We’re upgrading Magic Wormhole to Magic Wormhole for All

The Problem Sending a file from one computer to another is common and should be simple, but it can be surprisingly complicated, even in 2020. This simple-yet-complicated user story is illustrated in xkcd comic #949. How should you send a file from your computer to someone else’s computer? What security and privacy concerns should be …

Read moreWe’re upgrading Magic Wormhole to Magic Wormhole for All

Using ZKAPs to Disconnect Payment Data from Service Data

A note from the team: we’re continually looking for possible applications of ZKAPs in a variety of scenarios. If there is a product or project you’re working on that you would like to test ZKAPs with, don’t hesitate to get in touch! Last month, our team, the Least Authoritarians, gave two presentations on ZKAPs—zero-knowledge access …

Read moreUsing ZKAPs to Disconnect Payment Data from Service Data

Our Audit of Ethereum Foundation’s Node Discovery Protocol

This summer, Least Authority was hired to audit the Ethereum 2.0 node discovery protocol. We enjoyed diving into the protocol, and found some issues that were really interesting to model and test. Read the full report here.  Proof of Identity The audit went smoothly and we were able to quickly grok the protocol the Ethereum …

Read moreOur Audit of Ethereum Foundation’s Node Discovery Protocol

Announcing the release of Gridsync 0.4.0: the latest version of our graphical user interface for Tahoe-LAFS/S4

We’re excited to announce that we have rolled out Gridsync 0.4.0 — the latest version of our graphical user interface for Tahoe-LAFS/S4. This release contains a number of new features, improvements, and bug-fixes and is a recommended upgrade for all customers of our Simple Secure Storage Service (S4). Among the latest changes include: Tor integration. Gridsync now offers …

Read moreAnnouncing the release of Gridsync 0.4.0: the latest version of our graphical user interface for Tahoe-LAFS/S4

Why We Need Client-Side Encryption?

Already in 2017, there has been an inordinate number of cybersecurity meltdowns. This complex and constantly evolving range of security threats lead many of us to wonder how we can best protect our data from theft or loss. Many cloud providers advertise their use of end-to-end encryption for security. However, some of the important data breaches in the past have demonstrated that end-to-end encryption may not be enough. What is end-to-end encryption? End to end encryption is a method of…

Privacy and Security by design is a crucial step for privacy protection.

In just 10 months from now, companies headquartered in an EU country and all organizations that process data on EU residents will have to comply with the requirements of the GDPR – the EU General Data Protection Regulation. GDPR approved by the EU Parliament on 14th April 2016, is designed to harmonize data privacy laws across …

Read morePrivacy and Security by design is a crucial step for privacy protection.

Debunking the “Nothing-to-Hide” Rhetoric

Anamika Ved on May 17, 2017 A few months ago, Least Authority ran user-testing sessions to get a sense of what our potential users think about our products – S4, our current Amazon S3 based application of Tahoe-LAFS and Gridsync, our forthcoming graphical user interface for S4 and Tahoe-LAFS. In addition to getting valuable feedback, it was interesting to …

Read moreDebunking the “Nothing-to-Hide” Rhetoric

BLAKE2: “Harder, Better, Faster, Stronger” Than MD5

Zooko Wilcox-O’Hearn on March 21, 2014 Best read while listening to Daft Punk: Harder, Better, Faster, Stronger Why use BLAKE2 instead of Skein, Keccak (SHA-3), MD5, or SHA-1 as a secure hash function? BLAKE was the best-rated hash function in the SHA-3 competition NIST, in the final report of the SHA-3 competition, said this about the finalists (which included BLAKE, …

Read moreBLAKE2: “Harder, Better, Faster, Stronger” Than MD5

Open Letter to Phil Zimmermann and Jon Callas of Silent Circle, On The Closure of the “Silent Mail” Service

Zooko Wilcox-O’Hearn on August 16, 2013 This open letter is in response to the recent shutdown of Lavabit , the ensuing shutdown of Silent Circle’s “Silent Mail” product, Jon Callas’s posts about the topic on G+, and Phil Zimmermann’s interview in Forbes. Also, of course, all of this is unfolding in the context of the 2013 Mass Surveillance Scandal. Dear Phil and …

Read moreOpen Letter to Phil Zimmermann and Jon Callas of Silent Circle, On The Closure of the “Silent Mail” Service