This might sound like a great idea at first, but remember what happened to Howard Beale. I'm warning you, terrorists: you can go on killing people, but DO NOT fuck with primal forces of nature.
Are you really suggesting that?! Do you even know how PKI works?
It sounds like he does indeed know how it works very well. It's actually a great idea, which is why PGP defaults (I think) to requiring about three "moderately trusted" CAs to agree, in order to confirm an identity. Upgrading from our current luddite stuff to gleaming new 1991 tech would be fantastic, and is pretty warranted, when you think about how silly our current situation is. Treating something like Verisign as a fully trusted introducer? ha! They're not that trustworthy, but they're not useless, either. PGP's concept of differing degrees of trust, gets it about right and would be a huge step forward.
Somebody didn't think very hard before they suggested this idea.
If computers were able to detect copyright infringement, then there wouldn't be any DRM, or if there was DRM, nobody would have a problem with how it worked, and so there wouldn't be enough infringement for anyone to want to block.
If computers were able to detect copyright infringement, then HBO's DMCAbot wouldn't be sending takedown notices to Google for half of the pages on the web that use the word "boardwalk" or "thrones" somewhere in their text.
But computers aren't able to detect copyright infringment, and to date, every single attempt to have them try to do it, has resulted in over-the-top comedic failure that was deployed thirty years before it was ready.
Nobody's computer ever went to law school and learned the difference between infringing and non-infringing uses. Geez, ask experts whether or an H.P. Lovecraft story is still under copyright, and you can get two different answers. And you want computers to accurately identify each work, know its publication history, know whether or not its distribution is authorized, understand the nature of a use asnd its effect on the market, and then have the smarts to put all the facts together and come up with "infringing" vs "non-infringing"?
Tell you what. If I ever get a message from Google about DMCA-blocked search result that isn't absurd bullshit, or if I ever hear about a DRM scheme that doesn't prevent innocent noninfringing uses, then the idea may start to have some credibility. Until then, seriuously asking for Google to identify copyright infringement, is like seriously asking your Honda dealer where the lot with the flying cars is.
It makes perfect sense for it to be using something that a user's unprivileged application is incapable of intercepting and acting upon. Computers are so tiny and cheap these days, that I think a lot kids forget that we really did used to have multi-user systems (instead of everyone having their own smartphone). And in multi-user systems, users really DO write fake-login programs, in order to trick other users into giving up their passwords. Do you really think a typical teenage programmer can't write an XDM-lookalike program to trick you? MS was thinking of that, at the time, and they came up with a reasonably good countermeasure to the problem.
Don't like it? Ok. I'll admit it's ugly. But what's your better (or even just-as-good) idea? AFAICT rival platforms address the problem by ignoring it. And as we're kind of drifting into a single-user systems, maybe that even makes sense, but I'm not sure it made sense to ignore the problem ten or twenty years ago.
Bloody hell, there are/were so many reasons to either hate or mock Microsoft. And this? This is like going to job interview and being asked to list your faults. "I'm afraid I work too hard, sometimes to the detriment of my personal life. And I sometimes lose sight of my employer's desire to serve the community, instead getting bogged down with greedy concerns about increasing company revenue." Oh, Bill, you're so humble to admit this "mistake."
Apple Maps lacks the capacity to send anyone anywhere. What happened is that it made a stupid recommendation, as computers are apt to do, and as most people know computers are apt to do. And a small fraction of stupid/negligent/careless/malicious people blindly followed the recommendation, apparently unable to read signs or use common sense about whether or not to drive on runways.
If the airport people had been smart, then instead of putting up barriers (well, actually, maybe that's a good idea anyway, stupid maps or not) and "complaining to" Apple, they would have made fun of Apple and got an airport cop to profitably ticket all the stupid people who think it's ok to drive on airport runways.
The more I think of it, what we have here, is a way to mechanically catch the very worst/stupidest/most_negligent_and_dangerous drivers on the road. Cities ought to be making deals with Apple and Google to route morons into places where they'll prove to courts that they are incompetent drivers, and then we can have them removed from traffic, or at least their points will reflect the higher risks they pose and maybe their insurance rates will become more in line with the risks they choose, so everyone else can pay a little less. Everyone wins. I'm not sure it would even be entrapment, because most jurors would realize that the driver was stupid and negligent even before the city paid for the joke directions.
"R2D2, you know better than to trust a strange computer."
