Today we're ecstatic to publish our first demo showing a homemade BusKill Cable (in the prototype 3D-printed case) triggering a lockscreen.

Watch the 3D-Printed USB Dead Man Switch (Prototype Demo) for more info youtube.com/v/vFTQatw94VU

via @[email protected]

In our last update, I showed a video demo where I successfully triggered a lockscreen using a BusKill prototype without the 3D-printed body for the case and N35 disc magnets. I realized that the N35 disc magnets were not strong enough. In this update, I show a demo with the prototype built inside a 3D-printed case and with (stronger) N42 and N52 cube magnets.

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Why?

While we do what we can to allow at-risk folks to purchase BusKill cables anonymously, there is always the risk of interdiction.

We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. Rather, the solution to these attacks is to build open-source, easily inspectable hardware whose integrity can be validated without damaging the device and without sophisticated technology.

Actually, the best way to confirm the integrity of your hardware is to build it yourself. Fortunately, BusKill doesn't have any circuit boards, microcontrollers, or silicon; it's trivial to print your own BusKill cable -- which is essentially a USB extension cable with a magnetic breakaway in the middle

Mitigating interdiction via 3D printing is one of many reasons that Melanie Allen has been diligently working on prototyping a 3D-printable BusKill cable this year. In this article, we hope to showcase her progress and provide you with some OpenSCAD and .stl files you can use to build your own version of the prototype, if you want to help us test and improve the design.

Print BusKill

If you'd like to reproduce our experiment and print your own BusKill cable prototype, you can download the stl files and read our instructions here:

• buskill.in/3d-print-2024-05

Iterate with us!

If you have access to a 3D Printer, you have basic EE experience, or you'd like to help us test our 3D printable BusKill prototype, please let us know. The whole is greater than the sum of its parts, and we're eager to finish-off this 3D printable BusKill prototype to help make this security-critical tool accessible to more people world-wide!

The Roots of the Surveillance State

Curious how none of the coverage of this purchase mention that the app isn't open-source, which makes all of their claims of "end-to-end encryption" worthless

WordPress.com owner Automattic acquires multiservice messaging app Beeper for $125M

By Sarah Perez (@sarahpereztc) 2024-04-09

WordPress.com owner Automattic is acquiring Beeper, the company behind the iMessage-on-Android solution that was referenced by the Department of Justice in its antitrust lawsuit against Apple. The deal, which was for $125 million according to sources close to the matter, is Automattic's second acquisition of a cross-platform messaging solution after buying Texts.com last October.

Image Credits: Beepercaption

That acquisition made Texts.com founder Kishan Bagaria Automattic's new head of Messaging, a role that will now be held by Beeper founder Eric Migicovsky, previously the founder of the Pebble smartwatch and a Y Combinator partner.

Reached for comment, Automattic said it has started the process of onboarding the Beeper team and is "excited about the progress made" so far but couldn't yet share more about its organizational updates, or what Bagaria's new title would be. However, we're told he is staying to work on Beeper as well.

Image Credits: Beepercaption

Beeper and Texts.com's teams of 25 and 15, respectively, will join together to take the best of each company's product and merge it into one platform, according to Migicovsky.

"[Texts.com] built an amazing app that's more desktop-centric and iOS-centric," he said. "So we'll be folding the best parts of those into our app. But going forward, the Beeper brand will apply to all of the messaging efforts at Automattic," he said, adding, "Kishan ... I've known him for years now

there's not too many other people in the world that are doing what we do

and it was great to be able to combine forces with them."

The deal, which closed on April 1, represents a big bet from Automattic: that the future of messaging will be open source and will work across services, instead of being tied up in proprietary platforms, like Meta's WhatsApp or Apple's iMessage. In fact, Migicovsky says, the eventual plan after shifting people to the Beeper cross-platform app for managing their messages is to move them to Beeper's own chat protocol

an open source protocol called Matrix

under the hood.

Image Credits: Beepercaption

Automattic had previously made a strategic investment of $4.6 million), another company building on Matrix, and it contributes annually to Matrix.org.

Matrix, a sort of "spiritual successor" to XMPP, as Migicovsky describes it, offers an open source, end-to-end encrypted client and server communications system, where servers can federate with one another, similar to open source Twitter/X alternative Mastodon. However, instead of focusing on social networking, like Mastodon, it focuses on messaging.

Migicovsky said the acquisition came about because running Beeper costs quite a bit of money and it was either time to raise more funding or find a buyer. To date, Beeper had raised $16 million in outside funding, including an $8 million Series A from Initialized. Other investors include YC, Samsung Next and Liquid2 Ventures, and angels Garry Tan, Kevin Mahaffey and Niv Dror, and the group SV Angel.

