An anonymous reader quotes a report from TechCrunch: When the government comes for your data, tech companies can't always tell you. But thanks to a legal loophole, companies can say if they haven't had a visit yet. These so-called "warrant canaries" -- named for the poor canary down the mine that dies when there's gas that humans can't detect -- are a key transparency tool that predominantly privacy-focused companies use to keep their customers aware of the goings-on behind the scenes. Where companies have abandoned their canaries or caved to legal pressure, Cloudflare is bucking the trend. The networking and content delivery network giant said in a blog post this week that it's expanding the transparency reports to include more canaries.

To date, the company: has never turned over their SSL keys or customers' SSL keys to anyone; has never installed any law enforcement software or equipment anywhere on their network; has never terminated a customer or taken down content due to political pressure; and has never provided any law enforcement organization a feed of customers' content transiting their network. Now Cloudflare's warrant canaries will include: Cloudflare has never modified customer content at the request of law enforcement or another third party; Cloudflare has never modified the intended destination of DNS responses at the request of law enforcement or another third party; and Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party. It has also expanded and replaced its first canary to confirm that the company "has never turned over our encryption or authentication keys or our customers' encryption or authentication keys to anyone." Cloudflare said that if it were ever asked to do any of the above, the company would "exhaust all legal remedies" to protect customer data, and remove the statements from its site. According to Cloudflare's latest transparency report out this week, the company responded to just seven subpoenas of the 19 requests, affecting 12 accounts and 309 domains. Cloudflare also responded to 44 court orders of the 55 requests, affecting 134 accounts and 19,265 domains. They received between 0-249 national security requests for the duration, but didn't process any wiretap or foreign government requests for the duration.

An anonymous reader shares a report: Email provider FastMail says it has lost customers and faces "regular" requests to shift its operations outside Australia following the passage of anti-encryption laws. The Victorian company, which offers ad-free email services to users in 150 countries, told a senate committee that the now-passed laws were starting to bite.

"The way in which [the laws] were introduced, debated, and ultimately passed ... creates a perception that Australia has changed - that we are no longer a country which respects the right to privacy," FastMail CEO Bron Gondwana said. "We have already seen an impact on our business caused by this perception. Our particular service is not materially affected as we already respond to warrants under the Telecommunications Act." "Still, we have seen existing customers leave, and potential customers go elsewhere, citing this bill as the reason for their choice. We are [also] regularly being asked by customers if we plan to move."

Slashdot reader krenaud tipped us off to this story from The Next Web: The audio recordings of 2.7 millions calls made to 1177 Vardguiden -- Sweden's healthcare hotline -- were left exposed to anyone online, according to Swedish tech publication Computer Sweden. The 170,000 hours of incredibly sensitive calls were stored on an open web server without any encryption or authentication, leaving personal information completely exposed for anyone with a web browser....

The calls included sensitive information about patients' diseases and ailments, medication, and medical history. Some examples had people describing their children's symptoms and giving their social security numbers. Some of the files include the phone numbers the calls were made from. Around 57,000 numbers appear in the database and many of those are the callers' personal numbers, making it easy to match information with a particular person.
When reached for comment, the CEO of the subcontractor receiving the calls "denied it happened."

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."

An anonymous reader shares an excerpt from an Ars Technica report: Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with. SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

Linuz Henze, a credible researcher, has revealed an exploit that in a single button press can reveal the passwords in a Mac's keychain. From a report: Keychain is where macOS stores most of the passwords used on the machine, ranging from iMessage private encryption keys to certificates, secured notes, Wi-Fi, and other Apple hardware passwords, app passwords, and web passwords. A pre-installed app called Keychain Access enables users to view the entire list of stored items, unlocking each one individually by repeatedly entering the system password, but Henze's KeySteal exploit grabs everything with a single press of a "Show me your secrets" button.

While the demo is run on a 2014 MacBook Pro without Apple's latest security chips, Henze says that it works "without root or administrator privileges and without password prompts, of course." It appears to work on the Mac's login and system keychains, but not iCloud's keychain. Generally, white hat security researchers publicly reveal flaws like this only after informing the company and giving it ample time to fix the issues. But Henze is refusing to assist Apple because it doesn't offer paid bug bounties for macOS.