Imagine a world where every HTTP request has DNT:1, and you're a server. What does that header tell you? Do you have a branch in your code, where the value of the header influences your code's behavior? Or is the header just wasted bandwidth, since it doesn't actually tell you anything?
DNT cannot be "fixed." It is already as powerful as it can possibly be. Go back from the server's PoV to the user's: can you even imagine how you would implement a situation where an HTTP header somehow magically forces other peoples' computers to forget things? DNT not a "technical measure" in DMCA-speak; it's an expression of a user's preference.
DNT's expression is advisory and it always will be, at best. The most you can ever possibly change it, would be to push it from advisory and informative, to ignored -- from possibly useless to definitely useless.
That's why it should default to unset, neither on nor off. It is only through an act of the user's will, that the header can possibly contain information, in the hopes that the server chooses to use it (and hoping to persuade someone else's computer to act a certain way, is the upper bound in what you can hope to achieve; that is the best case scenario). If you make it default to something other than unset, then you have removed information and lowered the probability that the server chooses to act the way you want it to. Whatever value DNT has, will be decreased.
How can one exercise freedom of speech when in 21st century nearly all speech is digital, over this or that walled garden?
You had to exercise your freedom to put yourself into the walled garden. By default, everyone's speech starts out free and they do things to put limitations on themselves. Don't do that. Or reverse your earlier decision to stop being free.
Even if you're required to use Facebook for work or something like that, it's not like anybody makes you use Facebook for your own actual speech.
It takes a lot of work and inconvenience to keep yourself from being free. Just don't go to all that extra trouble, and you ought to be fine.
Remember that the reason they're your ISP, is that you gave power to the government, who made a deal with them to forcefully prevent competitors, grant easements, and other favors that most people don't get, and that no business would never have in a free market.
The terms of that deal are negotiable. Since we now know that some ISPs have caps, "no caps" should be in all future terms.
But in all practicality, how do you seize back control from the likes of the three-letter agencies?
You don't need to take back control, you just have to stop continuously ceding control to them.
Let me phrase this as ridiculously as possible, to make it easier to see how comically awful our decisions are:
The next time someone tells you to not install gpg, to not generate a key, and not cross-sign with people you know, tell them "no, I'm going to do those things."
The next time someone suggests you use webmail instead of a mail client that can encrypt and decrypt messages on a computer that you control, tell them, "no, I'd rather use my common sense instead of doing something obviously stupid."
The next time someone tells you that using a single high-stature central faceless corporation as the sole trusted introducer to authenticate a public key, tell them "that's insane on the face of it, and even 20 years ago, before HTTPS was invented, everybody knew that, which is why PGP was based on the opposite idea."
The joke, of course, is that (almost) nobody is ever there, really telling us to do things that we already know are insecure. We do those insecure things for other reasons, and usually those reasons have jack shit to do with governments pointing guns at our faces, telling us to be insecure. Democrats and Republicans aren't causing our problem here (though our underlying problem may be why we keep electing Democrats and Republicans). We do it because we don't give a fuck. If you start giving a fuck, many options become easier to see.
There mere fact that you're being investigated already means they're convinced you're hiding something. Even before they find out you're using TrueCrypt, you have already lost and they've already decided to torture/terrorize/imprison/expensively_annoy you.
The tech is irrelevant in cases like this. Imagine the same scenario, where you're not using TrueCrypt, and you simply don't have the data that they want. Same exact outcome.
For instance, rather than one signing authority, you could use three and then use three levels of public key encryption.
This is, in fact, The Best way to make PKI work. But it's not that there are multiple "levels" of PK encryption. It's that there are multiple attestations ("that key belongs to that person") in parallel, chosen by the users (and the details of their choice not strictly known to the attacker, though assuming they use gpg's defaults are a pretty decent bet), and for the output to be wrong, all the certs have to be consistently wrong.
The strength of a good WoT connection is that it requires the attacker to develop a wide conspiracy (and those are hard to keep secret) rather than coercing central authorities (which can be kept secret, though amusingly, we've learned it doesn't even have to be a secret in order to work). It multiplies defection probability estimates, quickly turning it into a pretty small number. (The downside is that the chaining does the opposite, so you've really gotta get out there and build up a lot of links. And yet, at least chaining is better than nothin'.)
Verisign can keep a NSL secret. The dozen people that you know, all of which signed a government's or criminal's replacement key for the guy that you're trying to talk to, can't keep the NSL secret.
