"In general, no matter what features you use, WhatsApp cannot read your messages due to a technology called “end-to-end encryption”, or E2EE. Knowles described it as acting like the message is locked. “Your messages are locked, or encrypted, on your phone and only unlocked, or decrypted, when they reach the person you’re talking to,” she said.

Importantly, only the sender and intended recipient of a message can unlock it. This means that even WhatsApp itself cannot read the content of messages.

However, while E2EE protects the contents of your messages, calls and files on WhatsApp, this protection doesn’t cover all the data created when you use the app.

Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation (or EFF) told Africa Check: “In the case of WhatsApp, the company collects metadata, such as when a message is sent, who the messages are between, and where it is sent from.”

Metadata is information about a particular piece of data. For example, if the data is a text message, its metadata might include the time it was sent or the place it was sent from.

Although the contents of a message are protected by E2EE, it is impossible to protect a lot of metadata. WhatsApp will, for example, always be able to determine the time a message was sent and the recipient."

https://africacheck.org/fact-checks/blog/viral-whatsapp-warning-wrong-app-does-have-privacy-concerns

"Welcome to the website for the Applied Cryptography course at the American University of Beirut! This page serves as a unified and self-sufficient source of truth on everything concerning your course.
(...)
Course Description: Applied Cryptography explores the core theory of modern cryptography and how to apply these fundamental principles to build and analyze real-world secure systems. We start with foundational concepts—such as Kerckhoff's Principle, computational hardness, and provable security—before moving on to key cryptographic primitives like pseudorandom generators, block ciphers, and hash functions. Building on this solid groundwork, we will survey how these technologies power critical real-world deployments such as TLS, secure messaging protocols (e.g., Signal), and post-quantum cryptography. We will also delve into specialized topics like high-assurance cryptographic implementations, elliptic-curve-based systems, and zero-knowledge proofs to give you a complete understanding of contemporary cryptography's scope and impact. By the end of the semester, you will have gained both a rigorous theoretical perspective and practical hands-on experience, enabling you to evaluate, design, and implement cryptographic solutions."

https://appliedcryptography.page

Ubuntu 25.10 mit Verschlüsselung per TPM
https://linuxnews.de/ubuntu-25-10-mit-verschluesselung-per-tpm/ #ubuntu #canonical #tpm2 #verschlusselung #encryption

New ISO for TUXEDO OS brings back Guided Dual Boot Encryption

The new ISO reintroduces a popular feature that we had temporarily disabled a few months ago due to security concerns.

https://www.tuxedocomputers.com/en/New-ISO-for-TUXEDO-OS-brings-back-Guided-Dual-Boot-Encryption.tuxedo

"With the frequency of environmental disasters, political polarization, and infrastructure attacks increasing, the stability of networks we have traditionally relied upon is far from assured.

Yet even with the world as it is, developers are creating new communications networks that have the potential to help in unexpected situations we might find ourselves in. Not only are these technologies built to be useful and resilient, they are also empowering individuals by circumventing censorship and platform control— allowing a way for people to empower each other through sharing resources.

In that way, it can be seen as a technological inheritor of the hopefulness and experimentation—and yes, fun!—that was so present in the early internet. These technologies offer a promising path forward for building our way out of tech dystopia."

https://www.eff.org/deeplinks/2025/07/radio-hobbyists-rejoice-good-news-lora-mesh

Reality bites the UK government’s push to undermine end-to-end #encryption
https://element.io/blog/reality-bites-the-uk-governments-push-to-undermine-end-to-end-encryption/

Canada wants to #backdoor #encryption.

But we are saying no.

#NoToBackdoors

Read our comment on Canada's C-2 Bill: https://tuta.com/blog/canada-bill-c2-surveillance

Encrypting files with passkeys and age

https://words.filippo.io/passkey-encryption/

No-AI and solid end-to-end encryption is the new tech hype.

If you don't invest heavily in solid end-to-end encryption, privacy-protective and No-AI features, you will be left behind. People might even laugh at you.

Tell everyone.

The EU wants to decrypt your private data by 2030

EU's High-Level Group (HLG) carried on under the so-called Going Dark initiative. The group was tasked, by the EU Council in June 2023, to develop a strategic plan "on access to data for effective law enforcement."

#europe #EU #HLG #surveillance #privacy #encryption #technology #tech

https://www.techradar.com/vpn/vpn-privacy-security/the-eu-wants-to-decrypt-your-private-data-by-2030

"There is no “cloud,” just someone else's computer—and when the cops come knocking on their door, these hosts need to be willing to stand up for privacy, and know how to do so to the fullest extent under the law. These legal limits are also important for users to know, not only to mitigate risks in their security plan when choosing where to share data, but to understand whether these hosts are going to bat for them. Taking action together, service hosts and users can curb law enforcement getting more data than they’re allowed, protecting not just themselves but targeted populations, present and future.

