Slashdot Mirror
How To Enable Mom w/ Encrypted E-Mail?
mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"
Just sprinkle big, intellectual-ish words like "multilateral," "constitutionally legitimate," and "evolutionary" into your emails. They'll never figure out what you're talking about.
How To Enable Mom w/ Encrypted E-Mail?
Don't.
-Colin
Enigmail project website features are:
Works for me!
Personally, I just assume that whatever I write or say is being listened to. It sucks, but that's the world we live in. Don't like it? Vote for a non-fascist next time.
I can assure you that in any hypothetical situation in which a government monitors the communications of its citizens, a message whose contents the author has encrypted stands out as interesting and worty of scrutiny in a sea of plain text transmissions. If you're looking to lay low, the best way to do so is to simply blend in.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Don't bother using encrypted emails, because if you're not sending anything incriminating, THERE'S NO NEED.
p osts
I love this type of thinking.
Check out the 60 minutes inteview on Echelon:
KROFT: (Voiceover) Is it possible for people like you and I, innocent civilians, to be targeted by Echelon?
Mr. FROST: Not only possible, not only probable, but factual. While I was at CSE, a classic example: A lady had been to a school play the night before, and her son was in the school play and she thought he did a--a lousy job. Next morning, she was talking on the telephone to her friend, and she said to her friend something like this, 'Oh, Danny really bombed last night,' just like that. The computer spit that conversation out. The analyst that was looking at it was not too sure about what the conversation w--was referring to, so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.
KROFT: This is not urban legend you're talking about. This actually happened?
Mr. FROST: Factual. Absolutely fact. No legend here.
http://www.freerepublic.com/focus/f-news/1543347/
So what emails are you sending to mom that require encryption? The fact little Johnny has a cold and Aunt Bertha's fruitcake recipe, even if they are intercepted by Big Brother(TM)(C) will be thrown out
...and that's all there is to it.
I'll be darned if I'm going to live my life in fear that some TLA will mistake some perfectly innocent activity for terroristic proclivities. I only have control over my own mind - it's beyond my abilities to make someone else interpret my actions in the way I want.
So, I'll keep encrypting the emails I send to my friends. I'll also keep locking my door and sealing my envelopes, even though I don't have any secrets the government would be interested in.
Dewey, what part of this looks like authorities should be involved?
use one time pads. the only REAL secure solution.
... you know, use the pad. use 25X overwrite on the DVD after using each file, then microwave, crush and burn the DVD after you are done with it.
create two DVD-RW full of matched data, generate them in a secure, offsore location with only hardware generated random sequences. Regualrly test the randomness to 10 decimal places. mail one to yourself, the other to your mom. use rinetd and tripp to notice when you send email (or whatever you really want to hide) to her and reroute the pacets to new port, then xor the payload through the DVD random data.
secure the windows and the whole room in the location where your mom reads her mail - run daily scans for physical intrusions, and run complete spyware and virus scans on her machine hourly. buy her a new keyboard weekly, or have her only check mail on verified, non- replaceable hardware components. think like them.
padworks.com
So your mom's a drug dealer too, eh?
Sheesh, evil *and* a jerk. -- Jade
Even assuming that the Feds are snooping on your email to your mother — why do you care? Is the possibility worth the slightest bit of hassle? I suspect that's what your mother will say when you insist that she learn how to email all over again.
Register on hushmail.com
They let you send PGP encrypted webmail. You can encrypt mails, send them to someone with a password on their server, and when they answer the question or insert the password, it is decrypted correctly, without them having a key. Less secure than PGP that way, but the transfer is still PGP encrypted.
May I reccommend a hush.ai address, as they're offshore.
Anthrax Terrorist Bomb Plutonium Mom Radical Keyhole ...
One line blog. I hear that they're called Twitters now.
--Cardinal Richelieu
so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.
You know how large the "possible terrorist" list would be, then? I'm sure all of us have used a suspicious word over a communication network in a normal way at some point....
If they're using that kind of criterion, then I know I'm on that list. Now what? They can't well hassle half the people boarding the plane; they might as well hassle them all and drop the list.
