Slashdot Mirror
How To Enable Mom w/ Encrypted E-Mail?
mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"
Just sprinkle big, intellectual-ish words like "multilateral," "constitutionally legitimate," and "evolutionary" into your emails. They'll never figure out what you're talking about.
How To Enable Mom w/ Encrypted E-Mail?
Don't.
-Colin
Enigmail project website features are:
Works for me!
Personally, I just assume that whatever I write or say is being listened to. It sucks, but that's the world we live in. Don't like it? Vote for a non-fascist next time.
I can assure you that in any hypothetical situation in which a government monitors the communications of its citizens, a message whose contents the author has encrypted stands out as interesting and worty of scrutiny in a sea of plain text transmissions. If you're looking to lay low, the best way to do so is to simply blend in.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Don't bother using encrypted emails, because if you're not sending anything incriminating, THERE'S NO NEED.
p osts
I love this type of thinking.
Check out the 60 minutes inteview on Echelon:
KROFT: (Voiceover) Is it possible for people like you and I, innocent civilians, to be targeted by Echelon?
Mr. FROST: Not only possible, not only probable, but factual. While I was at CSE, a classic example: A lady had been to a school play the night before, and her son was in the school play and she thought he did a--a lousy job. Next morning, she was talking on the telephone to her friend, and she said to her friend something like this, 'Oh, Danny really bombed last night,' just like that. The computer spit that conversation out. The analyst that was looking at it was not too sure about what the conversation w--was referring to, so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.
KROFT: This is not urban legend you're talking about. This actually happened?
Mr. FROST: Factual. Absolutely fact. No legend here.
http://www.freerepublic.com/focus/f-news/1543347/
I'll be darned if I'm going to live my life in fear that some TLA will mistake some perfectly innocent activity for terroristic proclivities. I only have control over my own mind - it's beyond my abilities to make someone else interpret my actions in the way I want.
So, I'll keep encrypting the emails I send to my friends. I'll also keep locking my door and sealing my envelopes, even though I don't have any secrets the government would be interested in.
Dewey, what part of this looks like authorities should be involved?
Who cares? Do you write your letters on postcards or do you seal them inside an envelope?
Maybe he has a nosy mailadmin. Maybe he doesn't want his kid sister reading mail meant for his parents. Some of us value our privacy, even though we don't have anything to hide.
Dewey, what part of this looks like authorities should be involved?
--Cardinal Richelieu
so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.
You know how large the "possible terrorist" list would be, then? I'm sure all of us have used a suspicious word over a communication network in a normal way at some point....
If they're using that kind of criterion, then I know I'm on that list. Now what? They can't well hassle half the people boarding the plane; they might as well hassle them all and drop the list.
And then, you will be itting, like John Gilmore, on a no-fly list - maintained by secret laws that no American may know about, or make reasonable enquiry.
Only, unlike Gilmore, you are probably not a multi-millionaire...
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
May I reccommend a hush.ai address, as they're offshore.
They used to be. The servers are in Canada now. You know, the Country that tried to pass the Lawful Access bill last session to "compel all telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number."
Do you think that the NSA doesn't have ways around the encryption methods you are looking at implementing?
I understand the math behind it. Keep in mind a few bright Chinese scientists were able to find weaknesses in once stalwart signature technology. The stuff we use today isn't impervious, and we know that there are ways around it. We just don't know for sure how easy it is until someone proves it.
China's only problem is that they allowed these scientists to publish this. Why the communists didn't bring these guys into their top-secret intelligence org is beyond me. In the US, if a scientist discovered how to thwart similar security measures, they wouldn't be allowed to publish it. They would be instantly whisked away to the NSA secret HQ to work on similar problems for untold amounts of cash.
Which brings an interesting thought: How smart are the people who work at NSA, and how much can they crack? How do these people's intelligences and knowledge compare to the rest of the world, at least, the public world? We'll never know for sure unless we get a job working there as a scientist who has to develop new methods of cracking encryptions. And then we wouldn't be allowed to tell anyone. So the public will never know for sure, and can never know for sure.
In short, the encryption race can't be won with the US government, any more than you could win a nuclear arms race. You can go ahead and compete with nosy neighbors and competitors, and perhaps even 2nd or 3rd world foreign intelligence, but I strongly doubt that you'll be secure from the prying eyes of any administration of any of our allies. Besides, this is one area where our government has spent and will spend the required resources to ensure they are #1, just like the arms race was.