This is distinct from law enforcement’s methods of collecting public data, such as the information now being collected on student visa applicants. Cops may use social media monitoring tools and sock puppet accounts to collect what you share publicly, or even within “private” communities. Police may also obtain the contents of communication in other ways that do not require court authorization, such as monitoring network traffic passively to catch metadata and possibly using advanced tools to partially reveal encrypted information. They can even outright buy information from online data brokers. Unfortunately there are few restrictions or oversight for these practices—something EFF is fighting to change.

Below however is a general breakdown of the legal processes used by US law enforcement for accessing private data, and what categories of private data these processes can disclose. Because this is a generalized summary, it is neither exhaustive nor should be considered legal advice. Please seek legal help if you have specific data privacy and security needs."

https://www.eff.org/deeplinks/2025/06/how-cops-can-get-your-private-online-data

Magical backdoor only for "the good guys" is a complete fantasy

Let's say the strategy is akin to creating a MagicalKey that unlocks every door (a magical key because thinking encryption backdoors would only be used by "the good guys" is a great example of magical thinking).

Imagine only 1000 police officers have MagicalKeys.

Overtime, let's say only 1% of the police officers accidentally lose their MagicalKey. Now 10 MagicalKeys are lost in the wild and could be used by anyone else, for any purposes, including crime.

Then, let's say only 0.1% of police officers get corrupted by a crime gang. That's just one right? This corrupted "good guy" lets the gang create a double of the MagicalKey. Which crime gang wouldn't want a key that can magically open any door?

Now, the gang creates doubles of the MagicalKey they have. They use it subtly at first to avoid detection. They make sure they never leave traces behind, so victims have no idea their door got unlocked.

During this time, they steal your data, they sell it, they use it to impersonate you, they use it to harm you and your loved ones.

Then, another criminal figures out on their own how to emulate a MagicalKey without even having access to one.

The criminal creates a reproducible mold for this Emulated-MagicalKey and sells it to other criminals on the criminal market. Now, the MagicalKey is available to any criminals looking for it.

Restrictions on the backdoor are off. Your personal data is up for grabs.

This is what is going to happen if backdoors are implemented in end-to-end encryption. But don't worry they say, "it's only for the good guys!".

At least, the criminals' data will also be up for grabs, right?

Nope! The criminals knew about this, so they just started using different channels that weren't impacted.

Criminals will have their privacy intact, they don't care about using illegal tools, but your legal privacy protections will be gone.

Backdoored end-to-end encryption isn't end-to-end anymore, it's just open-ended encryption. This offers pretty much no protection at all.

Extract from: https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/

"Billions of people worldwide use private messaging platforms like Signal, WhatsApp, and iMessage to communicate securely. This is possible thanks to end-to-end encryption (E2EE), which ensures that only the sender and the intended recipient(s) can view the contents of a message, with no access possible for any third party, not even the service provider itself. Despite the widespread adoption of E2EE apps, including by government officials, and the role of encryption in safeguarding human rights, encryption, which can be lifesaving, is under attack around the world. These attacks most often come in the form of client-side scanning (CSS), which is already being pushed in the EU, UK, U.S., and Australia.

CSS involves scanning the photos, videos, and messages on an individual’s device against a database of known objectionable material, before the content is then sent onwards via an encrypted messaging platform. Before an individual uploads a file to an encrypted messaging window, it would be converted into a digital fingerprint, or “hash,” and compared against a database of digital fingerprints of prohibited material. Such a database could be housed on a person’s device, or at the server level.

Proponents of CSS argue that it is a privacy-respecting method of checking content in the interests of online safety, but as we explain in this FAQ piece, CSS undermines the privacy and security enabled by E2EE platforms. It is at odds with the principles of necessity and proportionality, and its implementation would erode the trustworthiness of E2EE channels; the most crucial tool we have for communicating securely and privately in a digital ecosystem dominated by trigger-happy surveillance."

https://www.accessnow.org/why-client-side-scanning-is-lose-lose-proposition/

Would you like to end the constant drumbeat of ill-informed legislative proposals that threaten to destroy end-to-end #encryption in #OpenSource #software? Are you from #Europe? Can you demonstrate your expertise? Then why not apply to join the European Commission's Expert Group for a Technology Roadmap on Encryption (E04005). Deadline is September 1st, don't be late.

https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

the @EUCommission is launching an Expert Group for a “Technology Roadmap on [breaking?] Encryption”. You can apply by 1/September!

https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

Please consider sharing this in your circles! #encryption #eu

To no one's surprise, the DMs that Threads is introducing are unencrypted:

"We’re not encrypting our DMs. It’s really about just [extracting as much information about your inner self as possible in real time with the excuse of] connecting directly and talking to people about whatever is happening now, which I think makes encryption less core to the experience"

https://techcrunch.com/2025/07/01/threads-launches-its-own-dm-inbox-as-app-moves-further-away-from-instagram/?utm_source=flipboard&utm_medium=activitypub

If a cloud #AI can read your #E2EE messages, the #encryption is useless.

https://www.laptopmag.com/ai/gemini-phone-access-update