And then, you will be itting, like John Gilmore, on a no-fly list - maintained by secret laws that no American may know about, or make reasonable enquiry.
Only, unlike Gilmore, you are probably not a multi-millionaire...
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Do you think that the NSA doesn't have ways around the encryption methods you are looking at implementing?
I understand the math behind it. Keep in mind a few bright Chinese scientists were able to find weaknesses in once stalwart signature technology. The stuff we use today isn't impervious, and we know that there are ways around it. We just don't know for sure how easy it is until someone proves it.
China's only problem is that they allowed these scientists to publish this. Why the communists didn't bring these guys into their top-secret intelligence org is beyond me. In the US, if a scientist discovered how to thwart similar security measures, they wouldn't be allowed to publish it. They would be instantly whisked away to the NSA secret HQ to work on similar problems for untold amounts of cash.
Which brings an interesting thought: How smart are the people who work at NSA, and how much can they crack? How do these people's intelligences and knowledge compare to the rest of the world, at least, the public world? We'll never know for sure unless we get a job working there as a scientist who has to develop new methods of cracking encryptions. And then we wouldn't be allowed to tell anyone. So the public will never know for sure, and can never know for sure.
In short, the encryption race can't be won with the US government, any more than you could win a nuclear arms race. You can go ahead and compete with nosy neighbors and competitors, and perhaps even 2nd or 3rd world foreign intelligence, but I strongly doubt that you'll be secure from the prying eyes of any administration of any of our allies. Besides, this is one area where our government has spent and will spend the required resources to ensure they are #1, just like the arms race was.
And remember, in security, the question is, "How secure do you really need to be, and how much are you willing to pay for it?" In the end, is your grandmother really that worried about some administration official reading her super-secret brownie recipe that she passes on to her friends? What will she say that could possibly alarm them? How secure will the recipients of her messages keep those messages? What's the point of being secure if you can't secure both ends of the conversation?
The radical sect of Islam would either see you dead or "reverted" to Islam.
To send email securely over your Google's gmail account, just configure Thunderbird mail account to retrieve gmail email using your Google POP3 account information.
Thunderbird/Enigmail combo neatly address your privacy issues for both sending and receiving.
With PGP/GnuPG perfect forward-secrecy protection, you can leave all your emails in your gmail account and not bother to delete them (EVER or until your GnuPG passphrase is compromised).
Google deux-machination of trying to find AdWords in your email for their massive onslaught of advertisement campaign will come to a screeching halt when your gmail InBox contains nothing but psuedo-random data.
Good riddance to invasive AdWords into your emails...
Anyone know about Ciphire?
https://www.ciphire.com/
i read the whole thing, and i'm not sure how much of it i actually believe. Mr. Frost says they get a lot of info from baby monitors... they'd have to be pretty close to the originating house to do that, because even if the range extends far enough (which it probably doesn't, it costs money and takes fcc licenses to do long range broadcasting), baby monitors are on a band that is used by a lot of other things as well, and their transmissions would join a flood of others.
so i can only think of a few ideas to explain this guy: he might be sensationalizing his story, possibly on behalf of his former employer, possible to his own ends. that, or when they hired him, the cse or whatever may have shown him a demo that made him believe they had more capabilities than they really did. maybe 60 minutes ran out of ideas for shows and hired an actor to spout off things they based off of conspiracy websites. ok, maybe not, but i still find this hard to believe, especially former workers talking about it to a television show.
Just go up stairs and tell her what you would have written in the email.
I've set my whole family to use encryption and signatures using either KMail or Thunderbird. The setting up is the hard bit, and I don't think any of them really understand what the difference between signing and encrypting is, what a public or private key is. That doesn't matter though. If it's possible to encrypt (i.e. the key for the recipient is in the keyring) then both Kmail and Thunderbird automatically do so.
The only thing any of them notice is that ocassionally they have to enter their password again.
I have to say though that when Kmail popped up a message that was all in red to indicate that a signature was invalid, everyone loved it (it wasn't sinister, MS Exchange mangles certain messages).
