Slashdot Mirror
Silent Circle Follows Lavabit By Closing Encrypted E-mail Service
Okian Warrior writes "Silent Circle shuttered its encrypted e-mail service on Thursday, in an apparent attempt to avoid government scrutiny that may threaten its customers' privacy. The company announced that it could 'see the writing on the wall' and decided it would be best to shut down its Silent Mail feature. 'We’ve been debating this for weeks, and had changes planned starting next Monday. We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision.' The company said it was inspired by the closure earlier Thursday of Lavabit, another encrypted e-mail service provider that alluded to a possible national security investigation."
Does anyone have replacement recommendations for people who used these services?
The US government is basically forcing technology firms to move else where.
In USA, if you google search specific terms will result a visit from the authority (hint pressure cooker and back pack). In China, if you want to find something the government does not want you to know, you just can't find it. I don't know which one I like best.
Does anyone have replacement recommendations for people who used these services?
The first rule of Fight Club is: You do not talk about Fight Club.
Encryption should be end-to-end. How can you trust someone else to do it for you?
Watch this Heartland Institute video
Does anyone have replacement recommendations for people who used these services?
I would say "something hosted outside the US", but as the international banking community has shown, Uncle Sam's jack-booted foot extends well outside our own borders.
So that really leaves "GPG" as you sole realistic option. End to end encryption, with no one but you and the recipient knowing what you wrote. Of course, "they" can compromise either end, but it deprives them of the ability to funnel everything on the wire into their data centers for 4th-amendment violating goodness.
Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.
The same thing the Fourth Amendment is for. Keeping out people who have no business reading your mail.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Anyone who thinks their private communications should be just that... private
"Cursed is he who rises early in the morning..." Isiah 5:11
The customers of the company I work for do not like it when their blueprints are publicly available. Would you like to have your code and documentation searched by gmail to show ads? (What information do these ads leak to the company that pays for it?)
And any "alien" Amazon, Microsoft, Yahoo or Google cloud data is up for collection by the NSA. Sounds like a good reason to encrypt at least some of your mail.
extern warranty;
main()
{
(void)warranty;
}
To me, the takeaway message from all of this is that, if you value privacy above all else in your email exchanges, you can't trust a company, because either they'll sell you up the river for a song, or they'll shutter themselves to avoid government pressure. So here's my question: why don't more people simply run their own mail servers? It's certainly not difficult. There are a few problems, of course, namely, needing an always-on computer, sorting out the issue of dynamic IP (dyndns is a great, free solution), and the issue of small mail servers flagging spam blacklists. I also seem to remember various residential ISPs (like Comcast) having running a mail server be against their TOS, but I can't find anything to back that up, so I might be remembering incorrectly. In any case, none of these problems are insurmountable, and I really wonder if this is the solution for the privacy-paranoid among us.
The company announced that it could 'see the writing on the wall'
They were however not able to read it.....
---
political types who don't want their election strategies sent to the their opposition because someone at the NSA supports the other political party. political dissidents in "friendly" countries like Saudi Arabia who would be turned over at the drop of a hat. people who are negotiating contracts with the government and don't want their negotiating strategies revealed. whistleblowers.
Just this time it's not Scientology sect, but governments.
http://en.wikipedia.org/wiki/Penet_remailer
The only lesson learned is that there is no such thing as fully anonymous email service, it's always just a certain degree, especially when it comes to USA power play.
Encrypted messages sent by pigeon carriers worked in the past!
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
So i guess, you didn't use envelopes for your mail before email?
Why use clothes even? What do you have to hide?
Why whisper?
That's right... it's called privacy.
I don't think Silent Circle would commit an effective suicide just preventively. Lavabit, while technically not saying a word about NSLs, told us very clearly what the request was. If the government criminals are not idiots, they learned and worded the Silent Circle order in a way that prevented such disclosure.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
It's for the same reason why you lock your front door and put blinds on your windows.
What the heck is going on over there?
Do you really have running governmant agents around closing shops at will?
That's not a good sign.
bickerdyke
So what'd be "encrypted email" for?
It's like the envelope in snail mail. You put your mail in an envelope to protect it until it arrives at its destination, don't you? Encryption accomplishes the same thing for e-mail.
Under "Technical Restrictions," they list
use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy services and servers
However, I don't think they go to the trouble of enforcing this very often.
Okay, playing devil's advocate here.
LavaBit shuts down "citing" pressure they have received from gov't agencies. No evidence is provided to indicate that reason behind the shutdown...just they guy's word.
Given how everybody is rallying against the gov't at this time - could this actually just be an action of protest rather than a true, official, take-down? Everybody will just assume that the gov't forced the take down "just because". Who would be the wiser? Right? Makes their point, right?
Now, we have Silent Circle shutting down because they "see the writing on the wall". What writing, is that, exactly? Certainly, if they (or LavaBit) have a take down notice but can't share it to confirm the take down...we really don't have proof of their motivations do we? So, trusting souls that we are, we have to assume their motivations are real and not hype for political or protest purposes.
Just say'n.
Security investigations lead to closures of secure services.
Does anyone have replacement recommendations for people who used these services?
Citizen, we welcome you to use the new service at secure.nsamail.com. This will ensure that no terrorists, paedophiles, or drug dealiers co-opt your email account for their nefarious purposes.
