Mike Gerwitz

Free Software Hacker+Activist

Latest Posts

GHCQ’s “Exceptional Access”, End-To-End Encryption, Decentralization, and Reproducible Builds

Late last November, Ian Levy and Crispin Robinson of the GHCQ (the British intelligence agency) published a proposal for intercepting end-to-end encrypted communications, entitled “Principles for a More Informed Exceptional Access Debate”. Since then, there have been a series of notable rebuttals to this proposal arguing why this system would fail in practice and why it should be rejected. Completely absent from these responses, however, is any mention of existing practices that would prohibit this attack outright—the combination of free/libre software, reproducible builds, and decentralized or distributed services.

Posted on 2019-02-18. Read more »

The Surreptitious Assault on Privacy, Security, and Freedom

Watch LibrePlanet 2017 Talk

Older Posts

Webmasters: Please, Don’t Block Tor

Tor is a privacy and anonymity tool that helps users to defend themselves against traffic analysis online. Some people, like me, use it as an important tool to help defend against various online threats to privacy. Others use it to avoid censorship, perhaps by the country in which they live. Others use it because their lives depend on it—they may live under an oppressive regime that forbids access to certain information or means of communication.

Unfortunately, some people also hide behind Tor to do bad things, like attack websites or commit fraud. Because of this, many website owners and network administrators see Tor as a security threat, and choose to block Tor users from accessing their website.

Posted on 2018-10-05. Read more »

When Talking About Mobile Tracking, Don’t Veil Bad Actors With Blanket Statements

It’s difficult to have useful conversations about mobile tracking when someone says “your phone / mobile device tracks you”; such statements don’t often lead to constructive conversation because they are too vague and therefore easily dismissed as sensationalism or paranoia. And they are all too often without substance because, while users do have legitimate concerns, they aren’t necessarily aware of the specific problems contributing to those concerns.

Posted on 2018-04-15. Read more »

Meltdown/Spectre and the Web

The recently-released Meltdown and Spectre CPU timing attacks affect virtually every user in some way; the consequences are profound. There are plenty of good write-ups on the topic, so I don’t feel the need to re-iterate the technical details here. (See an easily digestible one from the Raspberry Pi project, and an in-depth analysis from Project Zero.)

What I do want to draw attention to is that these attacks are exploitable via web browsers.

Posted on 2018-01-08. Read more »

The Ethics Void: Join Me at LibrePlanet 2018!

I got word today that I’ll be speaking again at this year’s LibrePlanet! I was going to attend even if I were not speaking, but I’m very excited to be able to continue to build off of last year’s talk and further my activism on these topics.

The title of this year’s talk is The Ethics Void. Here’s a rough abstract:

Posted on 2018-01-05. Read more »

View all posts