The Electronic Frontier Foundation argues that police should not be allowed to force you to turn over your passcode or unlock your device. "The Fifth Amendment states that no one can be forced to be 'a witness against himself,' and we argue that the constitutional protection applies to forced decryption," writes the EFF. Last week, the non-profit digital rights group filed a brief making that case to the Indiana Supreme Court, which is set to decide if you can be forced to unlock your phone. From the report: The case began when Katelin Eunjoo Seo reported to law enforcement outside of Indianapolis that she had been the victim of a rape and allowed a detective to examine her iPhone for evidence. But the state never filed charges against Seo's alleged rapist, identified by the court as "D.S." (Courts often refer to minors using their initials.) Instead, the detective suspected that Seo was harassing D.S. with spoofed calls and texts, and she was ultimately arrested and charged with felony stalking. Along with a search warrant, the state sought a court order to force Seo to unlock her phone. Seo refused, invoking her Fifth Amendment rights. The trial court held her in contempt, but an intermediate appeals court reversed. When the Indiana Supreme Court agreed to get involved, it took the somewhat rare step of inviting amicus briefs. EFF got involved because, as we say in our brief filed along with the ACLU and the ACLU of Indiana, the issue in Seo is "no technicality; it is a fundamental protection of human dignity, agency, and integrity that the Framers enshrined in the Fifth Amendment."

Our argument to the Indiana Supreme Court is that compelling Seo to enter her memorized passcode would be inherently testimonial because it reveals the contents of her mind. Obviously, if she were forced to verbally tell a prosecutor her password, it would be a testimonial communication. By extension, the act of forced unlocking is also testimonial. First, it would require a modern form of written testimony, the entry of the passcode itself. Second, it would rely on Seo's mental knowledge of the passcode and require her to implicitly acknowledge other information such as the fact that it was under her possession and control. The lower appellate court in Seo added an intriguing third reason: "In a very real sense, the files do not exist on the phone in any meaningful way until the passcode is entered and the files sought are decrypted. . . . Because compelling Seo to unlock her phone compels her to literally recreate the information the State is seeking, we consider this recreation of digital information to be more testimonial in nature than the mere production of paper documents." Because entering a passcode is testimonial, that should be the end of it, and no one should be ordered to decrypt their device, at least absent a grant of immunity that satisfies the Fifth Amendment. The case gets complicated when you factor in a case from 1976 called Fisher v. United States, where the Supreme Court recognized an exception to the Fifth Amendment privilege for testimonial acts of production. "State and federal prosecutors have invoked it in nearly every forced decryption case to date," writes the EFF. "In Seo, the State argued that all that compelling the defendant to unlock her phone would reveal is that she knows her own passcode, which would be a foregone conclusion once it 'has proven that the phone belongs to her.'"

"As we argue in our amicus brief, this would be a dangerous rule for the Indiana Supreme Court to adopt. If all the government has to do to get you to unlock your phone is to show you know the password, it would have immense leverage to do so in any case where it encounters encryption."

"University of Toronto Engineering professor Hoi-Kwong Lo and his collaborators have developed a prototype for a key element for all-photonic quantum repeaters, a critical step in long-distance quantum communication," reports Phys.Org. This proof-of-principle device could serve as the backbone of a future quantum internet. From the report: In light of [the security issues with today's internet], researchers have proposed other ways of transmitting data that would leverage key features of quantum physics to provide virtually unbreakable encryption. One of the most promising technologies involves a technique known as quantum key distribution (QKD). QKD exploits the fact that the simple act of sensing or measuring the state of a quantum system disturbs that system. Because of this, any third-party eavesdropping would leave behind a clearly detectable trace, and the communication can be aborted before any sensitive information is lost. Until now, this type of quantum security has been demonstrated in small-scale systems. Lo and his team are among a group of researchers around the world who are laying the groundwork for a future quantum Internet by working to address some of the challenges in transmitting quantum information over great distances, using optical fiber communication.

Because light signals lose potency as they travel long distances through fiber-optic cables, devices called repeaters are inserted at regular intervals along the line. These repeaters boost and amplify the signals to help transmit the information along the line. But quantum information is different, and existing repeaters for quantum information are highly problematic. They require storage of the quantum state at the repeater sites, making the repeaters much more error prone, difficult to build, and very expensive because they often operate at cryogenic temperatures. Lo and his team have proposed a different approach. They are working on the development of the next generation of repeaters, called all-photonic quantum repeaters, that would eliminate or reduce many of the shortcomings of standard quantum repeaters. "We have developed all-photonic repeaters that allow time-reversed adaptive Bell measurement," says Lo. "Because these repeaters are all-optical, they offer advantages that traditional -- quantum-memory-based matter -- repeaters do not. For example, this method could work at room temperature."