Open source is just one more whole that they can insert malicious code into. They can still go up to the head of the open source organization and says "you must include this back-door in your program, or go to jail"
But then they also have to persuade all the users to adopt that fork. "Use crappy software or go to jail," didn't even work for the MPAA, so why does the NSA think they have a chance?;-)
gpg in javascript is something that you download from an untrustable server, before every time you use it. And then you throw it away when you're done, so if that one copy on that one day was different, you'll probably never know.
gpg in machine code, you get once, possibly before you ever became a specific person of interest to your adversary, or they even knew who was downloading it since your apt-get's curl or wget command probably didn't send a fucking email address saying "I'm so and so, and I want some software that I'm going to tell my passphrase to," and your package manager probably has a checksum for it, so if it was different than "normal" (wheat millions of other e.g. Ubuntu users are using), your chances are much better that you might notice. And if it's the same and everyone's is compromised, maybe someone noticed.
The who situations are incomparable. Ubuntu's copy of gpg probably isn't comrpomised. We know for sure (this isn't speculation) that some web mail servers have served compromised crypto code (though it was java, not javascript, in the hushmail case) for purposes of getting the private key.
Is this all, really not obvious and not common knowledge to everyone? That would be disappointing. Fortunately, I refuse to believe that.
Paypal is scum, yadda yadda yadda. Not arguing that. In this situation, though, they might be doing the world a favor.
What this project is doing, looks like some kind of snakeoil thing. GPG and webmail? How can than possibly not be (putting it meanly) stupid and broken or (putting it nicely) a technological step backwards from 1990s email security tech?
If the server is sending plaintext to the relatively "OpenPGP-stupid" web browser, and assuming plenty of people will be hosting on VPSes not under their physical control, then the private keys are going to be extremely vulnerable. If the server is sending the ciphertext, then it must also be sending "gpg-written-in-javascript" to the browser, so that the browser can work with openpgp data, so that will be the attack point.
There's just no way webmail will be securable, until either:
1) browsers come with built in OpenPGP support, or make shell calls to GPG to do it, or something like that. And if that ever happens, then you might as well just add IMAP support to the browser too, and maybe call the browser "Navigator" instead of "Firefox." There's no reason to use webmail if you have a browser that capable.
or 2) people really self-host; i.e. you're going to trust the server to have your private keys, so it's at home, or better yet, the server is in your pocket (and is probably the same machine you're running the web browser on, once again raising the "why webmail?" question), not in some datacenter.
There are already tons of very capable email clients that have excellent GPG integration, and it sure as hell doesn't anywhere near a hundred thousand dollars to get them. Use one of them instead of some webmail horseshit, and fund whatever improvements you want. Not only will you get something vastly more secure, it'll be cheaper too.
I don't really like being a negative nellie asshole on this one. The mailpile team strikes me as not-stupid people with good intentions. That makes it all the more mystifying that they would try to get webmail to work; they're got to already know that the idea itself is flawed, no matter how good a job they do on it. But then I thought the same thing about Silent Circle, another obviously-dumb idea who anyone could see was vulnerable to server coercion. (and lavabit too, though I didn't even know they existed until they didn't exist.) Silent Circle was particularly disappointing, given who was behind it.
I'm not saying the classical (but secure!!) approach doesn't have difficulties for novice users, but anyone who tries to handwave those problems away by relying on trusting servers, should not be considered to be really working on the problem.
You seem to forget that the Constitution grants powers from the people to the government, not the other way around.
Even a pretty anarchic libertarian is going to think that the Interstate Commerce clause, has some kind of non-abused non-perverted legitimate meaning, where The People really did intend to grant some sort of power over something. No?
How broadly those words were meant, is something worth fighting about, sure. But if someone buys a ticket to use a commercial airplane, where the airplane crosses state lines it's not totally crazy that the federal government has the power to regulate that commerce. Maybe it's wrong (probably not, though), but it's not on-the-face-of-it totally stupid, is it?
We shouldn't be outraged if the feds happen to think they're allowed to be involved in this.
The part I don't get, is why the federal government thinks that its regulatory power is best used, by turning the transaction into some kind of broken fraud thing. It's like there's some regulator dude, and he gets the bright idea, "I know how we can best regulate this trade! Let's make it randomly break sometimes, where people buy tickets and make plans, and then at the last moment they get surprised by not being allowed to get their money's worth for the ticket, and their other plans are disrupted and their hotel bill is for nothing, and we don't even tell them ahead of time or why." To that guy, I just wanna give a big FUCK YOU, and I wanna tell who ever opposed the plaintiffs in this case, to fucking drop it and concede that the government screwed those people with its evil and incompetence.
