Slashdot Mirror
How To Enable Mom w/ Encrypted E-Mail?
mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"
I'll be darned if I'm going to live my life in fear that some TLA will mistake some perfectly innocent activity for terroristic proclivities. I only have control over my own mind - it's beyond my abilities to make someone else interpret my actions in the way I want.
So, I'll keep encrypting the emails I send to my friends. I'll also keep locking my door and sealing my envelopes, even though I don't have any secrets the government would be interested in.
Dewey, what part of this looks like authorities should be involved?
Who cares? Do you write your letters on postcards or do you seal them inside an envelope?
Maybe he has a nosy mailadmin. Maybe he doesn't want his kid sister reading mail meant for his parents. Some of us value our privacy, even though we don't have anything to hide.
Dewey, what part of this looks like authorities should be involved?
Even assuming that the Feds are snooping on your email to your mother — why do you care? Is the possibility worth the slightest bit of hassle? I suspect that's what your mother will say when you insist that she learn how to email all over again.
Best answer on here.
Oh, and, while you're at it, if you have that much time to get that worried about your regular communications with your Mom, then you might want to take some time and go out and get a life.
Don't be so sure! I recall about eight years ago it was discovered that GSM's 64-bit encryption keys defaulted the last 16 bits of every key to zero, significantly reducing the amount of processing needed to decrypt GSM transmissions. At the time this was widely suspected as an intentional back-door so GSM would gain approval from the necessary goverments before being deployed.
All I'm saying is who's to really, really know if a publicly-traded company like RSA can't get "leaned on" by the government to provide the NSA with a back door? In fact, according to Steven Levy in "Crypto" there was the possibility that the original RSA encryption would never see the light of day if users didn't surrender their keys to the government to be held "in escrow", to be made available to law enforcement with the appropriate warrant... These are just 'for examples'.
Encryption is no panacea and it probably only protects you from the average criminal who tends to prefer easier targets that don't encrypt their data. For these reasons, I just don't see encrypting email as a way of protecting yourself from your own government.
Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
--Cardinal Richelieu
At my university, Every student is given a connectivity CD which configures their computers for the network and installs firefox/thunderbird (even adds putty and an SFTP client). Next year it will also include gaim/adium as they are currently beta-testing a jabber server. If you want to get online when you show up at school, all you have to do is plug the CD in and it will do it all for you. Most people figured it out right away and became more thrilled when people showed them stuff like tabbed browsing and how much better thunderbird was than the shitty webmail but there were still some people who managed to get by without switching, they still torture themselves with webmail and have problems with IE AND they somehow managed to configure their network settings without using the CD (you would think that people who knew how to do that would know better). If only it was more possible to force people completely to not use IE but unfortunately it is so entrenched that you cant just block or disable it.
Bottles.
so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.
You know how large the "possible terrorist" list would be, then? I'm sure all of us have used a suspicious word over a communication network in a normal way at some point....
If they're using that kind of criterion, then I know I'm on that list. Now what? They can't well hassle half the people boarding the plane; they might as well hassle them all and drop the list.
And then, you will be itting, like John Gilmore, on a no-fly list - maintained by secret laws that no American may know about, or make reasonable enquiry.
Only, unlike Gilmore, you are probably not a multi-millionaire...
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
The problem with this argument is that the reason one puts messages in envelopes very rarely has anything to do with preventing the mail carrier from reading the contents of that letter.
As a case in point, if you are sending a check, money order, or even cash to someone, most people use some sort of method of further obscuring the contents than simply putting it into an envelope. They pay extra for a box of 'Security' envelopes, printed on the inside with some pattern that makes it difficult to discern writing or printing. They wrap an additional piece of paper around the instruments. And so on. This doesn't happen in every case, but just about as often as not.
It has also been long recognized that if you are sending mail to a country or person that someone has significant concerns about, that there are several ways of opening the envelope, or even extracting the letter from within the envelope without opening it. Read or copy the contents, then return the contents of the letter and send it on it's way.
In a lot of cases the real reason for using an envelope has more to do with protecting the contents of the envelope from smudging or being separated than with preventing anyone from knowing what those contents are. If you are paying a bill, you use an envelope to keep the check and the bill stub together so that the people being paid have some idea of what the check is for.
If you get a multi-page letter from Aunt May, she is more likely to be trying to keep the pages together and in order than otherwise. If you are traveling, you very probably do send post cards, often with a picture of where you are, and a brief note wishing the recipient were along for the trip. An interested party may glean far more from a brief glance at the picture than by reading pages of text.
Note that there are a couple of elements of the above that do make sense when related to encrypting or digitally signing the e-mail that you send. For all practical purposes the e-mail that you send is a single page document. Even if you print it to 100 pages of a single spaced double sided 6 point font as far as the e-mail handling software is concerned, it doesn't matter if the message is zero bytes, or a couple million bytes. If the parts are not all put together correctly at the far end, an error is logged, and the system trys to fix the situation. Likewise the system is mostly proof against smudging or error introduction to the body of the message, as it is being handled by a TCP connection. That does not prevent changes to the headers, nor does it prevent an alteration by a malicious server in the middle. Encrypting or signing the contents does reduce the likelyhood that a change to the contents will be noticed. (Though it does nothing for the headers, including the subject.)