Facebook's new plan to integrate WhatsApp, Instagram and Facebook Messenger will lead to more data about users being shared between them, a new report warns. The effort to make it easier for people to participate in conversations across its various messaging platforms sounds harmless, but it raises issues about how data will be shared across the platforms, and with third parties. The good news is that the apps will all be required to use end-to-end encryption. MIT Technology Review reports: Facebook says it wants to make it easier for people to communicate across its "ecosystem" of apps. But the real driver here is a commercial one. By making it easier to swap messages, Facebook can mine even more data to target ads with, and come up with more money-spinning services. There's another potential benefit: by integrating its messaging apps more tightly, Facebook can argue it would be harder to spin one or more of them off, as some antitrust campaigners think it should be forced to do.

Mark Zuckerberg, Facebook's chief executive, plans to integrate the social network's messaging services -- WhatsApp, Instagram and Facebook Messenger -- asserting his control over the company's sprawling divisions at a time when its business has been battered by scandals.

The New York Times: The move, described by four people involved in the effort, requires thousands of Facebook employees to reconfigure how WhatsApp, Instagram and Facebook Messenger function at their most basic levels. While all three services will continue operating as stand-alone apps, their underlying messaging infrastructure will be unified, the people said. Facebook is still in the early stages of the work and plans to complete it by the end of this year or in early 2020, they said.

Mr. Zuckerberg has also ordered all of the apps to incorporate end-to-end encryption, the people said, a significant step that protects messages from being viewed by anyone except the participants in the conversation. After the changes take effect, a Facebook user could send an encrypted message to someone who has only a WhatsApp account, for example. Currently, that isn't possible because the apps are separate.

An anonymous reader quotes a report from Motherboard: Apple security expert Jon Callas, who helped build protection for billions of computers and smartphones against criminal hackers and government surveillance, is now taking on government and corporate spying in the policy realm. Jon Callas is an elder statesman in the world of computer security and cryptography. He's been a vanguard in developing security for mobile communications and email as chief technology officer and co-founder of PGP Corporation -- which created Pretty Good Privacy, the first widely available commercial encryption software -- and serving the same roles at Silent Circle and Blackphone, touted as the world's most secure Android phone.

As a security architect and analyst for Apple computers -- he served three stints with the tech giant in 1995-1997, 2009-2011, and 2016-2018 -- he has played an integral role in helping to develop and assess security for the Mac and iOS operating systems and various components before their release to the public. His last stretch there as manager of a Red Team (red teams hack systems to expose and fix their vulnerabilities) began just after the FBI tried to force the tech giant to undermine security it had spent years developing for its phones to break into an iPhone belonging to one of the San Bernardino shooters. But after realizing there's a limit to the privacy and surveillance issues technology companies can address, Callas decided to tackle the issues from the policy side, accepting a two-year position as senior technology fellow for the American Civil Liberties Union. Callas spoke to Motherboard about government backdoors, the need for tech expertise in policymaking, and what he considers the biggest challenge for the security industry.

Amazon-owned Ring allowed employees to access customers' live camera feeds, according to a report from The Intercept. "Ring's engineers and executives have 'highly privileged access' to live camera feeds from customers' devices," reports 9to5Google. "This includes both doorbells facing the outside world, as well as cameras inside a person's home. A team tasked with annotating video to aid in object recognition captured 'people kissing, firing guns, and stealing.'" From the report: U.S. employees specifically had access to a video portal intended for technical support that reportedly allowed "unfiltered, round-the-clock live feeds from some customer cameras." What's surprising is how this support tool was apparently not restricted to only employees that dealt with customers. The Intercept notes that only a Ring customer's email address was required to access any live feed.

According to the report's sources, employees had a blase attitude to this potential privacy violation, but noted that they "never personally witnessed any egregious abuses." Meanwhile, a second group of Ring employees working on R&D in Ukraine had access to a folder housing "every video created by every Ring camera around the world." What's more, these employees had a "corresponding database that linked each specific video file to corresponding specific Ring customers." Also bothersome is Ring's reported stance towards encryption. Videos in that bucket were unencrypted due to the costs associated with implementation and "lost revenue opportunities due to restricted access." In response to the report, Ring said: "We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."