And remember, in security, the question is, "How secure do you really need to be, and how much are you willing to pay for it?" In the end, is your grandmother really that worried about some administration official reading her super-secret brownie recipe that she passes on to her friends? What will she say that could possibly alarm them? How secure will the recipients of her messages keep those messages? What's the point of being secure if you can't secure both ends of the conversation?
The radical sect of Islam would either see you dead or "reverted" to Islam.
To send email securely over your Google's gmail account, just configure Thunderbird mail account to retrieve gmail email using your Google POP3 account information.
Thunderbird/Enigmail combo neatly address your privacy issues for both sending and receiving.
With PGP/GnuPG perfect forward-secrecy protection, you can leave all your emails in your gmail account and not bother to delete them (EVER or until your GnuPG passphrase is compromised).
Google deux-machination of trying to find AdWords in your email for their massive onslaught of advertisement campaign will come to a screeching halt when your gmail InBox contains nothing but psuedo-random data.
Good riddance to invasive AdWords into your emails...
Anyone know about Ciphire?
https://www.ciphire.com/
i read the whole thing, and i'm not sure how much of it i actually believe. Mr. Frost says they get a lot of info from baby monitors... they'd have to be pretty close to the originating house to do that, because even if the range extends far enough (which it probably doesn't, it costs money and takes fcc licenses to do long range broadcasting), baby monitors are on a band that is used by a lot of other things as well, and their transmissions would join a flood of others.
so i can only think of a few ideas to explain this guy: he might be sensationalizing his story, possibly on behalf of his former employer, possible to his own ends. that, or when they hired him, the cse or whatever may have shown him a demo that made him believe they had more capabilities than they really did. maybe 60 minutes ran out of ideas for shows and hired an actor to spout off things they based off of conspiracy websites. ok, maybe not, but i still find this hard to believe, especially former workers talking about it to a television show.
The problem with this argument is that the reason one puts messages in envelopes very rarely has anything to do with preventing the mail carrier from reading the contents of that letter.
As a case in point, if you are sending a check, money order, or even cash to someone, most people use some sort of method of further obscuring the contents than simply putting it into an envelope. They pay extra for a box of 'Security' envelopes, printed on the inside with some pattern that makes it difficult to discern writing or printing. They wrap an additional piece of paper around the instruments. And so on. This doesn't happen in every case, but just about as often as not.
It has also been long recognized that if you are sending mail to a country or person that someone has significant concerns about, that there are several ways of opening the envelope, or even extracting the letter from within the envelope without opening it. Read or copy the contents, then return the contents of the letter and send it on it's way.
In a lot of cases the real reason for using an envelope has more to do with protecting the contents of the envelope from smudging or being separated than with preventing anyone from knowing what those contents are. If you are paying a bill, you use an envelope to keep the check and the bill stub together so that the people being paid have some idea of what the check is for.
If you get a multi-page letter from Aunt May, she is more likely to be trying to keep the pages together and in order than otherwise. If you are traveling, you very probably do send post cards, often with a picture of where you are, and a brief note wishing the recipient were along for the trip. An interested party may glean far more from a brief glance at the picture than by reading pages of text.
Note that there are a couple of elements of the above that do make sense when related to encrypting or digitally signing the e-mail that you send. For all practical purposes the e-mail that you send is a single page document. Even if you print it to 100 pages of a single spaced double sided 6 point font as far as the e-mail handling software is concerned, it doesn't matter if the message is zero bytes, or a couple million bytes. If the parts are not all put together correctly at the far end, an error is logged, and the system trys to fix the situation. Likewise the system is mostly proof against smudging or error introduction to the body of the message, as it is being handled by a TCP connection. That does not prevent changes to the headers, nor does it prevent an alteration by a malicious server in the middle. Encrypting or signing the contents does reduce the likelyhood that a change to the contents will be noticed. (Though it does nothing for the headers, including the subject.)
Of course the above is a rather simplistic explanation, and there are other elements involved.
-Rusty
You never know...
Just go up stairs and tell her what you would have written in the email.