But evil and incompetence aside, the power just might have been granted. Just like if, for example, Congress decided that to mail a letter, you have to pee in a cup. It would be stupid, but running the post is one of the their powers, to fuck up however they may. But fucking things up with evil, stupidity, shortsighted incompetence with malice toward the American people, and exceeding Constitutional authority are two different things.
If 99% of the voters say "the Republicrats say it's Interstate Commerce and I'm going to keep voting Republicrat" then it's within federal powers.
(Not their constitution-granted powers, just their legitimate-by-might powers. But don't we all pretty much agree, that Might is all we care about? If not, please cite.)
Amazing that in 2013, HTML still cannot perform even half the functions a PDF can do. This includes, for example, non-flow oriented precise layout.
Amazing that in 2013, anyone could still see non-flow oriented precise layout as a feature, rather than as a bug.
You don't know the type of device I'm reading on, you don't know what size or shape its screen is, you don't know what size or shape the window within the screen is, you don't know my personal preference for fonts and their sizes. And you want to try to have the server lay out text?
I know what happened. We all pretend it's just innocent joking and no one is ever really harmed by it, but I think this is proof that sometimes real damage is done. It has gone on long enough, beyond what's necessary and beyond the limits of respecting human dignity. Enough. I'm going to end it.
Attention, people who think servers should be laying out text. You have been tricked by an unethical news media, and mocked by the cruel bastards of the tech world. Here's the deal: many years ago, you started hearing about the increasing popularity of "tablets." You made a common-sense and reasonable assumption about what that meant, and no one corrected you (the bastards!!!). Initially, you thought "this changes everything!" and came to the conclusion that pre-rendered text would be a reasonable lowest-common-denom that everyone could live with. But it was all based on an erroneous, if well-meaning, assumption.
The tablets are NOT made out of stone or clay or even plastic. They are NOT the output of those "3D printers" that you keep hearing about, where you assumed people download and "print" your stuff, so that they can read the tablet later on the subway, and you wanted to help with the rendering. The tablets are just touchscreen computers, and can run web browsers, pretty much just like desktop computers. There are some minor differences, but the overall quality of the HTML rendering engine,s on even the worst of them, is actually excellent and flowing text works great. That means your desktop users can go back to flowing text too. Hope this helps.
And to all of you heartless sadists that resent me letting the cat out of the bag, ending your prank: fuck you. It had gone on long enough, and the consequences were starting to get really irritating.
I'm a US citizen that's strongly opposed to all of this bullshit. I've lost my own patience for my government. What should people like me do to show people like you that we're just as fed up as you are, if not more?
Fuck it. It's not true, but if it helps, think of it like this: the president ordered the NSA to order Snowden to "leak" what they've been up to, as a sort of Public Service Announcement to America and the rest of the world, to make us think about privacy issues.
Your own federal government is just one of a hundred potential adversaries. The fact that they intercept network traffic is not merely a statement from your government that they have malicious intent. It's also a proof-of-concept that there are technical problems with the network; that parties with malicious intent are able to do damage. And that means that even if your government didn't have malicious intent, you would still have the problem and adversaries would still be spying on you.
You can't solve that second half of the problem by running for Congress or persuading your government to become benevolent. You solve it by working on key exchange. That is what everyone needs, because we have had some great tech for decades now, but there's some kind of difficulty that is keeping people from using it. Solve it, for everyone from grandma to teenager, and you're the hero of the century.
If you want to work on the civics problem in parallel with the technical+techsocial problems, ok. But don't for a moment ever lie to yourself and think it will make one iota of difference as to how much privacy anyone has. The AC you replied to, doesn't get it. The US government isn't his real problem either; he just thinks it is. He hopes his bitching will shame one of the adversaries on his hundred-long list, to shape up and behave civilized, leaving him with a mere 99 to go. That is a doomed strategy.
Normal Person: I don't know, don't care and don't think it's possible to prove a damned thing
Exactly. And an atheist is a normal person, who has learned how to learn. When faced with an "I don't know" situation where there is no shred of evidence to make them even suspect that a very strange possibility even might be true, he uses Occam's Razor. This is how people figured out there aren't any unicorns, for example, instead of going around, hilariously saying, "I don't know if there are unicorns." Indeed, it's how we know there exists gravity and light, instead of thinking "I don't know for sure that I'm not in The Matrix, where those phenomena are simulated." The atheist thinks in terms of evidence, rather than mathematical proofs.
