaging privacy theatrics to entice smartphone users. Snapchat sparked the rush to ephemeral messaging with its self-destructing picture messages which required users press and hold to view. There’s also Confide which plays around with message visibility to deter screenshotting and shoulder surfing. But Kibo is a little different, given it can straddle different message apps because it lives inside the keyboard. (Apple made such things possible in iOS by opening up third party access to the system-wide keyboard last year.)

Still, as with (most) messaging apps, Kibo requires both recipients have the app installed (and that they have afforded system-wide access via the iOS keyboard setting) in order to view the secret messages. Kibo’s privacy policy can be read here; the team claims it is not receiving, storing or transmitting any sensitive data — a key consideration for users when installing any third-party keyboard app. For non-iOS users, an Android version is slated as ‘coming soon’.

So how does Kibo’s secret message feature work? At this early stage it’s a bit clunky. The keyboard looks much like the stock iOS keyboard, except for a little padlock key located next to the space bar. To send a secret message the user types their message text, then taps on the padlock (at which point the graphic changes to an unlocked padlock), then they tap ‘send’ to send whatever text they entered as their secret missive — but now it’s been cunningly disguised as random text chat, such as ‘Is there a problem?’ or ‘I agree. Let’s shake on it’.

The message coding and sending process is rather opaque at this early stage. And can be pretty confusing because there’s no feedback to confirm whether a message has been correctly coded or not. Providing a better user interface to make this process clearer is something the team should stick at the top of their to-do list.

If you don’t follow the correct coding process you’ll just send a plain uncoded text message… oops! The process is confused by the fact that your secret text changes into the coded text when you tap the padlock. But repeat tapping the padlock apparently cycles through other stock secret messages (as well as prior ones, if you’ve typed others) so it’s not always clear whether you have correctly coded the text or not.

I was able to receive coded messages correctly via Kibo, but managed to send what I thought was a coded secret as a plain text message — so some care is needed.

To view a secret missive (when it has been sent correctly), the recipient presses on the fake text, as if they were going to copy and paste it, and taps ‘copy’ — at which point the secret message (if there is one) is displayed below, overlaid over the Kibo keyboard.

The app also does not make it clear when there is a secret embedded in a particular message. If it did, that wouldn’t be so very secret, although the disjointed conversation is a pretty big clue. It’s basically the digital equivalent of passing coded notes in class — or it is, when it works.

Kibo claims it is encrypting the secret messages it conveys (using symmetric encryption algorithm DES), so says it has no access to the text that’s stored encrypted on its servers, saying only the sender and the recipient are able to read the unencrypted messages.

How did they come up with the idea of hiding messages within messages — which remains a neat idea, even though the app clearly needs some UI work at this early stage… After “an iPhone spoiled a birthday surprise which was prepared by 15 people”, is how they tell it.

“This prompted us to think about the forced transparency in the digital age,” they write. “However, the idea to make another ‘safe’ messenger was considered to be short-sighted, and we decided to make a private cross-messenger add-in for all types of communications. After exploring the iOS capabilities, we have implemented a product based on an iOS external keyboard.”

They argue Kibo complements, rather than competes with secure messaging apps like Wickr and Telegram — since it’s not a “private messenger” itself — and “can be used in any messenger, even in an insecure one, allowing the users to exchange their messages in a private and secure manner”.

Who’s behind Kibo’s coded facade? The team self describes as “not a traditional startup” — preferring to be considered “a small community of innovators working together toward a common goal of protecting mobile users’ privacy”. The two co-founders of the five-strong “community” are Vitaly Halenchyk and Krill Davydov. Currently based in the U.S. they are planning to relocate to Europe.

Prior to working on Kibo, which they started this April — launching the app about a week ago (and garnering more than 10,000 users at this nascent stage) — they were involved with organizing education events and lectures for young entrepreneurs.

They’ve mostly been bootstrapping Kibo’s development but do have an investor helping with costs and resources, although they’re not disclosing who it is at this stage. “We took a small amount for development and nowadays all the operations are conducted under the umbrella of our investor’s company,” they tell TechCrunch, adding: “Recently, we have been issued a provisional patent application and will soon be ready for the investment rounds.”

For all their talk of not being a “traditional startup”, they are formulating a business plan for Kibo. It’s a free download but the plan is to monetize by introducing additional paid features and add-ons down the line. “Functionality of text hiding is free and will remain free in the future. However, we are going to introduce new paid features and add-ons, but it is too early to talk about it,” they note.

It is indeed early for Kibo. But it’s a nice idea — just one that needs a little more UI polish to really shine.

Via: techcrunch

In a victory for tech firms, the Obama administration will not force firms to breach the security of their products in order to provide information to law enforcement.

The decision comes after a year after encryption introduced on iPhones and some Android phones sparked a debate between law enforcement and tech companies over access to phone data. With iOS 8, most data stored on the phone and communications over services like iMessage were encrypted in a way that only users could access it — not even Apple could.