I've set my whole family to use encryption and signatures using either KMail or Thunderbird. The setting up is the hard bit, and I don't think any of them really understand what the difference between signing and encrypting is, what a public or private key is. That doesn't matter though. If it's possible to encrypt (i.e. the key for the recipient is in the keyring) then both Kmail and Thunderbird automatically do so.
The only thing any of them notice is that ocassionally they have to enter their password again.
I have to say though that when Kmail popped up a message that was all in red to indicate that a signature was invalid, everyone loved it (it wasn't sinister, MS Exchange mangles certain messages).
Being sure that your email wasn't read, nor was it tampered with is a great feeling. Nothing any of us say to each other is, in theory, worth protecting in this way; however, it's now perfectly safe for them to send, say a home address or a telephone number or any other personal information in the knowledge that it hasn't been read. It's not national security stuff, it's just privacy. You're not protecting against government snooping, you're protecting against random snooping by some bored mail server operator.
I'd argue that if the government wanted to spy on me, they'd find it very dull, but wouldn't be thwated by the fact that I encrypt my emails.
Carpe Daemon
1. What are you trying to hide?
2. Tell me where Osama Bin Laden is
.
Sig
Enigmail does not handle HTML.
The commercial version of PGP (PGP Desktop) supports the Macintosh and Windows. It will automatically sign and encrypt email.
Mea navis aericumbens anguillis abundat
How about WinPT ("Windows Privacy Tray") for your Windows relatives? It front-ends gpg with something that sits in the system tray. Can encrypt from the clipboard or the foreground window.
Terrorist.
Fighting the drug dealers was the excuse in the 80s. In the 90s it was saving the children. Now it's fighting terrorism. Please, keep up to date on the latest doublespeak - otherwise it's harder for the government to strip us of our rights.
... to get more people using encryption is because it will make it that much more difficult for them to ban it later.
To all the "you don't need encryption unless you have something to hide" people. Wow. I'm truly astounded by those people who have failed to learn anything from history.
You can get a free personal certificate from Thawte that works great. Once you've setup your account with them, you can create a signature for each email address you use. On the Mac side, you just download the certificate, and the Mac takes care of automatically installing it. Mail will also detect the certificates you install, and you'll see sign and encrypt (provided you have the recipients public key) buttons when you compose new messages. Here's a tutorial on getting it up and running with Mail:
x
http://joar.com/certificates/
It also works with Outlook, Outlook Express, Thunderbird, and Mozilla:
http://www.marknoble.com/tutorial/smime/smime.asp
Develop an encryption table that produces shapes similar to the screen characters created by the ASCII characters you want to transmit*.
Obtain a molecular transfer device that puts a dark material on semi-permiable surfaces, such as the paper you use in your printer.
Encode your message by placing dark marks on the paper. Seal it in an opaque layer of similar material and encode the physical address of the recipient on the outside.
You can then purchase a government document (for less than the cost of a cup of cofee, or of supporting a third world waif for a day) from a government agency tasked with transfering such encrypted information, afix it to the outside of the "envelope", and trick the 3\/1L goobermint into delivering your secret message for you.
If you REALLY want to be certain of your security, you can seal the "envelope" with the semi-transparent film developed by the security firm "3-M". The adhesive on one side of the film prevents unauthorized opening.
Of course this is all for naught due to the CIA's "remote viewers" unless you remain in motion. So when you're encrypting/molecular transfering, it's important to run around in circles so they can't focus on you. A tin foil hat won't actually help, but wearing one while running in circles will prevent those around you from asking pesky questions. Remember: shiny side out, otherwise a feedback loop can occur and cause dain bramage.
* As an alternative, entirely graphical representations can be developed. Pictures created with polychromatic, wax-based molecular transfer devices are especially attactive to moms, who tend to archive them on the outside of their refrigerator.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
If the feds or any other government agency could really interpret what "IS" really meant when my bro says "Christmas is at Aunt Bertha's next year, the kids can't wait, it will be fun for all." --- Translation: "Shit! crazy Aunt Bertha and her big, smelly dogs are hosting christmas this year, we all have to go kids included, that means cousin Steve's terror tribe will be there too, that's gonna suck!"
So you can see that family sarcasm can easily eliminate the need for encryption.
Sig Hansen?
Simply included an encrypted and plaintext version in every email; problem solved!