Thank you for your cooperation.
Silence is a state of mime.
I could start by spelling dissidence correctly.
Open WhisperSystems (https://whispersystems.org) doesn't have encrypted e-mail, however they do have Android-based encrypted phone (RedPhone) and text (TextSecure) capabilities. They are working on iPhone releases in the near future of their products. Btw, all of it is open source and they DO release the source code as well.
Their statement about closing the service specifically said they hadn't been contacted so if they have been contacted then they didn't just make an ommission it would have been an outright lie.
Because Lavabit has been officially contacted they can't destroy any data, they can shutup shop to prevent anyone else falling into the net which is what they have done but for anyone who have already used the service and have any data already on the Lavabit servers, it's just a matter of time before their data is decrypted one way or another..
I suspect that Silent Circle are shutting up shop before any warrents arrives, that means that it's completely legal for them to destroy any and all data they have. I wouldn't be surprised if the data is already wiped at a software level and the hardware destruction is either in progress or getting planned.
These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
With that in mind, why do we put mail in lined envelopes? People do not seem to remember that email is sent plain text. Can be read by anyone. If you do not care who reads it, then why just have one recipient? CC everyone? CC the NSA and CIA? The conversation I share with people is not sensitive, not dangerous, does not contain anything that would cost a person their life. That conversation though, is between the person and myself. I feel uneasy using email due to this reason.
The customers of the company I work for do not like it when their blueprints are publicly available. Would you like to have your code and documentation searched by gmail to show ads? (What information do these ads leak to the company that pays for it?)
And any "alien" Amazon, Microsoft, Yahoo or Google cloud data is up for collection by the NSA. Sounds like a good reason to encrypt at least some of your mail.
Using SMTP to transmit that kind of info in the clear is a bad idea, even if the endpoints are credible. Interception is your biggest risk if you are two known parties trading in proprietary information, and probably doing so to/from fixed geographic locations as well. Why not encrypt the payload to guard against this?
What an encrypted email service does is different, they offer a quasi-anonymous way for people to send/receive email so that they can accept messages from unknown parties and trust that the contents will be a secret (if they arrived without being snooped). A person in Snowden's position is attracted to this because he can trade emails with otherwise uninvolved persons (who wouldn't necessarily be subject to scrutiny by the feds or "evil corp X") and the only real "link" between any of those parties is heavily encrypted on the server (and the provider doesnt even hold the keys) unless a snooper gets really lucky and intercepts enough of them to put the pieces together.
Does anyone have replacement recommendations for the NSA?
A rotting stump.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
What you read, how you live, with who, etc, is your privacy. What you write, in the other hand, is intellectual property, is that is what is being examined for you and the rest of the world before even is finished/patented/protected. And won't be surprised if this is used to capture that, you could be discussing the next billon dollars next idea with someone, that communication be intercepted and end that idea patented before you can by some corporation "close" to the government.
Anything known by more than one person is no secret!
Arrrgh!
"Lost time is not found again."
Stop making excuses and justifications for this behavior by "elected" leaders. Pack your bags, gather your family, take your intelligence and talent (and savings - while you can!) - and leave this sorry ass country behind. Go somewhere and create a new life where you will be respected and appreciated. Don't think such a place exists? Get a passport...and then look forward to dumping it for a new and improved one in the future.
Or we could, you know, not be a bunch of chickenshits, and actually stand the fuck up for ourselves. Well, OK, maybe not a cut-and-run pussy like yourself, but the rest of us...
Seriously, guys, the only reason they get away with this kind of shit is because we let them, and we let them because we're too busy either looking for an exit like this asshole, or arguing with each other about trivial nonsense.
You want to effect change? Just stand up. That's it - Just. Stand. Up.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Does anyone remember when the press covered stuff like this? Before 2009, the Lavabit shutdown would have been national news. Everyone would have known the name of Lavabit's owner.
His name is Ladar Levison.
Lavabit and silent circle inspired me to think about some kind of peer to peer distributed email system.
Although currently everyone can install an email server (e.g. there are several available in debian). It is not what would solve the problem. Not just because it requires technical expertise, but also because it requires too much dedication on your side to maintain your freshly installed server. Also to make sure it has outside access with SMTP port, and so on. Not mentioning that it needs about 100% uptime. Such solution is too much centralized.
I was thinking about p2p email more like this one which I googled right after I had this initial idea. This is a proof of concept so it can work.
Key features would be:
1) uses p2p distributed encrypted file system, like tahoe
2) each p2p node can act as email receiver/sender
3) to send email to someone you use nick@1.2.3.4 where 1.2.3.4 is any IP that is running p2pemail. Simplest would be 127.0.0.1 if you just run a p2pemail node yourself.
4) everyone can have p2pemail account, just connect via https to nearest p2pemail node. It can be running on your computer or anywhere else. Doesn't matter. This just requires setting up an account name on your side, and a lenghty password, which is also used as a sha256 seed for private key for encryption of your emails and also as a PGP signature for you emails.
5) PGP signing emails would be so easy, that it would be a new standard.
6) all encryption and decryption is done locally on your computer either in javascript or in your email client. Just make sure that your browser and computer are not compromised.