It's "Unmaintainability Through Obscurity." There never was any (even falsely-justified) security component to it. Nobody is going to say this has somehow made Dropbox less safe.
Slashdot Mirror
This might sound like a great idea at first, but remember what happened to Howard Beale. I'm warning you, terrorists: you can go on killing people, but DO NOT fuck with primal forces of nature.
It sounds like he does indeed know how it works very well. It's actually a great idea, which is why PGP defaults (I think) to requiring about three "moderately trusted" CAs to agree, in order to confirm an identity. Upgrading from our current luddite stuff to gleaming new 1991 tech would be fantastic, and is pretty warranted, when you think about how silly our current situation is. Treating something like Verisign as a fully trusted introducer? ha! They're not that trustworthy, but they're not useless, either. PGP's concept of differing degrees of trust, gets it about right and would be a huge step forward.
Why would a gambler want their opponents to have improved estimates of the odds?
Somebody didn't think very hard before they suggested this idea.
If computers were able to detect copyright infringement, then there wouldn't be any DRM, or if there was DRM, nobody would have a problem with how it worked, and so there wouldn't be enough infringement for anyone to want to block.
If computers were able to detect copyright infringement, then HBO's DMCAbot wouldn't be sending takedown notices to Google for half of the pages on the web that use the word "boardwalk" or "thrones" somewhere in their text.
But computers aren't able to detect copyright infringment, and to date, every single attempt to have them try to do it, has resulted in over-the-top comedic failure that was deployed thirty years before it was ready.
Nobody's computer ever went to law school and learned the difference between infringing and non-infringing uses. Geez, ask experts whether or an H.P. Lovecraft story is still under copyright, and you can get two different answers. And you want computers to accurately identify each work, know its publication history, know whether or not its distribution is authorized, understand the nature of a use asnd its effect on the market, and then have the smarts to put all the facts together and come up with "infringing" vs "non-infringing"?
Tell you what. If I ever get a message from Google about DMCA-blocked search result that isn't absurd bullshit, or if I ever hear about a DRM scheme that doesn't prevent innocent noninfringing uses, then the idea may start to have some credibility. Until then, seriuously asking for Google to identify copyright infringement, is like seriously asking your Honda dealer where the lot with the flying cars is.
Keep your facts out of my rant!
It makes perfect sense for it to be using something that a user's unprivileged application is incapable of intercepting and acting upon. Computers are so tiny and cheap these days, that I think a lot kids forget that we really did used to have multi-user systems (instead of everyone having their own smartphone). And in multi-user systems, users really DO write fake-login programs, in order to trick other users into giving up their passwords. Do you really think a typical teenage programmer can't write an XDM-lookalike program to trick you? MS was thinking of that, at the time, and they came up with a reasonably good countermeasure to the problem.
Don't like it? Ok. I'll admit it's ugly. But what's your better (or even just-as-good) idea? AFAICT rival platforms address the problem by ignoring it. And as we're kind of drifting into a single-user systems, maybe that even makes sense, but I'm not sure it made sense to ignore the problem ten or twenty years ago.
Bloody hell, there are/were so many reasons to either hate or mock Microsoft. And this? This is like going to job interview and being asked to list your faults. "I'm afraid I work too hard, sometimes to the detriment of my personal life. And I sometimes lose sight of my employer's desire to serve the community, instead getting bogged down with greedy concerns about increasing company revenue." Oh, Bill, you're so humble to admit this "mistake."
Apple Maps lacks the capacity to send anyone anywhere. What happened is that it made a stupid recommendation, as computers are apt to do, and as most people know computers are apt to do. And a small fraction of stupid/negligent/careless/malicious people blindly followed the recommendation, apparently unable to read signs or use common sense about whether or not to drive on runways.
If the airport people had been smart, then instead of putting up barriers (well, actually, maybe that's a good idea anyway, stupid maps or not) and "complaining to" Apple, they would have made fun of Apple and got an airport cop to profitably ticket all the stupid people who think it's ok to drive on airport runways.
The more I think of it, what we have here, is a way to mechanically catch the very worst/stupidest/most_negligent_and_dangerous drivers on the road. Cities ought to be making deals with Apple and Google to route morons into places where they'll prove to courts that they are incompetent drivers, and then we can have them removed from traffic, or at least their points will reflect the higher risks they pose and maybe their insurance rates will become more in line with the risks they choose, so everyone else can pay a little less. Everyone wins. I'm not sure it would even be entrapment, because most jurors would realize that the driver was stupid and negligent even before the city paid for the joke directions.