"I've known Matt [Mullenweg, Automattic founder and CEO] for years now," Migicovsky said, adding that the WordPress.com founder had shown commitment to open source technology, like Beeper, where about half its product is already open source. "We were looking to find a partner that could financially support this. One of the reasons why there are no other people building this type of app is it costs a surprisingly large amount of money to build a damn good chat app," Migicovsky noted.

As for Beeper's products, the company has now briefed the DOJ on what happened when Apple blocked its newer app, Beeper Mini, which aimed to bring iMessage to Android. That solution is no longer being updated as a result of Apple's moves.

Image Credits: Beepercaption

Beeper on Android launches to all

The company is instead releasing an updated version of its core app, Beeper, on Android. Unlike Beeper Mini, which focuses only on iMessage, the main app connects with 14 services, including Messenger, WhatsApp, Telegram, Signal, Instagram DM, LinkedIn, Twitter/X, Discord, Google Messages and others. Android is its biggest platform by users, as 70% are on Google's smartphone OS.

In this rewritten version of Beeper, the company is starting to roll out fully end-to-end encrypted messages across Signal. That will be soon followed by WhatsApp, Messenger and Google Messages.

Because of Apple's restrictions, iMessage only works if you have an iPhone in the mix, Migicovsky says, and will not be a focus for Beeper, given the complications it saw with Apple's shutdown of Beeper Mini. However, Beeper is hopeful regulations could change things, pointing to the DOJ lawsuit and FCC investigation. In the meantime, Beeper supports RCS, which solves iMessage to Android problems like low-res images and videos, lack of typing indicators and encryption.

With the launch out of beta, the new app includes a new icon, updated design, instant chat opens and sends, the ability to add and modify chat networks directly on Android (no desktop app needed), local caching of all chats on the device and full message search.

The 10,000 Android beta testers already on Beeper will need to download the new app manually from Google Play

it won't automatically update.

Image Credits: Beepercaption

In addition, the 466,000 or so people on Beeper's waitlist will now be able to try the product. They'll join over 115,000 users who have already downloaded the app, which is now used by tens of thousands daily. The app runs on Android, iPhone, iPad, ChromeOS, macOS, Windows and Linux.

The team expects to have feature parity across platforms in a matter of months as they overhaul the iOS and desktop apps.

In time, they plan to add other services to Beeper as well, including Google Voice, Snapchat and Microsoft Teams. Beeper also offers a widget API so developers can build on top of Beeper. Plus, since Matrix is an open standard, developers will be able to build alternative clients for Beeper, as well.

The app will generate revenue via a premium subscription, where the final price may be a couple of dollars per month, but pricing decisions haven't yet been fully nailed down. Beeper is currently free to use.

Like Automattic, Beeper's team is remotely distributed, with employees in Brazil, the U.K., Germany and the U.S. At present, Texts.com will continue to operate as the teams begin to integrate the two messaging apps.

cross-posted from: https://sh.itjust.works/post/17506000

I am not satisfied with Linux's security and have been researching alternative open source OS for privacy and security So far only thing that's ready to use is GrapheneOS (Based on Android) but that's not available on desktop (Though when Android release Desktop mode it may become viable)

Qubes OS is wrapper around underlying operating systems, so it doesn’t really fix for example Linux’s security holes it just kinda sandbox/virtualize them

OpenBSD is more secure than Linux on a base level but lack mitigations and patches that are added to linux overtime and it's security practices while good for it's time is outdated now

RedoxOS (Written in Rust) got some nice ideas but sticks to same outdated practices and doesn't break the wheel too much, and security doesn't seems to be main focus of OS

Haiku and Serenity are outright worse than Linux, especially Haiku as it's single user only

Serenity adopted Pledge and Unveil from OpenBSD but otherwise lacks basic security features

All new security paradigms seems to be happening in microkernels and these are the ones that caught my eyes

None of these are ready to be used as daily driver OS but in future (hopefully) it may change

Genode seems to be far ahead of game than everything else

Ironclad Written in ADA

Atmosphere And Mesosphere Open Source Re-implementation of Nintendo Switch's Horizon OS, I didn't expected this to be security-oriented but seems like Nintendo has done a very solid job

Then there are Managarm, HelenOS, Theseus but I couldn't figure out how secure they are

Finally there is Kicksecure from creators of Whonix, Kicksecure is a linux distro that plans to fix Linux's security problems

if you know of any other OS please share it here

As we begin to shift focus to our shared efforts with Notion, we will be closing down Skiff's product suite after a 6-month sunset period

Pocket Link

The EFF and ACLU letter lists 35 specific police agencies which either have informed the civil liberties organizations that they plan to keep sharing ALPR information with out-of-state law enforcement, or have failed to confirm their compliance with the law in response to inquiries by the organizations.