I Am My Own Worst Enemy
Well everyone says that if you have nothing to hide, then why worry about it. Try telling that to the guy that was abducted by the US gov and tortured for three months before being let go after they realized that the poor guy wasn't who they thought that he was(I hope they don't mistake me for someone else). Anywho, my biggest problem is that everything that has been created has or will be hacked one way or another. It is no longer a question of if, it is a question of when. This includes all encryption, it may be hard, but it has or will be done, history shows us this. As far as mandated monitoring systems, how long before someone hacks their way into these systems and uses them for their own personal goals. The remote monitoring that is now required for both data and voice is bound to have holes in it one way or another. For example someone using a very simple password for the remote "black box" that enables the monitoring. For this reason alone, I think that all communication should be encrypted. As stated before, any "powerful/modern" government will be able to decrypt it anyway, but it will safeguard you from when the system that they use to monitor is compromised. That is the reason that I feel that all communication should be encrypted at multiple levels.
Freedom of Speech does not imply the Freedom to Hear whatever is said!
(-hrair-)
Beware of the shining wires...
Has the Bush administration actually invoked FISA as their legal basis? If so, I missed it. And, from what I've heard, it wouldn't fit. AFAIK, FISA requires either a warrant or only monitoring where no US person is likely to be involved (see Q18 in the EFF writeup).
Carter and Clinton both issued executive orders authorizing FISA monitoring, but specifically quoted FISA regulations to be followed. I haven't seen a similar order from Bush, and even according to legendary conservative Rush Limbaugh, the FISA courts were bypassed. Limbaugh's take on it was that the unprecedented denials and modifications of Bush's FISA requests forced him to go around the process.
In short, the President is not asserting legal authority under FISA. According to the Attorney General, his authority hinges (PDF) on his "inherent authority" as Commander-In-Chief, and Congress's Use of Force Resolution.
Of course, in my strict interpretation, I missed the part of the Presidential Oath, Constitution or the above resolution that grants him any power over surveillance. And, according to Daschle (partisan to be sure, but you'd think records of this kind of stuff would be easily checked), Congress specifically rejected the administration's request for having the resolution cover actions in the US.
Has the Bush administration actually invoked FISA as their legal basis?
No they have not. Interestingly enough, the FISA court itself became quite alarmed when evidence started to appear in its proceedings which was obtained through the executive order.
The current justification for the wire-tapping executive order is based upon the War Powers Act. As I understand it, the basic gist of this position is (1) we are at war and (2) any surveillance gathered is therefore military intelligence, exempt from the usual proceedings and review. This is, of course, is quite a dubious position to take and is probably why the president personally requested that the NYT editors not release the story about a year ago.
Remaining unsettled are some of the following questions:
It's going to be interesting to see how it all unfolds over the next couple months, but it looks like it's going to get REAL ugly. Those interested should check out the new book from James Risen, the NYT reporter who did all the legwork, which should have more details. It's called "State of War," and should come out later this week.
-Grym
This is not my sandwich.
The President has explicit authority by the US Constitution to do what is necessary to protect this country from foreign nationals
People often say the US constitution says many things that are not in it. The main problem is that most people have never read it, or at least they haven't read it since being forced to in high school. There is nothing explicit in the constitution about the president protecting the country from foreign nationals. The closest thing it does mention is that in part of his oath he must swear to "defend the Constitution of the United States." It doesn't say anything about the president ignoring laws or other parts of the constitution if he deems it necessary.
This bug says that Mozilla (aka Seamonkey) should implement the "encrypt when possible" feature. That is, if the email client has the public key of all recipients, then the email should be automatically encrypted. If this feature were implemented in Seamonkey and Thunderbird, it would do wonders for increasing the usage of encryption. All you would need to do then is get a private/public key for everyone you know, and then all email will be automatically encrypted. Your mom wouldn't even know it was happening.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
No, the Constitution says nothing even remotely like that, and it's pretty scary that so many people seem to think it does. This September, instead of a Constitution Day on which everyone hangs up decorative prints of soaring eagles and parchment and quill pens, how about a Constitution Reading Day to encourage people to actually look at the damn thing?
Forth Amendment
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
pretty much covers privacy, since you can't violate privacy without viloating something in the above, not at least without twisting the meaning and intent of the words.
"It is a greater offense to steal men's labor, than their clothes"