Being sure that your email wasn't read, nor was it tampered with is a great feeling. Nothing any of us say to each other is, in theory, worth protecting in this way; however, it's now perfectly safe for them to send, say a home address or a telephone number or any other personal information in the knowledge that it hasn't been read. It's not national security stuff, it's just privacy. You're not protecting against government snooping, you're protecting against random snooping by some bored mail server operator.
I'd argue that if the government wanted to spy on me, they'd find it very dull, but wouldn't be thwated by the fact that I encrypt my emails.
Carpe Daemon
1. What are you trying to hide?
2. Tell me where Osama Bin Laden is
.
Sig
I haven't used GPGrelay myself but it looks very promising. It intercepts POP3 and SMTP so it's email client-neutral, and does everything automatically. I've been wanting to write a program like this for years but never had the time.
http://sites.inka.de/tesla/gpgrelay.html
Enigmail does not handle HTML.
The fact that HTML in email does not work with Enigmail is just fine with me (and it should for 99% of the other encrypted email users).
99% of email sent to me having HTML encoding is SPAM. About 3% of those emails have embedded URLs directing me to malicious websites trying to probe your computer for vulnerabilities or phish for your personal information.
The very IDEA of encrypting email with embedded URL DEFIES the privacy concept. Ever hear of 1-bit embedded GIF images? Oh boy, what a great tracking device. How about those MANY IE exploits? Just a mere mention of ActiveX in email makes me shudder.
As I've said over the last 8 years, F*CK this encrypted HTML shit. It doesn't belong in email payloads, particularly encrypted ones.
Use pictures that cannot be scanned by OCR-scanners. Just like slashdot uses them
http://images.slashdot.org/hc/49/f7493d25f3b1.jpg
Two kinds of baby monitors: room to room, and IP-based. Could be IP-based ones.
The more people on "Their" lists, the less Big Brother can focus on one person. This negates the usefulness of the list. Get everyone's mom to encrypt email, add more noise to the signal.
Beware the fury of a patient man
- John Dryden
The commercial version of PGP (PGP Desktop) supports the Macintosh and Windows. It will automatically sign and encrypt email.
Mea navis aericumbens anguillis abundat
How about WinPT ("Windows Privacy Tray") for your Windows relatives? It front-ends gpg with something that sits in the system tray. Can encrypt from the clipboard or the foreground window.
Double encription, using two schemes is also about as useful as rot-13. They've already thought that far ahead.
I've hit Karma 50 and gotten a Score:5, Troll... I win!
Sure, encrypted mail would hinder the government's power, but I don't think that it would be the most prudent step. First of all, why do you want encryption? Unless there is some manner of illegal activity that is discussed in your email, it's only hurting you. If you are ever suspected of a crime (and I'm not talking about j-walking, this has only been done by the NSA, which sole responsibilities lie in national security, hence the National Security Agency), then a quick look at your communications would turn up recipes for muffins, clearing your case rather quickly. However, should you be suspected in the course of a serious terror investigation, the time necessary to decrypt your email would slow down the investigation, which only hurts the national security. Unless there is some sort of illegal activity going on, there is no purpose to encrypting email.
First, get everyone using a mail client that supports S/MIME. Thunderbird works, as does Apple Mail.
Then, use S/MIME.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
The problem isn't the HTML per se, it's the half-assed implementation in most mail readers. Rich text in general is a good thing. HTML is a reasonable choice for rich-text. Ther are just two rules for securing HTML mail: Do not display anything not included in the message. Embedded images are okay, but don't fetch <img> links. And donot, under any circumstances, run any scripts of any sort. That's it. Pay attention to those two rules and you get HTML mail that's exactly as secure as plain-text mail.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
... to get more people using encryption is because it will make it that much more difficult for them to ban it later.
To all the "you don't need encryption unless you have something to hide" people. Wow. I'm truly astounded by those people who have failed to learn anything from history.
I write long reports that need to be formatted.
Thunderbird can be configured to:
1) Not open external (not embedded) image files. This is the default.
2) Not run scripts. This is the default.