“We urge your office to explore all potential avenues to ensure that state and local law enforcement agencies immediately comply,” the letter said. “We are deeply concerned that the information could be shared with agencies that do not respect California’s commitment to civil rights and liberties and are not covered by California’s privacy protections.”

they're not mentioning how exactly is it privacy focused, sadly. still, perhaps worth looking into.

Curtains forcing‌‌‌‌‍‍‍ their‌‌‌‌‍‬‬‍ ‌‌‌‌‍‬‌will‌‌‌‌‍‬‌ against the ‌‌‌‌‌‬‌‌wind,‌‌‌‌‍‍‌‌‌‌‌‍‬‬‌ children‌‌‌‌‍‬‬‍ ‌‌‌‌‍‌sleep,‌‌‌‌‌‬‌‌‌‌‌‌‍‬‍ exchanging‌‌‌‌‍‬‍‍ dreams‌‌‌‌‍‍‌ with‌‌‌‌‌‬‌‌ seraphim. The city drags‌‌‌‌‍‌‌‌‌‌‍‬‌‍‌‌‌‌‍‍‬‌‌‌‌‍‬‍‍‌‌‌‌‍‬‍‌ itself awake ‌‌‌‌‌‬‌‌on subway straps‌‌‌‌‍‬‬‍; and I, an alarm, awake‌‌‌‌‍‬‬ as‌‌‌‌‌‬‌‌‌‌‌‌‍‌‌ a‌‌‌‌‍‬‍‍‌‌‌‌‍‬‍‌‌‌‌‍‬‍‌‌‌‌‍‬‍‌‌‌‌‌ rumor of war, lie stretching into dawn, unasked and unheeded.

cross-posted from: https://lemmy.world/post/10958052

Vanguard, the controversial anti-cheat software initially attached to Valorant, is now also coming to League of Legends.

Summary:

The article discusses Riot Games' requirement for players to install their Vanguard anti-cheat software, which runs at the kernel level, in order to play their games such as League of Legends and Valorant. The software aims to combat cheating by scanning for known vulnerabilities and blocking them, as well as monitoring for suspicious activity while the game is being played. However, the use of kernel-level software raises concerns about privacy and security, as it grants the company complete access to users' devices.

The article highlights that Riot Games is owned by Tencent, a Chinese tech giant that has been involved in censorship and surveillance activities in China. This raises concerns that Vanguard could potentially be used for similar purposes, such as monitoring players' activity and restricting free speech in-game.

Ultimately, the decision to install Vanguard rests with players, but the article urges caution and encourages players to consider the potential risks and implications before doing so.

Fighting against surveillance has never been easy. But in the past year it has been specially tough in France. This talk is about shedding light on the many situations where the French State used surveillance to increase repression, mainly against activists, during the last months. Not to despair of this, but willing to provide a sincere overview to the rest of the world, La Quadrature du Net proposes to depict this situation as a satirical tale, with its own characters, plots and suspense. We want to show the political tension going on right now in France and how the checks and balances are lacking to stop this headlong rush to a surveillance state.

Looking back to France in 2023, what do we see? Implementation of new technologies such as drones, DNA marking or new generation of spywares. Also, an intensification of political surveillance, either by law enforcement deploying disproportionate means of investigations towards environmental activists or intelligence services using cameras or GPS beacons to spy on places or people that they find too radical. It was also the year of the “8 December” case, a judicial case where among other things, encrypted communications of the prosecuted persons were considered as signs of "clandestinity" that reveal criminal intentions.

On top of this, we also had to deal with the legalization of biometric surveillance for the Olympics and massive censorship of social networks when riots erupted in suburbs against police violence.

This talk is about showing the reality of the situation at stake right now in France, and how it could influence the rest of Europe. At the end, we hope to raise awareness in the international community and start thinking about how, together, we can put pressure on a country who uses its old reputation to pretend to be respectful of human rights.

Source: https://media.ccc.de/v/37c3-12309-a_year_of_surveillance_in_france_a_short_satirical_tale_by_la_quadrature_du_net

French version: https://video.lqdn.fr/w/rXmBKD6NcfxWxJEPHUZc4Z

German version: https://video.lqdn.fr/w/315ZAQFMTMG7wqiMDdGvsi

Valetudo: Free your vacuum from the cloud
https://valetudo.cloud/
@privacy