Of course the above is a rather simplistic explanation, and there are other elements involved.
-Rusty
You never know...
Terrorist.
Fighting the drug dealers was the excuse in the 80s. In the 90s it was saving the children. Now it's fighting terrorism. Please, keep up to date on the latest doublespeak - otherwise it's harder for the government to strip us of our rights.
But in just the same way, encrypting your correspondence will flag you as suspicious. If the original poster's concern about unwarranted government snooping is justified, then this is precisely the sort of thing that will draw their interest, lead them to investigate him through other channels, start carefully reading Mom's non-encrypted correspondence, scrutinizing her contacts, etc. Asking your friends and family to start using encrypted e-mail with you is a bit like inviting them to take flying lessons and Arabic 101 classes with you: legal and presumably innocent... but not if the presumption of innocence is being ignored.
http://alternatives.rzero.com/
... to get more people using encryption is because it will make it that much more difficult for them to ban it later.
To all the "you don't need encryption unless you have something to hide" people. Wow. I'm truly astounded by those people who have failed to learn anything from history.
It's ironic that an individual excercising thier rights to privacy becomes the basis for probable cause to violate that privacy.
Good time to be living in a freer country, don't you think?
That is ridiculous, and does not follow.
... they just applied their 'crack' and cranked out the answers. Even if it hasn't happened, the combination of 1 and 2 mean that anything that takes brute force doesn't necessarily take a lot of time. Heck, my home Beowulf can outrun the $5.5M Cray mainframe AND the $150,000 IBM cluster that matched it back in 1999, on the same benchmark (skyvase.pov)
Actually it is pretty simple.
As far as most of us know, cracking RSA (and DES, and all the 'good' encryption) can be done, but it can only be done via brute force (ie, trying different keys until one is found that works.) There is a little more to it than that, but lets just say it is incredibly time and processor intensive. Just like SETI.
One of three things has happened at the NSA, you can pretty well bet :
1. Every year computers get twice as fast, for free.
2. The can add more machines without removing the old ones, (thing Beowulf.)
3. They came up with an algorythm that is faster than brute force, but haven't let on.
That third one is the most scary - it is like when the Enigma was cracked. No longer did it take brute force
RSA / DES keeps the honest people honest, and it keeps the first level bad people honest - but the days of keeping the hardcore bad guys honest are pretty much over.
And yes, I mean the gvmt.
Glonoinha the MebiByte Slayer
At work we encrypt all our email because
1) It's so easy that there's no reason NOT to do so, and
2) it contains trade secrets, and
3) it contains private data about clients.
Not encrypting your email is a good way to get sued into oblivion, if not by a disgruntled client or former employee, then by your own shareholders.
-I like my women like I like my tea: green-
Well everyone says that if you have nothing to hide, then why worry about it. Try telling that to the guy that was abducted by the US gov and tortured for three months before being let go after they realized that the poor guy wasn't who they thought that he was(I hope they don't mistake me for someone else). Anywho, my biggest problem is that everything that has been created has or will be hacked one way or another. It is no longer a question of if, it is a question of when. This includes all encryption, it may be hard, but it has or will be done, history shows us this. As far as mandated monitoring systems, how long before someone hacks their way into these systems and uses them for their own personal goals. The remote monitoring that is now required for both data and voice is bound to have holes in it one way or another. For example someone using a very simple password for the remote "black box" that enables the monitoring. For this reason alone, I think that all communication should be encrypted. As stated before, any "powerful/modern" government will be able to decrypt it anyway, but it will safeguard you from when the system that they use to monitor is compromised. That is the reason that I feel that all communication should be encrypted at multiple levels.
Hassles? Let's stop playing word games call it what it really is: oppression. Spying on innocent civilians is a "technique" derived from the principle of guilty before proven innocent, which in turn, is clearly a mark of oppression.
When an innocent man is questioned, detained, fined, jailed, or otherwise punished when he hasn't initiated force against any person, calling it a simple "hassle" is falling right into the trap. So please don't adopt the propaganda term. Realize and accept the truth. This is oppression, and we are oppressed.
The President has explicit authority by the US Constitution to do what is necessary to protect this country from foreign nationals
People often say the US constitution says many things that are not in it. The main problem is that most people have never read it, or at least they haven't read it since being forced to in high school. There is nothing explicit in the constitution about the president protecting the country from foreign nationals. The closest thing it does mention is that in part of his oath he must swear to "defend the Constitution of the United States." It doesn't say anything about the president ignoring laws or other parts of the constitution if he deems it necessary.
No, the Constitution says nothing even remotely like that, and it's pretty scary that so many people seem to think it does. This September, instead of a Constitution Day on which everyone hangs up decorative prints of soaring eagles and parchment and quill pens, how about a Constitution Reading Day to encourage people to actually look at the damn thing?