Thunderbird cannot run ActiveX. That gives me perfect safety. Enigmail should support what Thunderbird supports.
Many programmers have very limited in social abilities, so they don't like to or want to communicate. Also, many programmers are, maybe surprisingly, not big users of their computers. They program at work, using just a few applications. When they come home, maybe they play games, maybe not.
Programmers should not be allowed to dictate what features we need.
I agree, doesn't pass the smell test.
Switching to all-encrypted email will attract attention, and result in closer scrutiny to who you communicate with.
For typical criminal cases, obtaining wiretaps isn't always practical -- but obtaining phone records is trivial. If you have a pattern established of communicating with someone who is a criminal or terrorist figure (even without your knowledge), your encrypted communications suddenly become damning.
Conformity is the jailer of freedom and enemy of growth. -JFK
seriously, unless you commmunicate with terrorists, dont worry about your email.
Supplies!
You can get a free personal certificate from Thawte that works great. Once you've setup your account with them, you can create a signature for each email address you use. On the Mac side, you just download the certificate, and the Mac takes care of automatically installing it. Mail will also detect the certificates you install, and you'll see sign and encrypt (provided you have the recipients public key) buttons when you compose new messages. Here's a tutorial on getting it up and running with Mail:
x
http://joar.com/certificates/
It also works with Outlook, Outlook Express, Thunderbird, and Mozilla:
http://www.marknoble.com/tutorial/smime/smime.asp
Develop an encryption table that produces shapes similar to the screen characters created by the ASCII characters you want to transmit*.
Obtain a molecular transfer device that puts a dark material on semi-permiable surfaces, such as the paper you use in your printer.
Encode your message by placing dark marks on the paper. Seal it in an opaque layer of similar material and encode the physical address of the recipient on the outside.
You can then purchase a government document (for less than the cost of a cup of cofee, or of supporting a third world waif for a day) from a government agency tasked with transfering such encrypted information, afix it to the outside of the "envelope", and trick the 3\/1L goobermint into delivering your secret message for you.
If you REALLY want to be certain of your security, you can seal the "envelope" with the semi-transparent film developed by the security firm "3-M". The adhesive on one side of the film prevents unauthorized opening.
Of course this is all for naught due to the CIA's "remote viewers" unless you remain in motion. So when you're encrypting/molecular transfering, it's important to run around in circles so they can't focus on you. A tin foil hat won't actually help, but wearing one while running in circles will prevent those around you from asking pesky questions. Remember: shiny side out, otherwise a feedback loop can occur and cause dain bramage.
* As an alternative, entirely graphical representations can be developed. Pictures created with polychromatic, wax-based molecular transfer devices are especially attactive to moms, who tend to archive them on the outside of their refrigerator.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
How close they have to be depends on the quality of the directional antenna on their snooping device. Yes, omnidirectional baby monitors only have a range of a hundred feet or so, but put a cantenna/dish derivative on the reciever and point it in the right direction and youll hear it a mile away.
Why the hell bother? I doubt the government is going to find interesting your Mother's pleas for tech support and yammering about whether you are ever going to come visit her.
Don't you just love a thinly veiled "Ask Slashdot" post that's really about more Bush bashing? What Bush has done is nothing new. Clinton did it, as well as other Presidents before him, from *both* sides of the isle. The President has explicit authority by the US Constitution to do what is necessary to protect this country from foreign nationals that intend to do us harm, up to the point of declaring war, which is reserved for the congress.
This is a non-issue.
And then, you will be itting, like John Gilmore, on a no-fly list
I'm fairly sure that not even a dictatorship can keep its capitalism afloat if they put half the passengers on a no-fly list.
The law which enables the President to "spy" has been on the books since 1978. The scope of the law was expanded in 1994 and 1998. The EFF has a great writeup about the law which can be found here There are certain requirements that must be met before a "warrant" is issued by a judge. In reality it is really not a warrant because the person investigated is unaware of the pseudo-warrant. Please read the EFF writeup so you have a better understanding of your rights. Blaming this law on the current administration is unproductive and misguided. The law was passed under a democrat administration (Carter) and expaned under another democrat administration (Clinton) We can bitch and moan about the current administration and their use of the law. This doesn't change the fact that the it is on the books. I have already contacted my representatives regarding this law. I am glad the NYTs shed light on this because I would not have known about it otherwise. Disclaimer: I don't support the Democrats or the Republicans. I am a Libertarian. You don't have to vote for a giant douche or turd sandwich you know.
