Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safeguarding Data From Big Brother Sven?

Posted by timothy on from the dear-diary-sven-keeps-reading-my-diary dept.

An anonymous reader writes "Now that the Swedish government (in its infinite wisdom) has passed a law allowing them to monitor email traffic, a question that I think a lot of people are asking (or at least should be asking) is: 'What can I do to improve my privacy?' The answer is not obvious. So, what are the best solutions for seamless email encryption, search privacy, etc? What are your experiences with PGP vs GPG vs ...? In this day and age, why is the use of this type of privacy technologies still so limited? Why isn't there a larger movement promoting the use of privacy tools? Also, what is in your opinion the largest privacy concern? Search tracking? Email transfer? I believe this is an interesting question not only for Swedes, but for everyone. Lots of traffic is passing through Sweden, but more importantly, the Swedish government is not alone in using this type of surveillance." Reader j1976 writes with a related question: "For most users with email addresses within large organizations, implementing their own email encryption scheme is not feasible, partly because of the technological aspects, but also since users in organizations often do not have administrative access to their workstations. What can an organization do, centrally, to lift the burden of encryption from the users? Are there any transparent schemes for email encryption which could be installed for the organization as a whole?"

2 of 345 comments (clear)

  1. Re:SMTP over SSL by Z00L00K · · Score: 5, Informative
    That part is actually relatively easy - and you have to remember to also implement IMAPS and POP3S - and close the IMAP and POP3 services.

    I have already implemented SMTPS, IMAPS and POP3S a few years ago. And it's actually not really necessary to buy a certificate if you are doing this for a closed group. Just use OpenSSL and generate your own certificate.

    To send emails to others both ends have to buy an email certificate, like from Verisign.

    And then some of those who voted for this law thought that encryption is very easy to crack - so easy that it doesn't matter if an email is encrypted or not. The problem with cracking encryption is that you first have to figure out which one it is - and the history is full of encryption techniques.

    So in the end - this law will be a good promotor for encryption more than anything else and the monitors can continue to search with Google and not get a bit of useful information from the real criminals and terrorists.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  2. Re:Why can't it be simple. by ahugenerd · · Score: 5, Informative

    You have it backwards. Your public key is used to encrypt messages that are being sent TO you, which you can then only decrypt with your master key. The idea is that you (Alice) would send your message encrypted with Bob's public key to Bob. Since only Bob has his own master key (since it doesn't get posted to the server), then only Bob can decrypt it. Bob would then reply to you by encrypting his message with your public key. And so on.