7) if any of p2pemail nodes are running compromised code (eg. like compromised tor nodes) they still cannot read your email, because they have no acces to your private key. The only hope they can have is to monitor when you are accessing your data, but only if a request to the compromised node is made.
8) even if huge NSA datacenter decided to store all p2pemail data, they still cannot read it, and have nobody to file a warrant to.
If we combined that with bitcoins we would get additional (optional) features:
9) buy storage with bitcoins, while buying decide how many copies of your data you want to have (can change this anytime later). Offer any price you want, lower bids might not be taken.
10) provide encrypted storage space and get paid. If you store multiple copies of same data (might be possible before p2pemail gets popular) ensure that at least it is on different physical locations, otherwise you might be compromising security
11) create whitelists with people from whom you want to receive email, add mandatory bitcoin fees if anyone not on the whitelist wants to send you email.
12) You can create various stages if whitelisting, depending on domains you can define different prices to receive email. Or you can say that first email is free for everyone, and each next will be paid or not depending on if you received spam. Or configure spamassasin to decide for you.
PROBLEM: where do my friends send email to?
ANSWER: your_nick@p2pemail.org/net/com/info (we need to register many domains, and use many IPs to resolve those dns-es)
PROBLEM: Will my address still be the same after long time?
ANSWER: your nick in p2pemail will be the same, tell your friends that if they cant send email (eg. govt seized all p2pemail domain names), then they have to find some p2pemail node. Google it, or install one themselves. If they can't do that, you can solve this by installing a node yourself, and making sure it has the same domain name all the time. Services like dyndns can help you with that.
well maybe that's just a pipe dream. But the proof of concept implementation that I linked above gives some hope. What do you think?
#
#\ @ ? Colonize Mars
#
I'm on the verge of installing this Enigmail addon for Thunderbird, however as Thunderbird still uses my web based mail provider it will still show who it's too and from etc, does anyone know of a completely peer to peer e-mail system which could get around this?
In a cybernetic fit of rage she pissed off to another age...
Just post your GPG messages on public forums! The recipients can pick up all messages on a variety of forums and try to decrypt them. Anything that actually decrypts is for them! Bonus: No telling who they're to if you do that. With a little work it could be anywhere from pretty hard to pretty much impossible to tell who they're from either!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This is the reason why the fourth and fifth amendments exist. The fourth/fifth amendments does not exist for the purpose of protecting criminals. The fourth/fith amendments exist to protect innocent citizens from otherwise accidentally incriminating themselves. If it's extremely dangerous (and often incriminating) to speak to the police for a few hours in an interrogation, imagine what the police could do with years worth of email conversation.
This is how it works:
1) The government suspects you of a crime (rightly or wrongly)
2) The government looks up your email history to try to find something with which to convict or embarass you (do you honestly think that if you have years of email conversations that there's not SOMETHING in there that could do this?)
3) The government uses that as leverage against you
Remember, most people "don't have anything to hide", and therefore don't care that much about their privacy. The problem is that most Americans commit 3 felonies a day, and therefore, by definition do have something to hide, even IF they've done nothing wrong intentionally.
If you think it can't happen to you, think again. They searched for years and eventually found something to prosecute him with.
Seriously, watch the first video. 15 minutes now could very well save you from a life of jail, if the police come knocking.
-=Lothsahn=-
It appears that what is happening is that the government is applying pressure to anyone who enables communication in a way where the government cannot detect who is talking to whom. This is a logical extension of the methods that Snowden leaked. He showed that they already have full coverage of the metadata of phone calls, texts, emails, and webpage views routed through the US. The leaks have pressured the US to close the loops. This is a very dangerous threat to our Constitutional rights. Secrecy does not equal guilt, and our founders went to great lengths to enshrine that principle in our Bill of Rights.
mailpile
Does anyone remember when the press covered stuff like this?
It was second from the top on http://www.bbc.co.uk/news/ this morning:
http://www.bbc.co.uk/news/world-us-canada-23627656
Continuing revelations about U.S. security agencies (torture, forbidding free speech, spying on their citizens, promoting specific denominations of Christianity) blemishes all other government agencies (Commerce, Agriculture, Education). We envision these other benign government agencies' surveys spying on us, maybe even sharing information with government security agencies. Does U.S. extensive security represent a new necessity, obsessive employees, employees seeking promotions, or a cowardly and impotent population.
> Does anyone have replacement recommendations for people who used these services?
For those from outside the US, your best bet is probably to use small, local players who might not yet have had pressure applied to them. For those inside the US, I have one recommendation: run for Congress.
Yes, exactly. In today's world, everyone is probably a felon and doesn't even realize it. That's exactly why it behoves us all to jealously guard our privacy, even when we shouldn't have to. It's not paranoia, it's simple prudence. I don't lock my doors because I think I'll be robbed. I lock my doors because I'd be foolish not to.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
I understand that the Blackberry network is encrypted, and their servers are in Canada. Of course, what's the likelihood that Blackberry (via the Canadian government cooperating with the US) has already been sharing stuff? At least its not in the US.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Perhaps your email is, but I use technologies like smtp-tls, encrypted imap sessions, etc., so much of my email is encrypted in transit and it can only be read at the endpoints.