If the feds or any other government agency could really interpret what "IS" really meant when my bro says "Christmas is at Aunt Bertha's next year, the kids can't wait, it will be fun for all." --- Translation: "Shit! crazy Aunt Bertha and her big, smelly dogs are hosting christmas this year, we all have to go kids included, that means cousin Steve's terror tribe will be there too, that's gonna suck!"
So you can see that family sarcasm can easily eliminate the need for encryption.
Sig Hansen?
While I'm not interested nor inviting anyone "spying" on me, there is one thing I do not worry about: the government spying on me.
Why? I don't have anything to hide from them.
Should I be falsely accused there are a few things I keep in mind:
Don't bother trying to encrypt the message. Encrypt the delivery channels.
Give your Mom an account on your server where you have postfix set to opportunistically encrypt, your IMAP daemon to use SSL (courier, cyrus, etc) and require SASL on STARTTLS connections for outgoing e-mail (postfix again).
This way, large numbers of users of users can have their wire-level communications encrypted without requiring the users to do much work. For example, if/when AOL starts accepting SSL at the MTA level (and they encrypt the client - another story) then you can communicate with the entire AOL user base in an encrypted manner.
Sure, the message store is unencrypted and with a court order they could take/own your box, but you get the anti-carnivore benefits almost for free.
This doesn't prevent messages from being forwarded but you need a whole PKI/WOT structure to get that going and that's going to take a very long time. Join CACert if you want to help with that.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Simply included an encrypted and plaintext version in every email; problem solved!
I Am My Own Worst Enemy
--Cardinal Richelieu
or web browsers it seems from the link...
Just use Thunderbird with the Enigmail plugin. She won't have to do anything unusual except enter her password when prompted. You could even sign her key for her and then anyone who trusts you has the opportunity to trust her also. I really wish more people would use encrypted email. I also wish the enigmail plugin worked on FC4 on x86_64 architecture.
Well everyone says that if you have nothing to hide, then why worry about it. Try telling that to the guy that was abducted by the US gov and tortured for three months before being let go after they realized that the poor guy wasn't who they thought that he was(I hope they don't mistake me for someone else). Anywho, my biggest problem is that everything that has been created has or will be hacked one way or another. It is no longer a question of if, it is a question of when. This includes all encryption, it may be hard, but it has or will be done, history shows us this. As far as mandated monitoring systems, how long before someone hacks their way into these systems and uses them for their own personal goals. The remote monitoring that is now required for both data and voice is bound to have holes in it one way or another. For example someone using a very simple password for the remote "black box" that enables the monitoring. For this reason alone, I think that all communication should be encrypted. As stated before, any "powerful/modern" government will be able to decrypt it anyway, but it will safeguard you from when the system that they use to monitor is compromised. That is the reason that I feel that all communication should be encrypted at multiple levels.
> There are more than six billion people on this planet.
/. brings me to ponder :)
> Guess what: THEY ARE ALL GONNA DIE!!!
Guess what: The fact that we're all gonna die doesn't make mass murder OK, and it doesn't change the GP's point in the slightest. You know your life will end eventually, but every minute, every second you make tons of decisions (voluntary and involuntary, such as the fact that you constantly breathe, for example) that all go towards your continued survival.
Having your life ended violently by some external agent is very different from dying a natural death, and every fiber of your body knows this and behaves accordingly. If there were no difference, then it would be meaningless to have laws and ethical beliefs against murder, because "he/she would have died anyway".
And what to make of this:
> But then they'll have to torture you to get you to tell them the truth.
> Isn't it easier to let them have it by reading your boring mail?
> (or they can get it the way they used to: by monitoring your phone).
This implies that you have no power whatsoever to do anything about anything, and that no risk whatsoever is worth taking to oppose injustice. Not just serious risks or heroic acts or whatever, but ANYTHING, even the infinitesimal 'risk' that something like encrypting your email carries. You're saying, "In the off chance that there might be consequences from exercising my basic rights, it's easier to just roll over and let them be stripped away from me with nary a whimper. I'll even tell others to do the same, as it is in their best interest." Wow, dude! Sounds like a page from the Aspirant Sheep Of The Year study guide. Is that who you want to be? Or is that who you already are? Congratulations.
Also, once again you brush the point aside and essentially reason as if it's OK for "the torturers" to be out there spying on people, and torture them when they can't get the information they want by other means. Is that what you really think? Because if it isn't, you need to brush up on some basic dialectic skills to learn why your response completely misses the point, on top of being morally comtemptible.
The fact that there actually are people like you out there, who will actually respond in this way when the GP's points are made, never ceases to amaze, dishearten and scare me. It makes me wonder just how many of you there are, and whether we have a chance to ever outweigh the mindlessly accepting bullshit thinking you represent. It makes me want to ask: is there ANYTHING AT ALL in the whole wide world that you people are shocked, disgusted, outraged, or even just passionate about? Are you even capable of such emotions? Or is it always merely "easier" to shrug it all off and keep going, making sure you never feel strongly enough to invite any trouble? How can that be "easy" for you? And how can you be a human just like me if it is?
Ah, the mysteries of life that
-----
Peter Gridley
Freedom of Speech does not imply the Freedom to Hear whatever is said!
(-hrair-)
Beware of the shining wires...
Of course you're certain that nobody abuses your privacy, and even if they would, there is some oversight?
Actually, John Gilmore is not on the "no-fly list", but he has taken his fight against secret laws to the US Supreme Court.
More information here.
Brilliant Idea!
Since Gmail POP3 has already placed these messages on your local drive, these messages are available online (until deleted).
Obviously, the next functionality that needs to be added is to put a search engine AFTER the decryptor using a cached-passphrase.
This would not be a hard problem to solve. It won't be fast, but still work.
We'll just have to inform the Thunderbird/Enigmail developer of this snazzy request!
Thanks!
There's been a bit of talk about how the government can most likely crack common forms of encryption anyway.
Here's an interesting thought, though--what's the overhead in doing so? If they're trying to scan all e-mail, and are decrypting messages as they come in, does doing this create a significant overhead for them? Perhaps, if enough people encrypted their routine e-mail messages, the process would be so slow as to not be feasible.
________________________________________________
suwain_2
Don't if you want to keep it down. If you really want someone interested in your e-mails then don't encrypt. While it might hide it from script-kiddies, hacker networks and especially government-based people have enough power and knowledge to crack your key. For example: Someone finds a problem in MD5, RSA or whatever; don't you think the NSA or similar organisations in other nations have scholars who are searching for that EVERY SINGLE DAY. Heck, when something like it is found, it is shared among other intelligence agency's from other country's (enemies and allies) in both ways. Hacker communities have enough power to crack an 1024-bit key in a few hours. I worked in a datacenter not too long ago and because of the careless security admins all Windows PC's were at one time infected by some kind of virus/trojan and we didn't notice until all processors were firing up at 100% CPU. Imagine this small datacenter (300 Pentium4 & 100 Dual Xeon's) multiplied by the number of datacenter with similar security issues.
Custom electronics and digital signage for your business: www.evcircuits.com
Mr. Frost says they get a lot of info from baby monitors... they'd have to be pretty close to the originating house to do that, because even if the range extends far enough (which it probably doesn't, it costs money and takes fcc licenses to do long range broadcasting), baby monitors are on a band that is used by a lot of other things as well, and their transmissions would join a flood of others.
The FCC rules are there to prevent interference with other off-the-shelf technologies. For the billions we give them each year, I'm hoping the NSA is using something to eavesdrop besides the baby monitor and cordless phone base stations available at Walmart.
