compromising my email would probably net a clever attacker access to that money.
This made me do a quick mental inventory -- I don't think I have any emails that would give attackers enough information to drain my accounts -- but my email archives go back nearly two decades, so I can't be sure.
It's not so much about your archives. Old emails are very useful for social engineering -- and looking for "security question" answers -- but the real benefit is that your online accounts generally use your email as proof of identity for password reset.
I should disclose, though, that I've been working in computer security (with an emphasis on network security) for years now, an so I'm more cautious -- or paranoid, if you prefer -- and capable than the average user.
I've been doing security consulting and engineering for 20+ years, and I ran my own mail server -- with a highly paranoid configuration -- for most of that time. After I joined Google and got a look at how Gmail security is set up, I moved my archives into Gmail and not only do I no longer have to put all that time into it, but I'm quite confident that my email is more secure than I could make it. Oh, and far better spam filtering. I suspect it's much better defended against legal process, too.
My email does get scanned to target advertising to me, but I don't care about that.
Also true, but not as important. If people have gained access to my home, the security of my email is perhaps the least of my security problems.
Maybe... looking only at money, I have a lot more of it in my bank and brokerage accounts than is in movable form in my house (the house itself is worth more, but hard to steal), and compromising my email would probably net a clever attacker access to that money. I should mention that my personal email account is on a personal domain hosted by Google, i.e. Gmail. I use hardware tokens for authentication most of the time, though I do also have the Authenticator app set up. SMS auth is turned *off*.
Regarding personal safety, I agree that if someone is in my house I have much bigger worries than email security. Though I generally have a gun in my pocket.
Although it would still be a pain (but certainly possible) to subvert. My basic assumption with my security measures is that all machines and networks, inside and out, are already subverted -- so I don't trust anything just because it's sitting on my side of the firewall.
Very good assumption! With constant scrutiny you can minimize that risk, but that's really not practical without a large, dedicated security team. Which, as it happens, Google has:P
Exactly. Google is allegedly making it safer by keeping everyone from reading it - except themselves, of course.
Allegedly?
You're not thinking this through. Okay, I get that you don't like targeted advertising, and if you use Gmail you are accepting, even embracing, that particular risk. And maybe you don't like that government agencies with proper paperwork can force Google (or any other email provider in the relevant jurisdiction) to hand over your data. But your statement is making about a hundred separate false equivalencies.
An identity thief that hacks your primary email has a good shot at being able to reset your password and gain access to all of your bank accounts, your social media accounts, recover huge amounts of information to enable social engineering attacks against pretty much every organization you do business with, etc. If you're a businessman who uses email to do negotiations with customers or suppliers, or if you're a CEO of a publicly-traded company who uses email to negotiate acquisitions or discuss sensitive internal information, your email account is a treasure trove of exploitable data for insider trading or corporate espionage. If you're a political candidate running for preside... okay, let's not go there.
You get the point. If you have important stuff in your email... and the higher-profile, wealthier, more powerful, etc. you are the more likely it is that you do, there are lots of Very Bad things that people could do if they could get into your email account. For as much as you dislike Google and government agencies, they're not going to do any of those things. Google will show you ads. Government agencies may prosecute you for crimes (which is pretty scary, but there are a lot of other constraints on that).
It's perfectly conceivable that someone could be totally okay with Google seeing their email, and yet still feel the need to secure it from the world at large, and that is what this new authentication option does (to be very precise, this isn't a new authentication option, it's a new option to restrict allowable authentication modes to use only the most secure).
What difference does it make that Google encrypts data in-house?
It helps to ensure that in the event that Google is hacked, your email is not leaked.
Google is doing its users a disservice by making any claims that they can "secure" a fundamentally insecure messaging system.
Google is making no claims about making email "secure" as a system (note that the word "secure" is meaningless without a specified threat model; email can be very well-secured against some sorts of attacks and not at all against others), only about making it much harder for anyone to break into your email account.
Too bad that Google openly brags about providing (AKA selling) this so called "encrypted" information.
Google does not sell user data.
We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
That just says that Google outsources some data processing, but requires the organizations that do it to comply with all of the Google policies.
AIU, the whole point of developing Gmail was to give Google access to the contents of your mail for advertising/profiling purposes. If that's still done, the encryption is mostly pointless.
Only if you believe the point of the encryption is to prevent targeted advertising.