The real "Libtards" are the Libertarians!
I don't know a lot about it, but the owner of startpage is forming startmail for private mail...probably similar to these guys. I wonder if startmail is going to face the same problem? From what I understand, the government basically comes in an puts a rack server in your rack, and the server basically listens to all the traffic, and send it back. Totally unconstitutional, and you cant deny them to do this. That's why lavabit just said no and turned their service off.
I put blinds on the window to keep the sunlight out.
When our name is on the back of your car, we're behind you all the way!
Can happen, has happened.
I can't find any name now, but there was an incident many years ago when police in the US charged a man with possession of child pornography after an internet investigation lead to his IP address. It turned out to be a mistake on their part - when the family were eventually able to get an independent examination of their computer (Which itsself took months, as the prosecution considered it evidence and refused to permit access) it was found to be infected with a trojan that was responsible for relaying the images around the internet. It was very embarrassing for the prosecutors - but during the investigation they noticed that the accused, while in high school, had once shown a Playboy issue to a friend. So they offered him a plea: They'd drop the possession of child pornography charge if he instead confessed to the lesser charge of 'distributing pornography to a minor' and registered as a sex offender. IIRC, he eventually got off by taking his story to the media - even had the story shown on a TV program (50-50?) about overzealous prosecutors, and all charges were drops to quell public outrage.
I can't find a name now though, because all google gives me is page after page after page of false results - a mixture of people discussing 'sexting' and news stories on unrelated events.
BitMessage and TOR are outside anyone's control. (Before you say it, the recent attack on TOR was not an attack on TOR but on a single, centralized hosting provider for TOR websites.)
Liberty in your lifetime
Last time we brought this up on here, some jagoff went berzerk about how he was a respectable family man with a job who had never committed a felony blah blah blah.
The government and public education system has already won the war on the Bill of Rights by confusing and corrupting what they mean and what they're for in the minds of those they've churned out into society.
Remember when the press in the USA covered stuff like this?
What, you mean that boasting about two former SEALs on your board doesn't protect my data? I am shocked! Can't they go all Chuck Norris on the NSLs?
Founders and Leadership
So what'd be "encrypted email" for? Horny partners? Surprise birthday parties? I am really curious what they think about it.
Really? You do understand that 99.9% of email traffic is sent unencrypted over the internet. Everybody that handles network packets transporting E-mail can easily capture them and read them. This is roughly equivalent to everybody being forced to use post cards instead of envelopes. Imagine trying to do business on post cards only? You would not want to send bills and checks as post cards.
So encrypted E-mail is equivalent to sending letters in opaque envelopes (roughly) With all the same security advantages over post cards. So in that way you can have a certain level of security in your communications.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
All the comments on that book about "3 felonies a day" say:
You can find more there, but in essence, there is no mention of what 3 felonies the "common man" is doing per day. Is there any? Is this not FUD?
Don't get me wrong, I think everyone should have privacy, and we do have "stuff" to hide, but I also believe in the truth, and it would seem you, and that book, are spreading FUD.
Drug deals, illegal porn, some endangered species poaching, human hunting, but most of it is paranoid nerds talking about bitcoins.
I mean... uh... I have no idea. I don't work for the NSA. I'd have to tell you if I did, and I don't.
I love that video.
Why is it so hard to only have politicians for a few years, then have them go away?
TLS and encrypted IMAP protect the path, not the content. Only if you deliver directly to and receive directly from the other endpoint is there known protection. Any relay in the system might not store the message encrypted on disk and might not relay on with TLS.
Encryption of the body itself is the only real way to protect the message completely. And that shouldn't need a third party like Lavabit or Silent Circle to do as it is a mail client function.
Trying to become famous by taking photos. Visit my homepage please.
Does TOR have a facility for email? That would seem to be a good place to get away from snooping.
Yes I know TOR was attacked recently, but I think the network is still the 'best deal in town.'
All one needs to do is setup some kind of email system that works with .onion domains within the network and a high redelivery time so sites that bounce on and off line can still receive email. Could all be done with SMTP modified (and simplified for end-users to run a SMTP host within TOR) specifically to operate with .onion host names.
Maybe I'll look into putting something together, can't be too hard and in theory to me would address the need for truly private email exchanging.
If later I say "I shut down the service not to help terrorists, as my service was meant only for horny partners and surprise birthday parties, not to really get un-snoopable communication", then I show everyone I am an incompetent and a simpleton.
Silent Circle and Lavabit are not shutting down because they do not want to help terrorists, they are shutting down because they do not want to be complicit in the violation of their customer's rights by the United States government. These companies would rather stop existing than to be compelled participate in an illegal monitoring program.
Lavabit Statement: "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit."
Silent Circle Statement: "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now. "
I think he was trying to spell distance. American Distance. Our encrypted email servers need some distance from America.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
That's precisely why, in today's society, exercising one's basic, constitutionally protected civil rights is called "probable cause".
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
If you have nothing to hide, you have nothing to fear. Freedom is Slavery. The government is here to help.
It sounds like we're trending towards not being allowed to encrypt our own stuff because that automatically means we're doing something shady. There's all sorts of reasons I might want to encrypt information that have nothing at all to do with American national security.
Hopefully some non-American company will step up to the plate and give us this, and we can send a big "Fuck You" to the NSA that says we'll encrypt if we want to, and you can eat shit. My rights aren't defined by your security interests.
Sorry, but the rest of the world doesn't give a crap about what you want, and want to retain our privacy without having to cede it to the US government.
Thanks America, you've now essentially broken the internet, and are only going to make computing less secure for all of us. Welcome to the new world, where industry and government demands full control over technology in order to enforce their will on us.
Lost at C:>. Found at C.
This is all true, except I can't find any historical references to protest and demands, actually working. The only evidence I have ever seen things change was under some kind of war or similar military action.
Watergate might have been an exception, but that was the Washington Post, that ws not under government control, nor the rest of the press. Today, the mainstream media is under most control of the NWO. Obama gave an interview to Amazon, and guess what they just bought? The Washington Post.
Who gives a damn?
I see no reason to defend the situations in which I could choose to encrypt something. I am not going to open my stuff up to you so that I can prove I'm not a terrorist unless you have something to suggest that I am. That's not how it works in a free society.
This "we'll assume everyone is guilty and ignore the ones we don't care about" mentality is crap, and in complete opposition to privacy, freedom, and everything else the US claims to hold so dear.
It doesn't matter if I'm discussing something I'd like to patent, my financial statements, my medical condition, having an affair, or planning to BASE jump off a building -- it's none of the governments business, and without evidence to suggest I'm doing something they need to be concerned about, they can fuck off.
This is just an undue control over your citizens, and sadly, everyone else on the planet since these guys are tapping pretty much everything.
That more an more people might choose to encrypt on general principles is something the NSA is just going to have to learn to deal with -- because I see no point in helping them any more than I can avoid.
America is rapidly becoming some of the same things they used to criticize the Soviets for. And that is sad.
Lost at C:>. Found at C.
Why don't these companies just move offshore? The NSA seems to be limited to violating rights via U.S. companies. So, wouldn't it work to just move your company outside the U.S.? Places like Antigua, Equador, or Iceland might work well. I remember 2 years ago, I found myself lookin' for any decent free online email services that were non-US based. I couldn't find any. It amazes me that there's no major free email provider that's keeping everything on servers outside the U.S. The only real options are Yahoo, Google, and Microsoft. Sadly, I don't see that changing anytime soon. Hey, there's a market for anyone lookin' to create a startup. In this post-Snowden era, I imagine a lot of people would be interested in using that service.
The fourth/fith amendments exist to protect innocent citizens from otherwise accidentally incriminating themselves.
And even more specifically, the fourth and fifth amendment exist to protect innocent citizens from being forced into incriminating themselves by an overreaching government who is trying to silence dissidents.
People frequently overlook the historical context of the Bill of Rights. You have a bunch of people who had just fought a revolution against a government that they believed was oppressive, and they were trying to safeguard themselves against falling under another oppressive government. The Bill of Rights was created specifically for that reason. Essentially, you have a bunch of people who were recently rebels, who want to limit the government's ability to quash a rebellion, silence dissidents, or subvert a popular uprising.
To guide them, they look through their recent history for the tools employed by the power they had just thrown off. The British had limited speech, forbidden ownership of guns, stationed military personnel in people's homes, performed searches without cause, etc. In order to prevent a new oppressive government from using those tools, the authors of the Bill of Rights made them illegal.
So it's not really a defense to say, "This should be ok, because we're only trying to catch dissidents, terrorists, and enemies of the state!" The founding fathers were dissidents, terrorists, and enemies of the state. The Bill of Rights was written to protect exactly those kinds of people.
I'm on the verge of installing this Enigmail addon for Thunderbird...
Enigmail is great but the problem with it is getting the other folks you communicate with using it as well. This necessarily requires remarkably tech savvy people on both ends. (Don't believe me? Try to explain public key encryption to your mom such that she could do it properly herself. Unless your mom is REALLY geeky you will fail miserably) You can encrypt your message all you want but if the people you are writing to aren't willing to go through the hassle with you then you simply cannot use the product.
Your bad english is the reason you misinterpreted the article. The article says:
At the moment, nobody could snoop into the emails of the companies that shut down their servive. But one company was ORDERED to change that by the government. The only way to protect THE EMAILS from that "lawful" crime against their customers was to shut down their service. the other company did the same BEFORE they received an order that would FORCE them to let the government in.
You simply misunderstood the reasons why they shut down.
@the english speaking commenters here flaming him: Try to read an article in a foreign language you hardly speak and THEN come back ranting about misunderstood articles.
just do the smart thing and encrypt everything on your computer before you send it to other ppl. give ppl you trust the means to decrypt, then send everything totally encrypted through unsecure email. even if the NSA forces the email company to give up your emails, they still cant read them.
Another reference
http://www.wired.com/opinion/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/
"For instance, did you know that it is a federal crime to be in possession of a lobster under a certain size? It doesn’t matter if you bought it at a grocery store, if someone else gave it to you, if it’s dead or alive, if you found it after it died of natural causes, or even if you killed it while acting in self defense. You can go to jail because of a lobster."
