LEAP's multi-year plan to secure everyday communication breaks down into discrete services, to be rolled out one at a time. When we introduce a new service, integrated support will be added to both the user-facing LEAP Client and the server-side LEAP Platform for Service Providers. All communication content will be client-side encrypted, and as much of the metadata as possible. Most importantly, all LEAP services will be based on our plan for federated secure identity and unmappable routing.

On Sunday, Brazilian TV show Fantastico published previously undisclosed details based on documents obtained by Guardian journalist Glenn Greenwald from former NSA contractor Edward Snowden. The 13-minute news segment focused on the revelation that, according to the leaked files, the NSA apparently targeted Brazil’s state-run Petrobras oil producer for surveillance—undermining a recent statement by the agency that it “does not engage in economic espionage in any domain.” The Petrobras detail has been picked up internationally, and is likely to cause a serious stir in Brazil. (The country is still reeling from the revelation last week that the NSA spied on its president.) But Fantastico delivered several other highly significant nuggets that deserve equal attention.

Speaking at the keynote LinuxCon panel this year, Linus Torvalds, who created the open-source Linux operating system 22 years ago, revealed that the government had approached him about installing a backdoor into system’s structure. Linux is the preferred operating system for the privacy conscious infosec community.

The news broke this morning that the NSA (US), the GCHQ (UK), and the FRA (Sweden) have been actively working to subvert the cryptography that makes our society tick, by planting backdoors in most if not all commercial cryptography software. This means that these agencies have deliberately made all of us vulnerable as we conduct our banking business, as we go to the hospital, and as we talk privately online. Our society depends on our ability to keep secrets, and the deliberate planting of backdoors, the deliberate subversion of our infrastructure, is nothing short of a declaration of war. Even according to U.S. Generals.

Lavabit, the security-conscious email provider that was the preferred email service of NSA leaker Edward Snowden, has closed its doors, citing US government interference. § "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," founder Ladar Levinson said in a statement posted to the company's homepage on Thursday. "After significant soul searching, I have decided to suspend operations."

Since the attacks of Sept. 11, 2001, its civilian and military workforce has grown by one-third, to about 33,000, according to the NSA. Its budget has roughly doubled, and the number of private companies it depends on has more than tripled, from 150 to close to 500, according to a 2010 Washington Post count.

It’s taken a long time but today we bring the first installment in a series of posts highlighting VPN providers that take privacy seriously. Our first article focuses on anonymity and a later installment will highlight file-sharing aspects and possible limitations.

Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. If Bitmessage is completely new to you, you may wish to start by reading the whitepaper.

Without the support of two major browsers and major websites most internet users are missing out on the security benefits of perfect forward secrecy. Without the protection of PFS, if an organisation were ever compelled — legally or otherwise — to turn over RSA private keys, all past communication over SSL is at risk. Perfect forward secrecy is no panacea, however; whilst it makes wholesale decryption of past SSL connections difficult, it does not protect against targeted attack on individual sessions. Whether or not PFS is used, SSL remains an important tool for web sites to use to secure data transmission across the internet to protect against (perhaps all but the most well-equipped) eavesdroppers.

We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals.