Well, in hindsight, "very rare" was a bit hyperbolic. What I had in mind was that Windows wants to reboot pretty much once per week. I don't have any other operating systems (Linux or otherwise) that needs it that frequently.
compromising my email would probably net a clever attacker access to that money.
This made me do a quick mental inventory -- I don't think I have any emails that would give attackers enough information to drain my accounts -- but my email archives go back nearly two decades, so I can't be sure.
In any case, they're all encrypted, and my private key does not exist on any of my servers. Plus, between the whole disk encryption and the email storage encryption, if the server is rebooted, they'd need to crack two layers of encryption. Not a guarantee, of course, but I consider it adequate.
I should disclose, though, that I've been working in computer security (with an emphasis on network security) for years now, an so I'm more cautious -- or paranoid, if you prefer -- and capable than the average user.
SMS auth is turned *off*.
Smart man!
With constant scrutiny you can minimize that risk
Yes. I am a weirdo, but I do routine security audits (at a minimum, I at least actually examine my logs) and use tripwire systems and honeypots, too. The idea being that if I miss something, or am unable to do a routine audit, then there's a decent chance that one of the canaries will cry out and spur me to take a closer look.
Sure, but that hardly rises to the level of a "problem". Or, at least, it's such a tiny problem that the pain of transitioning to a new connector is a larger problem.
Im a bit of a linux noob, but doesnt a new kernel get released like at least once a month?
It depends on what you mean by "get released". There tends to be 2-3 updates per month from the kernel developers, but most distros don't update as often as that. I don't use Ubuntu so I don't know their update policy. Once per month is certainly possible.
Am i doing linux wrong?
That's impossible to say without knowing your requirements and what your procedures are.
Grub has to rebuild itself and the machine has to reboot to use the new kernel.
This is true. My point wasn't that you never have to reboot, it was that you have complete control over when that happens. And what you're describing bears that out: you are choosing when to reboot!
Well, Google does encrypt your email (and everything else) at rest.
...which was half of my original question. That's good news, and I'm happy to get an answer! Particularly from someone who actually works for Google.
Fundamentally, though, either you trust your email provider not to read your email or you encrypt everything before it gets to them.
This is true. Not only your email provider, but the email provider at the other end of the communication (and every server in between, if the mail was relayed). The fact remains that sending an email is analogous to sending a postcard through the postal service in terms of security while in transit.
In my view, the larger security risk is when the email is stored, though.
assuming you can secure it adequately, which is much harder than it appears.
This is 100% true. In fact, I would go so far to say that if you think you have it fully secured, you are probably mistaken. There are too many ways for it to go wrong while looking for all the world like it's going right.
In particular, there is no way that your mail server has anything remotely like the level of physical security that Gmail servers do.
Also true, but not as important. If people have gained access to my home, the security of my email is perhaps the least of my security problems.
Although it would still be a pain (but certainly possible) to subvert. My basic assumption with my security measures is that all machines and networks, inside and out, are already subverted -- so I don't trust anything just because it's sitting on my side of the firewall.
How do you know the provider isn't storing a journal of pre-encrypted e-mails?
How do you know the provider hasn't received a National Security Letter forbidding them to tell anyone that they've been ordered to store the plain-text e-mails for you before encryption?
You don't, obviously -- but if you need that level of security, then you shouldn't be using this sort of email provider. What encrypting the data at rest gets you is protection against attackers that may have gained access to the mailserver's database. It doesn't protect you against a malicious or incompetent service provider, and it certainly doesn't protect you against governmental attention.
Still, it would be stronger protection against non-governmental attackers than what they're doing.
That's not true, it's done all the time. That's the main benefit of public key encryption: the key you use to encrypt and the key you use to decrypt are two different things. The provider holds the public key and uses that to encrypt. It doesn't hold the private key that is required to decrypt.
Do you consider it a hassle when Ubuntu wants to reboot to install a new kernel?
I wasn't commenting on the rebooting. But now that you bring it up, no, I don't consider it a hassle if Linux wants to reboot, because I get to choose exactly when that happens. It's also very rare.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems.
Yes, that's why it's an incomplete solution -- but better than what Google is offering here. If the mail is encrypted at rest, that eliminates quite a lot of risk.
What provider do you use?
I run my own mailserver, but I do know there are multiple viable options if you want a third party solution.
I don't think of those as exceptions, but I guess technically they are. The reason I don't think of them as exceptions is because they're just cutting out the middleman while retaining the sort of behavior I object to.
"Secure" is a word that is meaningless without a threat model.
Not meaningless, but your point is solid. In the absence of specifying a threat model, I take "secure" as meaning "nobody can access the data without my permission".
Also, it's worth noting that you probably don't actually want the thing you're asking for.
Oh yes I do. I go to a fair bit of effort right now to make sure I have it.
Key management is hard.
It's not hard, exactly, but it does take ongoing attention.
You need to use another email client and use S/MIME or PGP mail.
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
In 2 years a phone that you buy today will likely be ready for replacement anyway
It depends on what you mean by "ready for replacement". My phone is 3 years old right now. If it only lasts another 2 years, I'll be very disappointed in it.
I mean, we're not allowed to change out the battery any longer
There are still excellent phones that have easily replaceable batteries (and I have no problem replacing batteries in phones that don't have replaceable batteries anyway). The bigger issue to me is whether or not they have an SD card slot.
But you're right -- non-replaceable batteries, missing SD card slots, and missing headphone jacks (until there's an acceptable replacement for those) are serious deficiencies in the latest crop of phones.
I guess, in the end, none of this USB really affects me, since the direction the industry is going makes me really suspect that I'll be buying older model and used phones moving forward into the future.
I'm not going to be "that guy" who screams "Linux" at every opportunity, so I'll just point out that there are more choices available than Apple or Microsoft.
Slashdot Mirror
A city that serves as a sandbox for Google? Sounds like a great place not to go.
Well, in hindsight, "very rare" was a bit hyperbolic. What I had in mind was that Windows wants to reboot pretty much once per week. I don't have any other operating systems (Linux or otherwise) that needs it that frequently.
compromising my email would probably net a clever attacker access to that money.
This made me do a quick mental inventory -- I don't think I have any emails that would give attackers enough information to drain my accounts -- but my email archives go back nearly two decades, so I can't be sure.
In any case, they're all encrypted, and my private key does not exist on any of my servers. Plus, between the whole disk encryption and the email storage encryption, if the server is rebooted, they'd need to crack two layers of encryption. Not a guarantee, of course, but I consider it adequate.
I should disclose, though, that I've been working in computer security (with an emphasis on network security) for years now, an so I'm more cautious -- or paranoid, if you prefer -- and capable than the average user.
SMS auth is turned *off*.
Smart man!
With constant scrutiny you can minimize that risk
Yes. I am a weirdo, but I do routine security audits (at a minimum, I at least actually examine my logs) and use tripwire systems and honeypots, too. The idea being that if I miss something, or am unable to do a routine audit, then there's a decent chance that one of the canaries will cry out and spur me to take a closer look.
Again, not perfect -- but what is?
Sure, but that hardly rises to the level of a "problem". Or, at least, it's such a tiny problem that the pain of transitioning to a new connector is a larger problem.
Im a bit of a linux noob, but doesnt a new kernel get released like at least once a month?
It depends on what you mean by "get released". There tends to be 2-3 updates per month from the kernel developers, but most distros don't update as often as that. I don't use Ubuntu so I don't know their update policy. Once per month is certainly possible.
Am i doing linux wrong?
That's impossible to say without knowing your requirements and what your procedures are.
Grub has to rebuild itself and the machine has to reboot to use the new kernel.
This is true. My point wasn't that you never have to reboot, it was that you have complete control over when that happens. And what you're describing bears that out: you are choosing when to reboot!
Well, Google does encrypt your email (and everything else) at rest.
...which was half of my original question. That's good news, and I'm happy to get an answer! Particularly from someone who actually works for Google.
Fundamentally, though, either you trust your email provider not to read your email or you encrypt everything before it gets to them.
This is true. Not only your email provider, but the email provider at the other end of the communication (and every server in between, if the mail was relayed). The fact remains that sending an email is analogous to sending a postcard through the postal service in terms of security while in transit.
In my view, the larger security risk is when the email is stored, though.
assuming you can secure it adequately, which is much harder than it appears.
This is 100% true. In fact, I would go so far to say that if you think you have it fully secured, you are probably mistaken. There are too many ways for it to go wrong while looking for all the world like it's going right.
In particular, there is no way that your mail server has anything remotely like the level of physical security that Gmail servers do.
Also true, but not as important. If people have gained access to my home, the security of my email is perhaps the least of my security problems.
Although it would still be a pain (but certainly possible) to subvert. My basic assumption with my security measures is that all machines and networks, inside and out, are already subverted -- so I don't trust anything just because it's sitting on my side of the firewall.
How do you know the provider isn't storing a journal of pre-encrypted e-mails?
How do you know the provider hasn't received a National Security Letter forbidding them to tell anyone that they've been ordered to store the plain-text e-mails for you before encryption?
You don't, obviously -- but if you need that level of security, then you shouldn't be using this sort of email provider. What encrypting the data at rest gets you is protection against attackers that may have gained access to the mailserver's database. It doesn't protect you against a malicious or incompetent service provider, and it certainly doesn't protect you against governmental attention.
Still, it would be stronger protection against non-governmental attackers than what they're doing.
There was a time when people here would actually discuss the new features of a Windows update.
There was also a time when Windows didn't force their updates on you whether you wanted them or not.
I suspect that your observation and my observation are likely related.
I don't use Ubuntu, but I also don't sweat LTS releases. If I'm not ready to update stuff, I just don't update it until I am ready.
Yeah, that's one of the reasons why I don't use Ubuntu.
I find the fact that you can just grab any random cable and charge your phone positively amazing.
But I have that right now with micro-USB. In fact, USB-C adoption will break that for me until everything switches to it.
Ah, I see now. I was being snarky. Sorry for the confusion!
That's not true, it's done all the time. That's the main benefit of public key encryption: the key you use to encrypt and the key you use to decrypt are two different things. The provider holds the public key and uses that to encrypt. It doesn't hold the private key that is required to decrypt.
Do you consider it a hassle when Ubuntu wants to reboot to install a new kernel?
I wasn't commenting on the rebooting. But now that you bring it up, no, I don't consider it a hassle if Linux wants to reboot, because I get to choose exactly when that happens. It's also very rare.
I didn't think Google said it. It's press hyperbole.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems.
Yes, that's why it's an incomplete solution -- but better than what Google is offering here. If the mail is encrypted at rest, that eliminates quite a lot of risk.
What provider do you use?
I run my own mailserver, but I do know there are multiple viable options if you want a third party solution.
Good god, how I dread these things. They always cost me time and hassle.
I don't think of those as exceptions, but I guess technically they are. The reason I don't think of them as exceptions is because they're just cutting out the middleman while retaining the sort of behavior I object to.
I don't care why this is the case, only that is is the case.
Oh, and I forgot the most important part:
None of what you say changes the fact that this change in no way makes GMail "the most secure email provider on the planet".
"Secure" is a word that is meaningless without a threat model.
Not meaningless, but your point is solid. In the absence of specifying a threat model, I take "secure" as meaning "nobody can access the data without my permission".
Also, it's worth noting that you probably don't actually want the thing you're asking for.
Oh yes I do. I go to a fair bit of effort right now to make sure I have it.
Key management is hard.
It's not hard, exactly, but it does take ongoing attention.
You need to use another email client and use S/MIME or PGP mail.
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
In 2 years a phone that you buy today will likely be ready for replacement anyway
It depends on what you mean by "ready for replacement". My phone is 3 years old right now. If it only lasts another 2 years, I'll be very disappointed in it.
I mean, we're not allowed to change out the battery any longer
There are still excellent phones that have easily replaceable batteries (and I have no problem replacing batteries in phones that don't have replaceable batteries anyway). The bigger issue to me is whether or not they have an SD card slot.
But you're right -- non-replaceable batteries, missing SD card slots, and missing headphone jacks (until there's an acceptable replacement for those) are serious deficiencies in the latest crop of phones.
I guess, in the end, none of this USB really affects me, since the direction the industry is going makes me really suspect that I'll be buying older model and used phones moving forward into the future.
So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?
Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".
And yes, I do use Mc. hardware
Apparently not enough to spell "Mac", though.
I'm not going to be "that guy" who screams "Linux" at every opportunity, so I'll just point out that there are more choices available than Apple or Microsoft.