We did, but that was then. In the Netherlands, for example, a minister recently proposed a law that granted the police the right to hack any computer (with a court order, but that does not make it any less dangerous, given the fact that this tiny country already has the most phone taps in the world in place) and install spyware to monitor all communications.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Because Lavabit has been officially contacted they can't destroy any data, they can shutup shop to prevent anyone else falling into the net which is what they have done but for anyone who have already used the service and have any data already on the Lavabit servers, it's just a matter of time before their data is decrypted one way or another..
You are right, except for this one. Strong encryption is - as far as we know from Mr. Snowden who knows a bit more of their abilities than the average person - not compromised. There are attack vectors and they write away encrypted stuff if they later find a way to decrypt it, but they will need more informations before they can do that, provided the encryption and the keys were strong.
But they did state that they may have been forced to provide a way around their protections. Before that happpened, they shut down their servers.
anon.penet.fi... Oh, wait...
I! Tego Arcana Dei.
peer to peer encrypted email service where the exchange of keys was done automatically would be much more usable for everyday users, if it does not exist it might be an interesting project to pursue.
The problem is that the more automated you make it, the less secure it becomes because you necessarily have to trust third parties. The entire point of encryption is that (theoretically) only the sender and the receiver are able to decrypt the message. Once you automate key generation, key security and/or exchanges then it becomes very difficult to ensure the third parties involved are trustworthy. I'm not saying it can't be done but it is not a trivial problem and may very well be too difficult to ever be made truly simple. I'm hopeful but not very optimistic.
Mirror's Edge is getting closer.
Yeah, when GWB was president and they could pin it on him. However, now that their guy is in office, they go silent. I remember the daily scandals of GWB presidency being announced. Today, it is MSNBC coverage of "Fox News" (aka "Faux News") take masquerading as "news". And Obama's in depth interviews are done by the likes of Jay Leno, a comedian talk show host.
It would be funny if it weren't so sad.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Kim Dotcom's services look like they're coming into a underserved market at this rate.
https://twitter.com/KimDotcom/status/365716466441519105
Do the NSA have the private root CA keys to make their life that little bit easier. Most of the top CA's are based in the US. Could they even refused if asked?
That you are about to start telling people to stay off your lawn.
"I opened my eyes, and everything went dark again"
I think it's pathetic to create such 'secure' systems and then to cave in at the first sign of trouble.
How hard can it be to set up the systems in such a way that it securely wipes all database files, logs etc. in case one of perhaps many possible trigger events occur. These events can be anything from sending a special mail, a bluetooth proximity, a keystroke, or the absence of any of these. This way it will be obvious that the data is irreversibly lost so there's nothing to gain from applying any 'pressure'.
On the positive side: There's now a huge void in the market, just waiting to be filled! - Profit!!!
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
I doubt it, because thankfully I don't live in the USA :)
how about a service that's completely open to tapping? Where all your posts, you know goes to all the authorities and everyone can see everything you do? So much data that it's all useless, lots of duckface photos and useless comments. You know like Facebook. Then you can secretly communicate in the open not with words but with wash-out filters and peace-signs photos.
What the government is doing is repugnant, but only because most people are stupid and take the wrong lessons from it. If people had their shit together, then it would actually cause a positive effect, and we'd be talking about how US government's thuggery inadvertently did everyone a favor.
I never even heard of these encrypted email services until yesterday (except for hushmail about a decade ago but that was an even dumber beast) and the more I look into them, the more apparent it is that they sell .. well .. "snakeoil" is maybe too harsh, but I guess I'd have to say they sell the service of closing barn doors after horses escape. If I had to put it really nicely, to the point of sickening insincere sweetness, I suppose I could say they help you deploy "defense in depth" and I might be able to avoid making any gagging sounds as I did it.
Either the sender encrypts your email with your key, or they don't.
If they do it (i.e. if people do things right), then you don't need any service's special help with anything. All you want from your service are reliability, performance, and low prices -- a commodity, just like ISP's service of packet-passing.
If the sender doesn't encrypt the email with your key, then you're fucked. This is the common scenario, and the fact that people are basically fucked but still want to somehow mitigate it, is how this market emerged. Fair enough, I get it: when life hands you lemons, you make lemonaide. But you're taking it way too seriously, expecting far too much from a lossy premise. Your lemonaide is never going to be Dogfish Head 90 Minute IPA, ever, period. You should lament that, that people don't encrypt. You don't know who all read your PLAINTEXT before it got to Silent Circle or Lavabit and then they encrypted the storage of it.
(Worse, from what people are hinting about how lavabit worked, it sounds like they did the storage wrong, and that everyone always knew they would be able to decrypt things under certain circumstances, if forced.)
Users and their endpoint software must provide security. Other people's media and services running on other people's computers, can't really help you. Everything in between the endpoints is untrusted. Gag orders, CALEA-like laws, etc will make even the best-meaning services untrustworthy.
So. If it makes users feel better to move their hosting to other jurisdictions, fine. But for fuck's sake, go beyond just trying to make yourself feel better, and actually do something to make things really better: have a keysigning party. Help webmail users find and upgrade to decent (i.e. openpgp-compatible) mailreaders. And so on. Every time you see an unencrypted email come in, think about WTF went wrong and how that could have been prevented. And if you really do this, then you'll find that you can still host in America.
