Today The New Yorker
, a service that allows sources to share information with TNY journalists securely and anonymously. As explained in this infographic
, Strongbox relies on the Tor network, a dedicated server, PGP encryption, VPNs, and multiple laptops and thumb drives to prevent files from being intercepted or traced. The codebase
, which is open source, was designed by the late Aaron Swartz (Previously
). Kevin Poulsen, one of the organizers of the project, chronicles
how Swartz developed the code and how the project managed to carry on after his death. TNY hopes
that Strongbox will help the magazine continue its long tradition of investigative journalism.
posted by Cash4Lead
on May 15, 2013 -
A Magistrate Judge in the U.S. District Court in Vermont has ruled that a man allegedly caught with child pornography on his laptop need not reveal his PGP password (yes, authorities shut down the laptop and now can't get at the alleged porn) pursuant to the Fifth Amendment's protections against self incrimination. The decision is here
[PDF]. A decent write-up (from CNET of all places) is here
. This appears to be the first decision ever to directly address this issue, and many commentators had thought it would come out differently. The major question is whether revealing one's PGP key is "testimonial" or not. According to the Supreme Court
, giving up fingerprints or blood samples isn't, nor is standing for a lineup, nor is handing over the key to a safe, but if it's combination
safe, well maybe that's different
. Never let it be said that your Fifth Amendment rights are easy.
posted by The Bellman
on Dec 15, 2007 -
Crypto guru getting blamed for his software.
PGP writer Phil Zimmermann's hate mail goes a little something like this, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." If Phil is guilty of anything so is everyone who has ever used their credit card online, including Mr. Hate Mail.
posted by skallas
on Sep 21, 2001 -
Vulnerabiity in OpenPGP
You don't even need to crack the key, just get hold of it, modify a few bytes, and presto, sign away from other persona. The issue here is signing
, not encrypting. The implications are evident when you think of internet voting, tax filing, etc., but it is still a victory for open cryptography, where peer review can find serious flaws.
posted by pecus
on Mar 22, 2001 -
Wincent Colaiuta has seen and reviewed the new Mac OS
but you can't read the review. He's encrypted the whole thing using PGP and he's not releasing the key until the OS is released. He says he's done this to avoid law suits from Apple.
I say he's begging for hits.
If he wanted to avoid lawsuits, he could just wait to publish the review...
posted by Jako
on Mar 20, 2001 -
Why Digital Signatures Are Not Signatures
"When first invented in the 1970s, digital signatures made an amazing promise: better than a handwritten signature -- unforgeable and uncopyable -- on a document. Today, they are a fundamental component of business in cyberspace. And numerous laws, state and now federal, have codified digital signatures into law. These laws are a mistake." -- Bruce Schneier, November Crypto-Gram
posted by lagado
on Nov 15, 2000 -