With signs that the New York trial of notorious Mexican drug lord and alleged mass murderer Joaquin "El Chapo" Guzman is entering its end phase, prosecutors on Tuesday played copies of what they said were audio recordings of Guzman the FBI obtained "after they infiltrated his encrypted messaging system" with the help of Colombian and former cartel systems engineer Cristian Rodriguez, Reuters reported. Gizmodo reports: As has been previously reported by Vice, Colombian drug lord Jorge Cifuentes testified that Rodriguez had forgot to renew a license key critical to the communications network of Guzman's Sinaloa Cartel in September 2010, forcing cartel leaders to temporarily rely on conventional cell phones. Cifuentes told the court he considered Rodriguez "an irresponsible person" who had compromised their security, with a terse phone call played by prosecutors showing Cifuentes warned the subordinate he was in "charge of the system always working."

But on Tuesday it was revealed that the FBI had lured Rodriguez into a meeting with an agent posing as a potential customer much earlier, in February 2010, according to a report in the New York Times. Later, they flipped Rodriguez, having him transfer servers from Canada to the Netherlands in a move masked as an upgrade. During that process, Rodriguez slipped investigators the network's encryption keys. The communications system ran over Voice over Internet Protocol (VoIP), with only cartel members able to access it. Getting through its encryption gave authorities access to roughly 1,500 of Guzman's and other cartel members' calls from April 2011 to January 2012, the Times wrote, with FBI agents able to identify ones placed by the drug lord by "comparing the high-pitched, nasal voice on the calls with other recordings of the kingpin, including a video interview he gave to Rolling Stone in October 2015."

hmckee writes: OSNews was offline for a few days for upgrades. It is now back up with a message that indicates they encountered a data breach and considered going offline for good due to maintenance and financial difficulties. "Our best guess is that someone was able to exploit a vulnerability in old, unmaintained code in the site's content management system, and made off with at least some user data, which may be as little as a few user records or, at worst, our entire database," writes Publisher David Adams. "Your email addresses were in there, and the encryption on the passwords wasn't up to modern standards (unsalted SHA1). [...] Other than potential spam, though, we're not aware of any other nefarious use of your data, we don't store much beyond email addresses and passwords..."

David goes on to cite poor advertising revenues and a lack of time for reasons to throw in the towel and go offline permanently.

For years, Mozilla has largely neglected development of Thunderbird, an email client it owns. But the company, which grew its team to eight staff last year, says it plans to address most of the issues that users have complained about and add six more people to Thunderbird staff this year, it said in a blog post. In the blog post Wednesday, the company said: Our hires are already addressing technical debt and doing a fair bit of plumbing when it comes to Thunderbird's codebase. Our new hires will also be addressing UI-slowness and general performance issues across the application. This is an area where I think we will see some of the best improvements in Thunderbird for 2019, as we look into methods for testing and measuring slowness -- and then put our engineers on architecting solutions to these pain points. Beyond that, we will be looking into leveraging new, faster technologies in rewriting parts of Thunderbird as well as working toward a multi-process Thunderbird.

[...] For instance, one area of usability that we are planning on addressing in 2019 is integration improvements in various areas. One of those in better Gmail support, as one of the biggest email providers it makes sense to focus some resources on this area. We are looking at addressing Gmail label support and ensuring that other features specific to the Gmail experience translate well into Thunderbird. We are looking at improving notifications in Thunderbird, by better integrating with each operating system's built-in notification system. By working on this feature Thunderbird will feel more "native" on each desktop and will make managing notifications from the app easier.

The UX/UI around encryption and settings will get an overhaul in the coming year, whether or not all this work makes it into the next release is an open question â" but as we grow our team this will be a focus. It is our hope to make encrypting Email and ensuring your private communication easier in upcoming releases, we've even hired an engineer who will be focused primarily on security and privacy.

Julia Reda is a member of Germany's Pirate Party, a member of the European Parliament, and the Vice-President of The Greens-European Free Alliance.

Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...

In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.

Click through for a list of the software projects for which bug bounties will be offered.

India's government wants to make it mandatory for platforms like Facebook, WhatsApp, Twitter, and Google, to remove content it deems "unlawful" within 24 hours of notice, and create "automated tools" to "proactively identify and remove" such material. From a report: It also wants tech companies to build in a way to trace the source of the content, which would require platforms like WhatsApp to break end-to-end encryption. India's Ministry of Electronics and Information Technology (MeitY) published [PDF] the proposed rules on its website following a report on Monday by The Indian Express revealing the government's proposal to modify the country's primary IT law to work them in. The report comes days after India's government seemingly authorized 10 federal agencies to snoop into every computer in the country last week. The proposed measures have provoked concerns from privacy activists who claim they would threaten free speech and enable mass surveillance.

[...] If India does work these rules into its IT law, it would have precedent: Earlier this month, Australia passed a controversial encryption bill that would require technology companies to give law enforcement agencies access to encrypted communications, saying that it was essential to stop terrorists and criminals who rely on secure messaging apps to communicate.