FBI director James Comey then sounded the alarm that phone encryption would prevent law enforcement from accessing crucial information, warning “going dark” would derail crucial investigations. However technologists argued creating a so-called “back door” for law enforcement would create a security vulnerability that could be exploited by hackers and spies.

Comey signaled the administration was backing down in a Congressional hearing this week when he said the White House would not seek legislation to require companies to provide so-called “back doors” for law enforcement officials to access encrypted data. But on Saturday the New York Times reported the White House’s position goes even further. The White House will continue to require tech companies to cooperate with law enforcement, but the administration will not require them to exploit the security of their own products.

Intelligence agencies and law enforcement will now be reliant on work arounds for encryption. They can seek data backed up to the cloud or unencrypted forms of communication through service providers, such as records of phone calls. They can also attempt to compel phone owners to turn over their passcodes.

The White House’s position represents a victory for privacy advocates in the wake of the disclosures of government contractor Edward Snowden about the surveillance practices of the National Security Agency.

But the decision will likely draw anger from intelligence agencies as well as some lawmakers. Just on Thursday, Senate Judiciary Committee Chairman Chuck Grassley wrote a letter to the White House criticizing it for not taking a strong stance on encryption.

Still the New York Times report says tech firms do not think the administration has done enough. They are calling for the White House to release a clear statement it can bring to China and Europe, where government officials are threatening to ban encrypted devices or require companies to provide back door access.

Via: techcrunch

A great way to get onto TechCrunch is to make a joke about a billboard you saw on your way to go bridesmaid shoe shopping for your best friend’s wedding and put it on Twitter on a Sunday morning. Which is how this.

Becomes this.

“Is that a real billboard?” read @Drew’s DM.

“Yup!” I wrote back. “La Brea just off the 10.”

On my way back from the shoe store, I’d spotted another one by the Sunset onramp to the 101.

In the sober light of Monday morning, however, Tinder was characteristically not thrilled to be part of a public health campaign reminding everyone in Los Angeles about the potential consequences of their hookups, which the app may have facilitated. According to LA Weekly:

Tinder Wants Safe Sex Billboard Taken Down

Tinder recently fired off a cease-and-desist letter to the nonprofit organization behind the billboards, Hollywood-based AIDS Healthcare Foundation, arguing that the advertising “falsely” associates the app “with the contraction of venereal diseases.”

The letter, written by Tinder attorney Jonathan D. Reichman, says the billboard’s “accusations are made to irreparably harm Tinder’s reputation in an attempt to encourage others to take an HIV test offered by your organization.”

The lawyer goes on to argue that the ad campaign’s “statements” are not based on science and would not withstand “critical analysis.”

Tinder, which the letter says “strongly supports such testing,” accuses AHF of false advertising, disparagement, libel and interference with its business.

The app demands that AHF take down its billboards.

It doesn’t appear that the organization is going to relent. In a TV news interview over the weekend, AHF president Michael Weinstein argued that apps like Tinder’s are responsible for an uptick in STD reports.

AHF chief counsel wrote to Tinder’s lawyer to say the billboards would remain and that the group has not made “any false or disparaging statements against Tinder.”

“Rather than trying to chill AHF’s public health message by threatening AHF with frivolous lawsuits, AHF urges Tinder to support its message of sexual health awareness,” wrote AHF attorney Laura Boudreau.

The foundation indicated that it ultimately wants hook-up apps to display the equivalent of “drink responsibly” warnings for those about to get into bed with strangers.

It’s a very interesting idea, especially considering the app’s younger users. As I wrote previously, in this summer of too much heat and the friction of rapidly accelerating shifts in sexual mores:

Imagine a 13 year old today. Too young to have ever known how it’s like to to fall in love or go on a date or be in a relationship — but old enough to be on Tinder. What will coming of age in this environment be like for them? Porn is already how an entire generation learns how to have sex. What will being swallowed up into a ceaseless stream of swipe-able sex objects teach them about how to love?

The question AHF is provoking is what can it teach them (and everyone) about safe sex?

Neither alcohol nor tobacco decided to add warning (or even moderation) messages to their products of their own accord. Even the life-saving seatbelt laws we all now take for granted were the result of the tireless efforts of Mothers Against Drunk Driving.

Of course the big hurdle for Tinder would mean coming to terms with the reality of how people use and perceive their product. To adopt a safe sex message would mean accepting their cultural role as a “hookup app,” something the company has only ever sought (sometimes preposterously) to disavow.

As sex and relationship columnist Dan Savage says, “When an opposite sex couple gets to consent, when they get to yes, we are going to have sex — they stop talking to each other. They stop communicating, and negotiating. When two dudes get to yes, it’s the beginning of the negotiations — it’s the beginning of another conversation. Who’s gonna do what, to who? And that conversation makes us better at sex.”

In the end, perhaps encouraging conversation when it comes to sex — even and especially conversation around safe sex — could be a good thing for an app that has become synonymous with the mainstreaming of hookup culture.

Via: techcrunch