BTW, we've been through all this before. It's not like anything truly new is happening. All the same issues were coming up ten years ago, and ten years before that. (And probably ten years before that but I missed out on that round.) It always comes down to jurisdiction-shopping being a waste of time. You have the ultimate weapon which makes it all obsolete: 1970s PK tech. The only time you need jurisdiction-shopping is if your government outlaws the tech (France still? Not sure.).
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Well, it was reported by The New York Times, The Wall Street Journal, The Washington Post, CNN, CBS, and others (ABC, Fox News, NPR, etc.).
As far as I can tell, all the major US news companies reported on the closings.
Exactly, when I was an email admin, our server was set to negotiate TLS when available. The vast majority of the time, emails went in the clear.
I'm pushing a few bucks towards the project this afternoon. It looks very promising.
You say things that offend me and I can deal with it. Can you?
Yep , stop using the internet , simple. Go back to your old 56k modems and use them to keep private things private , Alternatively use RTTY , teletype over short wave radio. If you have a problem with a whole class of communications gear , like the internet , use another. Line of sight microwave between peers . Using lasers .. get inventive and have fun hacking something else.
With this revelation, it seems more and more likely by the second that the attacks on Tor had nothing to do with pedophiles and everything to due with Snowden and the like.
Absolutely - end to end security is key, and people need to get over the attitude that SMTP can never be superseded.
But, jurisdiction shopping is part of defense in depth. I need to order a new VPS for work, and it's stuff where latency to the US doesn't matter - can you give me a good reason to host it in the US?
Before today, they said the cost to industry of PRISM was going to be $40B. I'd say it just quadrupled.
Or, as somebody else said, "Atlas just shrugged".
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
http://www.schneier.com/blog/archives/2013/08/lavabit_e-mail.html
Last para:
"When the small companies can no longer operate, it's another step in the consolidation of the surveillance society."
Game. Set. Match.
single, centralized hosting provider for TOR websites
Or, more specifically, hosting provider for tormail, which started off this chain of events.
I'm beginning to think that the pedos getting swept up was just a cover story for killing tormail.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Number of mentions of the Obama Administration in the five linked stories: zero.
Expect this sort of abuse to continue and escalate until someone in charge of it is held responsible.
It's unclear if the "European leaders" refer to one of the Ceasars (there are so many to choose from), Napoleon, or one of many others of similar reputations.
Godwin's law is specific to a certain regime and its leadership.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Downloading copyrighted material is also illegal in many countries, but that hasn't stopped millions of people from doing it. It would be difficult to enforce a crackdown on the use of P2P communication software if millions of people used it right from the start. It is difficult to defeat the protection of the herd with sufficiently large numbers in the herd. Off course if the US decides to go for broke and just arrest or execute everyone in giant concentration camps then all bets are off.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
Strong encryption is - as far as we know from Mr. Snowden who knows a bit more of their abilities than the average person - not compromised.
Has he actually released information about NSA decryption capabilities? I missed that. Do you have a link?
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
In order to prevent a new oppressive government from using those tools, the authors of the Bill of Rights made them illegal.
Actually the Bill of Rights was just supposed to be a reminder of what the government was not allowed to do. Anything not specifically allowed in the constitution was supposed to be forbidden to the government. The constitution was supposed to be a way of telling the government, "You can do these things and only these things. In order to do anything else you must actually amend the constitution." Enumerating the nearly infinite set of all things that the government was not allowed to do seemed a lot harder than enumerating the small list of their powers.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
My thought is a system where the keys are generated by the email client itself
The problem isn't generating the keys. That's relatively manageable though not completely without risk. The problem is distributing the keys. How do you ensure that the recipient and only the recipient has the private key? Somehow you have to get the key to the recipient without it being compromised along the way. I cannot really conceive of a way to do an email service whereby you could truly trust the third party to handle the key distribution. What is to prevent the service from giving a copy of the key to the NSA or the FBI or someone else? Any such service is going to have to have both the public and private keys. Software publishers and network services have proven to be vulnerable to (il)legal pressure from governments.
Perhaps someone smarter than me can solve the problem but I just don't see a feasible way for it to work AND be simple. I can think of workable solutions and simple solutions but not one that is both.
And in other news - Germany is going the other way changing to encryption of user mails by default: German companies to automatically encrypt customers' emails.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
12.12pm ET
Question:
http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower
Q&A with Mr. Snowden himself:
---cut---
Mathius1
17 June 2013 2:54pm
Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption?
Answer:
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
---cut---
Spread the word. FUD does not help if we agree on the fact that we must "remember, remember the 5th of november".
We should not curl down in a fetal position. We should act - as much as we could.
Well it's not as simple as that. If the government were simply not allowed to do anything not specifically explicitly listed in the Constitution, then there wouldn't be a need to list things that they couldn't do. Also, there'd be no real point in having Congress, because no laws would need to be written.
It's true, the Bill of Rights is not supposed to be an exhaustive list of all of a citizen's rights. It's certainly not saying, "Here are the 10 ways that the government is limited, but the government is permitted to do anything else." There's plenty of reason to think that the authors of the Constitution expected us to use our heads and figure out where to draw some of the lines between what the government can or can't do. It's actually pretty absurd to think otherwise. Why else would you have 3 different branches all play a role in creating, interpreting, and executing laws *in addition* to the Constitution? Why have an ability to amend the Constitution? Obviously they expected some level of fluidity and contextual judgment, though we could debate what they expected that level to be.