"R2D2, you know better than to trust a strange computer."
Imagine a world where every HTTP request has DNT:1, and you're a server. What does that header tell you? Do you have a branch in your code, where the value of the header influences your code's behavior? Or is the header just wasted bandwidth, since it doesn't actually tell you anything?
DNT cannot be "fixed." It is already as powerful as it can possibly be. Go back from the server's PoV to the user's: can you even imagine how you would implement a situation where an HTTP header somehow magically forces other peoples' computers to forget things? DNT not a "technical measure" in DMCA-speak; it's an expression of a user's preference.
DNT's expression is advisory and it always will be, at best. The most you can ever possibly change it, would be to push it from advisory and informative, to ignored -- from possibly useless to definitely useless.
That's why it should default to unset, neither on nor off. It is only through an act of the user's will, that the header can possibly contain information, in the hopes that the server chooses to use it (and hoping to persuade someone else's computer to act a certain way, is the upper bound in what you can hope to achieve; that is the best case scenario). If you make it default to something other than unset, then you have removed information and lowered the probability that the server chooses to act the way you want it to. Whatever value DNT has, will be decreased.
Windows already has that, using a fancy filesystem API which was implemented by something called "Samba."
No, I heard the project got re-homed and is being actively developed, somewhere in Russia.
You had to exercise your freedom to put yourself into the walled garden. By default, everyone's speech starts out free and they do things to put limitations on themselves. Don't do that. Or reverse your earlier decision to stop being free.
Even if you're required to use Facebook for work or something like that, it's not like anybody makes you use Facebook for your own actual speech.
It takes a lot of work and inconvenience to keep yourself from being free. Just don't go to all that extra trouble, and you ought to be fine.
Remember that the reason they're your ISP, is that you gave power to the government, who made a deal with them to forcefully prevent competitors, grant easements, and other favors that most people don't get, and that no business would never have in a free market.
The terms of that deal are negotiable. Since we now know that some ISPs have caps, "no caps" should be in all future terms.
You don't need to take back control, you just have to stop continuously ceding control to them.
Let me phrase this as ridiculously as possible, to make it easier to see how comically awful our decisions are:
The next time someone tells you to not install gpg, to not generate a key, and not cross-sign with people you know, tell them "no, I'm going to do those things."
The next time someone suggests you use webmail instead of a mail client that can encrypt and decrypt messages on a computer that you control, tell them, "no, I'd rather use my common sense instead of doing something obviously stupid."
The next time someone tells you that using a single high-stature central faceless corporation as the sole trusted introducer to authenticate a public key, tell them "that's insane on the face of it, and even 20 years ago, before HTTPS was invented, everybody knew that, which is why PGP was based on the opposite idea."
The joke, of course, is that (almost) nobody is ever there, really telling us to do things that we already know are insecure. We do those insecure things for other reasons, and usually those reasons have jack shit to do with governments pointing guns at our faces, telling us to be insecure. Democrats and Republicans aren't causing our problem here (though our underlying problem may be why we keep electing Democrats and Republicans). We do it because we don't give a fuck. If you start giving a fuck, many options become easier to see.
Or somebody is putting his name on the line. Did you check the fingerprint? ;-)
There mere fact that you're being investigated already means they're convinced you're hiding something. Even before they find out you're using TrueCrypt, you have already lost and they've already decided to torture/terrorize/imprison/expensively_annoy you.
The tech is irrelevant in cases like this. Imagine the same scenario, where you're not using TrueCrypt, and you simply don't have the data that they want. Same exact outcome.
This is, in fact, The Best way to make PKI work. But it's not that there are multiple "levels" of PK encryption. It's that there are multiple attestations ("that key belongs to that person") in parallel, chosen by the users (and the details of their choice not strictly known to the attacker, though assuming they use gpg's defaults are a pretty decent bet), and for the output to be wrong, all the certs have to be consistently wrong.
The strength of a good WoT connection is that it requires the attacker to develop a wide conspiracy (and those are hard to keep secret) rather than coercing central authorities (which can be kept secret, though amusingly, we've learned it doesn't even have to be a secret in order to work). It multiplies defection probability estimates, quickly turning it into a pretty small number. (The downside is that the chaining does the opposite, so you've really gotta get out there and build up a lot of links. And yet, at least chaining is better than nothin'.)