The problem isn't safe with encyption. A first target for any inteligence services is to hack (root)keys. And they sure have the hardware for it. Next thing is to automate scanning, echolon a distributed mail reader can read many mails at once, don't think it read once in a while a mail. I think / gues /hope that using non standard encryption (as a reminder MD5 is allready cracked) would get you some privacy. I've heard about blowfish encryption and that might be more safe since it doesn't use the same security keys each time like the other methods do.
I wonder of who you should be affraid if you would live in the USA, for terrorists or for the police-nation which goverment does spy on its own civilization. Is the USA turning into some kind of communism?, as they used to that. Well anyway I don't call that a democracy rather a police-state.
I know you're out there. I can feel you now. I know that you're afraid. You're afraid of us. You're afraid of change.
Why anyone would use encryption keys generated by a third party is a source of continuing bafflement to me - don't you think a copy every key issued by every commercial certification company goes straight to the US government?
/Shakes head in bewilderment
use an SMTP server that uses TLS get all you friends to use the servers that support SMTP TLS use SMTP-AUTH with TLS for sending mail use POPS and IMAPS for reading your mail
This is not my sandwich.
The RSA patents have expired, and the algorithms are well understood. There's really no reason to stick with RSA's implementation.
Fortunately for us, key escrow didn't have enough political support, and we now have crypto anarchy. (That's a very good book, by the way.) Despite what naysayers may say, we still live in a democracy, and NSA doesn't make all the decisions.
No one except the NSA really knows if the NSA has some magic box that can factor large primes, but a lot of people have worked on the problem without breaking RSA with some progress made, but no real success (assuming approprately large keys). I'd personally be more worried about the NSA (or others) tracking the source and destination of email messages, which is much more difficult to hide than the message contents -- and encryption is probably the best way of getting picked out of a crowd for additional scrutiny (which isn't to say that encryption is a bad idea, just that someone with something to hide ought to make sure their secrets aren't discoverable through some other unencrypted channel that would have been ignored if he/she haden't drawn attention to him/herself).
Hate to be That Guy, but MOD UP!!!
First the Parent is not a troll.
But I disagree with it because we should be able to keep our email secure if we feel like it. We should have a way to encrypt email send them to people encrypted. But it brings up the question if you are sending encrypted data are you raising red flags to the people who are spying on you thus force them unencrypt your message to be sure you are telling you mom about the big mess you made making pasta.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
If you want to insure encryption until it gets to the hard drive of the recipient. You will need to setup your own secure Pop 3 server and have people who want the secure messages secure pop from you.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Get a free certificate from some place like Thawte and have your relatives get certificates as well. Then, just use the signing and encryption features of your email applications...
If you don't trust that technology for your security, get GPG and install that along with a plugin for Thunderbird (EnigMail if I remember correctly).
This bug says that Mozilla (aka Seamonkey) should implement the "encrypt when possible" feature. That is, if the email client has the public key of all recipients, then the email should be automatically encrypted. If this feature were implemented in Seamonkey and Thunderbird, it would do wonders for increasing the usage of encryption. All you would need to do then is get a private/public key for everyone you know, and then all email will be automatically encrypted. Your mom wouldn't even know it was happening.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
1. The topic is not about why one wants to encrypt, nor is it about message content -- although comments addressing plain-text concealment are certainly meritorious.
2. Regardless of the sender's scheme, it is only as good as the decryption scheme.
3. If you are serious about encryption and must use Windows, then compile PGP 5.53CKT from source code and generate 8192 RSA Keys and 16384 DSA Keys and never use the same one twice. If there is a backdoor, it isn't in the encryption process itself. Nobody can crack these messages in a reasonable time, if at all.
4. If you are concerned about keyloggers and the like build a 486 with no hard drive, run DOS from RAM and PGP 2.62 from floppy.
5. Send hundreds of messages using the above then add steganography into the mix.
6. Use online gaming or blogs to communicate without directing your message to a particular individual.
7. Don't forget remailers if you are looking for anonymity.
I've already done an "unsafe key exchange" with your mom and it wasn't very good.
Snowden and Manning are heroes.
I am REALLY wish I could moderate the above statement "-1 Jackass".