Since most MTAs do not support TLS or SSL, most email is sent in the clear across the Internet.
The vast majority of mail servers support SMTP over TLS. If you don't see it often enough in the wild, it's because the people running the mail servers are pinching pennies and don't want the extra overhead of encryption or they are incompetent and don't know how to set it up. (Looking through my logs, 99% of all my I receive is through SMTP over TLS. In fact, the only exception I was able to find is mail from hotmail.com.)
Other than that, your post is spot on. Any third party can be coerced into betraying you without your knowledge. The wise thing to do is minimize the number of third parties you need to trust.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
The fourth/fifth amendments does not exist for the purpose of protecting criminals. The fourth/fith amendments exist to protect innocent citizens...
This, this right here. It's just astounding how many people seem to think that all those rights exist for the benefit of criminals. But they're wrong, the framers of the constitution weren't trying to make it easier for criminals at all, those rights were meant to protect, and pretty much exist solely for the benefit of, the innocent, the average everyday citizen, precisely the people who are always claiming they have "nothing to hide". Our civil rights exist because the founders recognized that a society can only be truly free if the government accepts and abides by the presumption of innocence, the idea that the average person should not be subject to random searches and/or mass fishing expedition type investigations. This is bedrock stuff, exactly the principles our country was founded upon, and that so many people seem so willing to just toss it all away is truly one of the saddest things about the current American decline.
You may prefer The Guardian, who have recently launched a US edition: http://www.theguardian.com/technology/2013/aug/09/lavabit-email-edward-snowden-shuts-down
i'm not sure what mentioning the Obama Administration entails -- names?
i'm not sure what mentioning the Obama Administration entails -- names?
On the rare occasions that the US press talks about something that went wrong in the government, President Obama is portrayed as either a spectator or a victim of whatever went wrong, rather than the guy in charge of directing the government and fixing the problem.
The NSA answers to President Obama. President Obama could declassify anything at any time. President Obama could stop chasing and prosecuting whistleblowers. President Obama could stop the spying. He doesn't do it. He's not a innocent bystander, any more than Bush or Nixon were.
My e-mail address is at Yandex.com. Yandex is in Moscow. My friends and I encrypt and sign messages using gnu PGP keys. The encryption is reliable. Yes, Yandex must answer to the KGB. But the KGB doesn't talk to the NSA.
Spread it around. Get your Internet services from different countries. E-mail, search, storage, web site, translation, maps, they don't have to all be Google, they don't have to all be in the USA. The Internet is global - spread it around.
Well it's not as simple as that. If the government were simply not allowed to do anything not specifically explicitly listed in the Constitution, then there wouldn't be a need to list things that they couldn't do.
The need to list those things was debated precisely because they were afraid that their inclusion would imply that human beings had no other rights and the government was allowed to do anything it wanted that did not interfere with those enumerated rights. They hoped that including the 9th amendment would make their position clear, but instead it was simply ignored.
"Here are the 10 ways that the government is limited, but the government is permitted to do anything else."
That is exactly how our government interprets it. In fact SCOTUS doesn't even consider them "rights". It calls them "privileges".
There's plenty of reason to think that the authors of the Constitution expected us to use our heads and figure out where to draw some of the lines between what the government can or can't do. It's actually pretty absurd to think otherwise. Why else would you have 3 different branches all play a role in creating, interpreting, and executing laws *in addition* to the Constitution?
The constitution enumerates the broad strokes of what the government is allowed to do. How law makers choose to make use of those powers is up to them. They are allowed to make any law which does not exceed the limited powers granted to the government in the constitution. If a law exceeds the authority granted to the government in the constitution it is unconstitutional and automatically invalid and is supposed to be struck down by the SCOTUS. Laws are specific implementations of powers granted in the constitution.
Why have an ability to amend the Constitution?
The ability to amend the constitution was intended to be difficult since it can lead to tyranny of the majority against any minority. The constitution, by limiting what the government is allowed to do, was intended to protect minorities and individuals from the tyranny of mob rule that is the downside to democracy. The democratic process was never really intended to override their fundamental rules of what a just government may properly do.
Obviously they expected some level of fluidity and contextual judgment, though we could debate what they expected that level to be.
They did expect society to make some changes, but they hoped that it would not be necessary and they didn't want it to be easy and they certainly didn't intend it to mean that the constitution was a mere subset of everything the government was allowed to do and that the only thing protecting citizens from its wrath was those few amendments thrown in as an afterthought just in case.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
Elon Musk should provide them with a satellite. If he uses PayPal's new "bill me later" service, he won't have to pay himself for the launch in advance...
Just get your own signing cert? They still allow you to do that, don't they.
Vaporware, yes. But I'm working on it.
https://github.com/scholarly/kbsum/wiki/Anonymous-Private-Communications-Service
Unlike others, I don't consider convenience and server-side searching essential features. I consider them fatal features. The only place a message should ever be decrypted is on a computer the recipient physically controls and knows and trusts the administrator.
I am open to suggestions, reviews, criticism, and help.