Verisign can keep a NSL secret. The dozen people that you know, all of which signed a government's or criminal's replacement key for the guy that you're trying to talk to, can't keep the NSL secret.
But then they also have to persuade all the users to adopt that fork. "Use crappy software or go to jail," didn't even work for the MPAA, so why does the NSA think they have a chance? ;-)
gpg in javascript is something that you download from an untrustable server, before every time you use it. And then you throw it away when you're done, so if that one copy on that one day was different, you'll probably never know.
gpg in machine code, you get once, possibly before you ever became a specific person of interest to your adversary, or they even knew who was downloading it since your apt-get's curl or wget command probably didn't send a fucking email address saying "I'm so and so, and I want some software that I'm going to tell my passphrase to," and your package manager probably has a checksum for it, so if it was different than "normal" (wheat millions of other e.g. Ubuntu users are using), your chances are much better that you might notice. And if it's the same and everyone's is compromised, maybe someone noticed.
The who situations are incomparable. Ubuntu's copy of gpg probably isn't comrpomised. We know for sure (this isn't speculation) that some web mail servers have served compromised crypto code (though it was java, not javascript, in the hushmail case) for purposes of getting the private key.
Is this all, really not obvious and not common knowledge to everyone? That would be disappointing. Fortunately, I refuse to believe that.
Paypal is scum, yadda yadda yadda. Not arguing that. In this situation, though, they might be doing the world a favor.
What this project is doing, looks like some kind of snakeoil thing. GPG and webmail? How can than possibly not be (putting it meanly) stupid and broken or (putting it nicely) a technological step backwards from 1990s email security tech?
If the server is sending plaintext to the relatively "OpenPGP-stupid" web browser, and assuming plenty of people will be hosting on VPSes not under their physical control, then the private keys are going to be extremely vulnerable. If the server is sending the ciphertext, then it must also be sending "gpg-written-in-javascript" to the browser, so that the browser can work with openpgp data, so that will be the attack point.
There's just no way webmail will be securable, until either:
1) browsers come with built in OpenPGP support, or make shell calls to GPG to do it, or something like that. And if that ever happens, then you might as well just add IMAP support to the browser too, and maybe call the browser "Navigator" instead of "Firefox." There's no reason to use webmail if you have a browser that capable.
or 2) people really self-host; i.e. you're going to trust the server to have your private keys, so it's at home, or better yet, the server is in your pocket (and is probably the same machine you're running the web browser on, once again raising the "why webmail?" question), not in some datacenter.
There are already tons of very capable email clients that have excellent GPG integration, and it sure as hell doesn't anywhere near a hundred thousand dollars to get them. Use one of them instead of some webmail horseshit, and fund whatever improvements you want. Not only will you get something vastly more secure, it'll be cheaper too.
I don't really like being a negative nellie asshole on this one. The mailpile team strikes me as not-stupid people with good intentions. That makes it all the more mystifying that they would try to get webmail to work; they're got to already know that the idea itself is flawed, no matter how good a job they do on it. But then I thought the same thing about Silent Circle, another obviously-dumb idea who anyone could see was vulnerable to server coercion. (and lavabit too, though I didn't even know they existed until they didn't exist.) Silent Circle was particularly disappointing, given who was behind it.
I'm not saying the classical (but secure!!) approach doesn't have difficulties for novice users, but anyone who tries to handwave those problems away by relying on trusting servers, should not be considered to be really working on the problem.
Even a pretty anarchic libertarian is going to think that the Interstate Commerce clause, has some kind of non-abused non-perverted legitimate meaning, where The People really did intend to grant some sort of power over something. No?
How broadly those words were meant, is something worth fighting about, sure. But if someone buys a ticket to use a commercial airplane, where the airplane crosses state lines it's not totally crazy that the federal government has the power to regulate that commerce. Maybe it's wrong (probably not, though), but it's not on-the-face-of-it totally stupid, is it?
We shouldn't be outraged if the feds happen to think they're allowed to be involved in this.
The part I don't get, is why the federal government thinks that its regulatory power is best used, by turning the transaction into some kind of broken fraud thing. It's like there's some regulator dude, and he gets the bright idea, "I know how we can best regulate this trade! Let's make it randomly break sometimes, where people buy tickets and make plans, and then at the last moment they get surprised by not being allowed to get their money's worth for the ticket, and their other plans are disrupted and their hotel bill is for nothing, and we don't even tell them ahead of time or why." To that guy, I just wanna give a big FUCK YOU, and I wanna tell who ever opposed the plaintiffs in this case, to fucking drop it and concede that the government screwed those people with its evil and incompetence.
