Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safeguarding Data From Big Brother Sven?

Posted by timothy on from the dear-diary-sven-keeps-reading-my-diary dept.

An anonymous reader writes "Now that the Swedish government (in its infinite wisdom) has passed a law allowing them to monitor email traffic, a question that I think a lot of people are asking (or at least should be asking) is: 'What can I do to improve my privacy?' The answer is not obvious. So, what are the best solutions for seamless email encryption, search privacy, etc? What are your experiences with PGP vs GPG vs ...? In this day and age, why is the use of this type of privacy technologies still so limited? Why isn't there a larger movement promoting the use of privacy tools? Also, what is in your opinion the largest privacy concern? Search tracking? Email transfer? I believe this is an interesting question not only for Swedes, but for everyone. Lots of traffic is passing through Sweden, but more importantly, the Swedish government is not alone in using this type of surveillance." Reader j1976 writes with a related question: "For most users with email addresses within large organizations, implementing their own email encryption scheme is not feasible, partly because of the technological aspects, but also since users in organizations often do not have administrative access to their workstations. What can an organization do, centrally, to lift the burden of encryption from the users? Are there any transparent schemes for email encryption which could be installed for the organization as a whole?"

4 of 345 comments (clear)

  1. Seamless, no. Pretty darn close, yes. by querist · · Score: 4, Informative

    There is no "seamless" encryption method that will give you enough protection. Sorry.

    However, there are plenty of options if you're willing to do just a little work.

    Install GPG or PGP. I use GPG because I can give it away legally to my friends who are less technically saavy and it works on Linux, OS X, and Windows.

    Enigmail will integrate nicely into Mozilla's emailer and automate nearly everything once you have the person's public key. It will even notice who your recipient is and automatically pick the correct key.

    There is something similar for the OS X Mail application (and I have it installed) but I don't remember the name of the application. It's not as bright as Enigmail and won't figure out who the recepient is automatically and pick the correct key.

    FireGPG is a plug-in for FireFox (and it works for "Mozilla" because the web browser _is_ FireFox) that will allow you to use GPG with GMail.

    I have an email account in which _all_ of the traffic is encrypted because I use these tools. I never send anything unencrypted on that account.

    It's not seamless, but it's not that hard and it is not very intrusive.

    I do not know if I should pity you because of your government reading your emails or if I should at least feel happy for you that they are honest enough to admit it (supposedly) before starting. Either way, I doubt things are any better here in the USA.

    I find it amusing that the CAPTCHA is "incided", as in this new law inciting a riot.

  2. Re:SMTP over SSL by Z00L00K · · Score: 5, Informative
    That part is actually relatively easy - and you have to remember to also implement IMAPS and POP3S - and close the IMAP and POP3 services.

    I have already implemented SMTPS, IMAPS and POP3S a few years ago. And it's actually not really necessary to buy a certificate if you are doing this for a closed group. Just use OpenSSL and generate your own certificate.

    To send emails to others both ends have to buy an email certificate, like from Verisign.

    And then some of those who voted for this law thought that encryption is very easy to crack - so easy that it doesn't matter if an email is encrypted or not. The problem with cracking encryption is that you first have to figure out which one it is - and the history is full of encryption techniques.

    So in the end - this law will be a good promotor for encryption more than anything else and the monitors can continue to search with Google and not get a bit of useful information from the real criminals and terrorists.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  3. Re:Why can't it be simple. by ahugenerd · · Score: 5, Informative

    You have it backwards. Your public key is used to encrypt messages that are being sent TO you, which you can then only decrypt with your master key. The idea is that you (Alice) would send your message encrypted with Bob's public key to Bob. Since only Bob has his own master key (since it doesn't get posted to the server), then only Bob can decrypt it. Bob would then reply to you by encrypting his message with your public key. And so on.

  4. Re:Why can't it be simple. by Godji · · Score: 4, Informative

    The public key server only holds your public key - the one that was meant for anyone to see. Your private key, which is the only one that can be used to decrypt messages addressed to you, stays with you. Nobody other than the parties involved in the communication ever holds one or the other's private keys.

    The "public" in "public key server" means BOTH that the key server is public AND that it is a server for public keys. The most anal-retentive name for it would be a "public public key server".

    See http://en.wikipedia.org/wiki/Public-key_cryptography for all the details.