Otherwise, the keyword extraction and analysis can be done as the email comes in. Or it can be done dynamically as the email is retrieved and decrypted for display. I suspect the latter is what Gmail does, though I don't know for sure.
The point of encryption of data at rest is so that if someone breaks in and gains access to the data store they get nothing useful. Instead, a deeper and more sophisticated compromise of the key management system is required. In good architectures (and Google's is very good) key management systems are isolated and very well-hardened, keys are released on an as-needed basis, and only upon presentation of appropriate credentials. This doesn't guarantee that the data is completely unhackable, but it raises the bar considerably.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems.
Yes, that's why it's an incomplete solution -- but better than what Google is offering here. If the mail is encrypted at rest, that eliminates quite a lot of risk.
Well, Google does encrypt your email (and everything else) at rest. Fundamentally, though, either you trust your email provider not to read your email or you encrypt everything before it gets to them.
What provider do you use?
I run my own mailserver, but I do know there are multiple viable options if you want a third party solution.
The reason I asked is because I wanted to point out all the ways in which those third-party solutions don't meet your requirements.:-)
Running your own mail server does, assuming you can secure it adequately, which is much harder than it appears. In particular, there is no way that your mail server has anything remotely like the level of physical security that Gmail servers do. (Obviously I'm talking about different threat models again)
And you have what evidence for this? Unless you actually work at Google in a fairly technically privileged position you would have no way to know if they do or do not have backdoor access under any definition of the term you care to use.
I do work for Google, in security. And I don't have to be in a "privileged" position to know that. The internal architecture is such that providing such a backdoor would require willing collusion by multiple teams, and I know many of the people who would have to be involved. (Aside: I really, really wish that Google would publish details of its internal architecture for securing user data and controlling and auditing access to it. It is really good, innovative and beautifully paranoid. Far better than anything I've seen in my long and wide-ranging career.)
That means nothing to you of course. Just the word of some random guy on on the Internet who may be lying about working for Google, and could possibly even be lying about what Google does, since obviously he has a vested interest.
What might mean more is Google's public, legally-binding, statements to that effect, including statements by it's chief legal counsel. Should those turn out to be false, Google would be in violation of various federal regulations, including SEC and FTC regulations. I think it would also constitute a violation of Google's FTC consent decree.
(Note that IANAL, I'm a programmer. My assertions about legal issues should not be trusted. Do your own research.)
No, Google MIGHT refuse at their discretion. You have no way to be certain of their behavior and you should adjust your own behavior accordingly.
Sure. What I do know is that Google does often refuse, and that Google's lawyers claim to be extremely picky about validating requests. I'm clearly not privy to the details. I guess one other thing we know is that no one has complained publicly about Google disclosing data that they were not legally required to. With NSLs that's more or less impossible, but with traditional subpoenas and warrants it's totally possible. I don't think there would be any way to argue that evidence gathered through improper disclosure would be inadmissible in court, but they could definitely make a public stink about it and make Google look bad. That has not happened.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
But then there's this. So how, exactly, do you interpret the phrase? I know that's old news, but if they developed something new it's not as if they would tell us.
It appears that at that time the NSA was collecting data by tapping communications between Google data centers. Google responded by encrypting all of those links.
You can't use this the dongle described in the post without Google's apps.
Hmm. Probably true... though not certainly true. As I understand it, the protocols are open and standardized, so it should be possible to write, say, a Thunderbird plugin to do it.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
PRISM wasn't exactly a backdoor either, but it was effectively.
It's not clear exactly what PRISM was or wasn't. But it appears that the NSA was tapping connections between Google data centers to gather data, and exposing that through PRISM. Google responded by encrypting all of those connections.
NSLs provide access to metadata only, not content
Do you have a source for that? NSL's, generically, have no such inherent limitation (cf. Lavabit). is Google under an NSL to transmit all metadata to the US Government? This sounds like news.
Not news at all. This restriction has been in place since the original PATRIOT Act. What the law actually says is that NSLs are limited to "non-content" information. The best reference is the law itself, but it's scattered across multiple sections. I recommend starting with the Wikipedia article and you can chase down the specific language from there if you like.
The final order in the Lavabit case requiring disclosure of the keys -- and thereby giving access to everything -- had nothing to do with an NSL. That was an ordinary court order from a judge who was frustrated with Lavabit's obstructionism.