But evil and incompetence aside, the power just might have been granted. Just like if, for example, Congress decided that to mail a letter, you have to pee in a cup. It would be stupid, but running the post is one of the their powers, to fuck up however they may. But fucking things up with evil, stupidity, shortsighted incompetence with malice toward the American people, and exceeding Constitutional authority are two different things.
If 99% of the voters say "the Republicrats say it's Interstate Commerce and I'm going to keep voting Republicrat" then it's within federal powers.
(Not their constitution-granted powers, just their legitimate-by-might powers. But don't we all pretty much agree, that Might is all we care about? If not, please cite.)
Amazing that in 2013, anyone could still see non-flow oriented precise layout as a feature, rather than as a bug.
You don't know the type of device I'm reading on, you don't know what size or shape its screen is, you don't know what size or shape the window within the screen is, you don't know my personal preference for fonts and their sizes. And you want to try to have the server lay out text?
I know what happened. We all pretend it's just innocent joking and no one is ever really harmed by it, but I think this is proof that sometimes real damage is done. It has gone on long enough, beyond what's necessary and beyond the limits of respecting human dignity. Enough. I'm going to end it.
Attention, people who think servers should be laying out text. You have been tricked by an unethical news media, and mocked by the cruel bastards of the tech world. Here's the deal: many years ago, you started hearing about the increasing popularity of "tablets." You made a common-sense and reasonable assumption about what that meant, and no one corrected you (the bastards!!!). Initially, you thought "this changes everything!" and came to the conclusion that pre-rendered text would be a reasonable lowest-common-denom that everyone could live with. But it was all based on an erroneous, if well-meaning, assumption.
The tablets are NOT made out of stone or clay or even plastic. They are NOT the output of those "3D printers" that you keep hearing about, where you assumed people download and "print" your stuff, so that they can read the tablet later on the subway, and you wanted to help with the rendering. The tablets are just touchscreen computers, and can run web browsers, pretty much just like desktop computers. There are some minor differences, but the overall quality of the HTML rendering engine,s on even the worst of them, is actually excellent and flowing text works great. That means your desktop users can go back to flowing text too. Hope this helps.
And to all of you heartless sadists that resent me letting the cat out of the bag, ending your prank: fuck you. It had gone on long enough, and the consequences were starting to get really irritating.
Fuck it. It's not true, but if it helps, think of it like this: the president ordered the NSA to order Snowden to "leak" what they've been up to, as a sort of Public Service Announcement to America and the rest of the world, to make us think about privacy issues.
Your own federal government is just one of a hundred potential adversaries. The fact that they intercept network traffic is not merely a statement from your government that they have malicious intent. It's also a proof-of-concept that there are technical problems with the network; that parties with malicious intent are able to do damage. And that means that even if your government didn't have malicious intent, you would still have the problem and adversaries would still be spying on you.
You can't solve that second half of the problem by running for Congress or persuading your government to become benevolent. You solve it by working on key exchange. That is what everyone needs, because we have had some great tech for decades now, but there's some kind of difficulty that is keeping people from using it. Solve it, for everyone from grandma to teenager, and you're the hero of the century.
If you want to work on the civics problem in parallel with the technical+techsocial problems, ok. But don't for a moment ever lie to yourself and think it will make one iota of difference as to how much privacy anyone has. The AC you replied to, doesn't get it. The US government isn't his real problem either; he just thinks it is. He hopes his bitching will shame one of the adversaries on his hundred-long list, to shape up and behave civilized, leaving him with a mere 99 to go. That is a doomed strategy.
Exactly. And an atheist is a normal person, who has learned how to learn. When faced with an "I don't know" situation where there is no shred of evidence to make them even suspect that a very strange possibility even might be true, he uses Occam's Razor. This is how people figured out there aren't any unicorns, for example, instead of going around, hilariously saying, "I don't know if there are unicorns." Indeed, it's how we know there exists gravity and light, instead of thinking "I don't know for sure that I'm not in The Matrix, where those phenomena are simulated." The atheist thinks in terms of evidence, rather than mathematical proofs.
It's "Unmaintainability Through Obscurity." There never was any (even falsely-justified) security component to it. Nobody is going to say this has somehow made Dropbox less safe.