It does not matter if you're a crook or a saint, THE GOVERNMENT DOES NOT HAVE THE LEGAL RIGHT TO OPEN YOUR MAIL, OR LISTEN TO YOUR PHONE CONVERSATIONS.........unless they get a warrant, and do it LEGALLY.
Encrypting your correspondence DOES NOT MAKE YOU GUILTY OF SOMETHING, YOU TWAT!
If the federal governtment is not legally allowed to open your mail without a judges approval, why on earth would you not be offended of they said they have been reading your e-mail?
My god, if this is the attitude of most people in America, I have no hope left that we will not end up running from the frickin'thought police.
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
How do you know hushmail does not keep your passphrase? How do you know the Hushmail Applet is the same as their publicly released code generates?
I personally communicate via postcard! I aint hiding nothing!
America, fuck yeah!
Ok so you are afraid of big brother listening in, but only now and all of the sudden. But isn't it true that there are non-governmental people out there right now reading other people's email on their whim and will?
It seems to me that if the real issue is the privacy of your email you would be more worried about the security of your mother's machine from any sort of compromise since that would allow reading your email. You should be worried about the security of your ISP since they relay your email and could potentially (and unethically) be intercepting all your email to read over Doritos and Mountain Dew. You should even be worried about the security of the keyboard of your computer while you are not present, since anyone with access (kids, spouses, nieces, nephews, neighbors, etc) can potentially compromise your computer accidentally or on purpose.
But instead of addressing the real issue of privacy this is just a backhanded slap at the President because you do not agree with his views. If you want to discuss his views, then let's discuss that but please don't make yourself so pious as to say that this is some noble quest.
And IMHO this is not a troll posting or flame bait, if the original poster can show where all my points have been addressed then maybe I would be willing to assign this to naivety but we all know it is not.
Last I checked the bush administration couldn't even count to three much less decipher 01000010 01110101 01110011 01101000 01000000 01010011 01110101 01100011 01101011 ' 01110011
Women- the final frontier...
Whats the point in encrypting your email when your i the US? You can only encrypt it up to around 46bit mximum legally. That can be broken in under a week should they want to read your mums shopping list. Any more than that and you run the risk of being linked to terrorism or some other bizarre charge they'll slap on you.
When someone says something's not an urban legend, chances are it probably is.
I guess the NSA must hae at least a 100 million Americans in their terrorist DB by now. No wait, they're of course monitoring all worldwide communications, so they must be counting billions by now...
X.
Forth Amendment
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
pretty much covers privacy, since you can't violate privacy without viloating something in the above, not at least without twisting the meaning and intent of the words.
"It is a greater offense to steal men's labor, than their clothes"
http://www.satirewire.com/news/aug02/encryption.sh tml
Nuff said.
The reason why many want to encrypt all email traffic (or as much as possible) is one of inconveniencing the government. I do not feel that the feds are snooping on ME specifically, nor do I feel that I might email to my father is worth wasting processor time on cracking.
:)
If the only mail a person encrypts are those they feel are politically "damaging" (such as political beliefs about abortion, free speech, keeping or bearing arms, etc), then any snooper LOOKING for such information will already know which messages to crack. If, however, a person under surveillance encrypts ALL traffic (infeasible, I know), or even a majority of benign/mundane traffic, then it's no longer obvious which packets need to be decrypted.
The same thing works on a per-person basis, as well.
If one person encrypts their mail, they stand out, get hassled, and the authorities might wonder "what they might be hiding". Why? Because most people feel that only the Bad Guys have information that need to be hidden from prying eyes, and thus only Bad Guys will be using encryption.
However, when enough normal people start encrypting their mail (even shopping lists, happy birthday wishes, etc), the situation changes. Anyone that tries to find Bad Guys by the fact that they encrypt their mail will be swamped with false positives. Once they realize this, they will have to filter all the mail they decrypt -- even more wasted resources.
Basically, we don't feel that our encrypted mail should be snoopable, much as we don't like the idea of a government steaming our mail open and reading all our letters. This should not be necessary in a civilized society.