President Donald Trump last week signed legislation ramping up quantum computing research and development. From a report: The National Quantum Initiative Act (H.R. 6227) authorizes $1.2 billion over five years for federal activities aimed at boosting investment in quantum information science, or QIS, and supporting a quantum-smart workforce. The law also establishes a National Quantum Coordination Office, calls for the development of a five-year strategic plan and establishes an advisory committee to advise the White House on issues relating to quantum computing. "This next great technological revolution has far-reaching implications for job creation, economic growth and national security," Michael Kratsios, deputy assistant to the president for technology policy, said in a White House statement. "We look forward to building upon efforts to support the quantum-smart workforce of the future and engage with government, academic and private-sector leaders to advance QIS."

[...] Earlier this month, a report from the National Academies of Science said there is an urgent need to develop "post-quantum" encryption protocols in order to protect commerce and national security. QIS research could also produce new types of quantum processors, sensors, navigation tools and security systems. The challenges could bring about "new approaches to understanding materials, chemistry and even gravity through quantum information theory," according to a White House strategy paper issued in September.

Tim May, co-founder of the influential Cypherpunks mailing list and a significant influence on both bitcoin and WikiLeaks, passed away in mid-December at his home in Corralitos, California. The news was announced last Saturday on a Facebook post written by his friend Lucky Green. Long-time Slashdot reader SonicSpike quotes Reason: In his influential 1988 essay, "The Crypto Anarchist Manifesto," May predicted that advances in computer technology would eventually allow "individuals and groups to communicate and interact with each other" anonymously and without government intrusion. "These developments will alter completely the nature of government regulation [and] the ability to tax and control economic interactions," he wrote... Running 497 words, it was his most influential piece of writing... May became convinced that public-key cryptography combined with networked computing would break apart social power structures...

In September 1992, May and his friends Eric Hughes and Hugh Daniels came up with the idea of setting up an online mailing list to discuss their ideas. Within a few days of its launch, a hundred people had signed up for the Cypherpunks mailing list. (The group's name was coined by Hughes' girlfriend as a play on the "cyberpunk" genre of fiction.) By 1997, it averaged 30 messages daily with about 2,000 subscribers. May was its most prolific contributor. May and Hughes, along with free speech activist John Gilmore, wore masks on the cover of the second issue of Wired magazine accompanying a profile by journalist Steven Levy, who described the Cypherpunks as "more a gathering of those who share a predilection for codes, a passion for privacy, and the gumption to do something about it...."

WikiLeaks founder Julian Assange was an active reader and participant on the list, contributing his first posts in 1995 under the name "Proff."
The article notes that May "recently expressed disgust with the current state of the cryptocurrency community, citing its overpriced conferences and the advent of 'bitcoin exchanges that have draconian rules about KYC, AML, passports, freezes on accounts and laws about reporting 'suspicious activity' to the local secret police.'"

In his last published interview he told CoinDesk "I think Satoshi would barf."

Several readers have shared a report: The Indian government has authorized 10 central agencies to intercept, monitor, and decrypt data on any computer, sending a shock wave through citizens and privacy watchdogs. Narendra Modi's government late Thursday broadened the scope of Section 69 of the nation's IT Act, 2000 to require a subscriber, service provider, or any person in charge of a computer to "extend all facilities and technical assistance to the agencies." Failure to comply with the agencies could result in seven years of imprisonment and an unspecified fine. In a clarification posted today, the Ministry of Home Affairs said each case of interception, monitoring, and decryption is to be approved by the competent authority, which is the Union Home Secretary.

Explaining the rationale behind the order, India's IT minister, Ravi Shankar Prasad, said that the measure was undertaken in the interests of national security. He added that some form of "tapping" has already been going on in the country for a number of years and that the new order would help bring structure to that process. "Always remember one thing," he said in a televised interview. "Even in the case of a particular individual, the interception order shall not be effective unless affirmed by the Home Secretary."

The Internet Freedom Foundation, a nonprofit organization that protects the online rights of citizens in India, cautioned that the order goes beyond telephone tapping. It includes looking at content streams and might even involve breaking encryption in some cases. "Imagine your search queries on Google over [a number of] years being demanded -- mixed with your WhatsApp metadata, who you talk to, when, and how much [and add] layers of data streams from emails + Facebook," it said. "To us this order is unconstitutional and in breach of the telephone tapping guidelines, the Privacy Judgement and the Aadhaar Judgement," it asserted.