Of course this brings other problems to the table, being a centralized service, like impersonating the service, or worse, impersonating recipients to that service in order to flag them as encryption-using thus preventing data decription of messages on their end.
Also, loss of your decryption keys, rendering all of your email inaccessible forever.
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems. What provider do you use?
Without encryption on server and with law enforcement having backdoor access to Gmail, etc., this is meaningless.
Actually, Google does encrypt all of the email (and all other user data) on its servers, and even in-transit between servers in Google data centers, as well as in-transit between Google servers and your browser and (if supported by the other end) in transit between Google servers and non-Google email servers. Google encrypts all the things, all the time.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase. What law enforcement does have is search warrants, subpoenas and national security letters (though NSLs provide access to metadata only, not content -- not that metadata isn't very valuable). If law enforcement or other authorized agents of the courts present a valid and duly authorized document which legally compels Google to hand over your data, Google will hand over your data. If it's not correctly executed, is overly broad or has some other legal defect, Google will refuse.
If you don't like that warrants, subpoenas and NSLs can be used to access your data, either move it to a jurisdiction not subject to such rules, or take it up with your political representatives. Or switch from email to a communication protocol that was designed with end-to-end security in mind, with all of the limitations that entails (mostly, that you will have a hard time keeping old messages for a long time... and if it's really easy to use, chances are god that implies there is some entity playing a trusted role which could defeat the security).
So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?
Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".
Meh.
"Secure" is a word that is meaningless without a threat model. It's often clear what the threat model is, so we often don't state it (and we often don't state it when it isn't clear). In this case, Google is talking about one threat model (security against unauthorized third parties gaining access to your email) and you're interpreting the statement in the context of another threat model (security against access by Google itself).
Also, it's worth noting that you probably don't actually want the thing you're asking for. If your mail provider has no access to the keys used to encrypt your emails then that means that you must have those keys. That's very nice for security, but it means that you have to be extremely careful never to lose those keys, while also being extremely careful never to leak those keys. Key management is hard.
If you do want that characteristic, you can get it with Gmail, though not through the Gmail web UI. You need to use another email client and use S/MIME or PGP mail. Of course, you need to get the people you correspond with to do this as well.
At some point in the future, you will probably be able use Google's E2Email Chrome extension, which implements OpenPGP secure email for Gmail. It's progressing very slowly, though, and is still labeled as "experimental, use only for testing". And even when it's fully usable, you'll still have to get all of the people you exchange email with to use it. That's the real obstacle to secure-from-the-provider email. Because unless you do that, every email you receive arrives at the provider in plaintext. That's how email works.
"Hey I found a flaw in your OS. I am also telling shittons of other people about it. Please respect my embargo and not fix it for 6 months. ok thanks"
Yep.
The alternative is "Hey I found a flaw in your OS six months ago and told shittons of other people about it. I'm publishing it tomorrow. I didn't tell you earlier because you don't honor embargoes."
well I do love how OpenBSD already fixed this months ago
The discoverer didn't love it. In fact, in the Q&A on his web site he says: "To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo."
If OpenBSD doesn't honor embargoes, OpenBSD will not be informed of vulnerabilities until shortly before the public release. Hopefully, researchers are able to accurately guess how long it will take OpenBSD to release a fix. If they find guessing accurately to be too hard, they'll just have to be conservative -- possibly not giving OpenBSD any advance notice at all.
It seems as if I was a bad guy, I would keep an unpatched device handy to do bad deeds and there's nothing anyone can do to stop me?
Having your own unpatched device would just allow you to break the security of the connection between your unpatched device and the AP. What you want is to break into the connection between someone else's device and the AP. If that other device is patched you can't do it.
Note that patching of APs isn't necessary unless the AP in question also acts as a client. So repeaters and mesh network nodes needs to be patched.
Has nobody seen Home Alone 2? Using electricity to process a CC purchase is relatively new. This is a solved problem.
https://www.youtube.com/watch?...
The problem is not with credit cards, but incompetent cashiers and owners who cannot handle changing situations.
Most retailers don't have those old zip zap machines any more... and many credit cards no longer have the embossing to make them work.
Not if you reload. Anyone who reloads much ends up with supplies on hand for thousands of rounds of ammunition, just because that's the economical way to buy components. Primers come in boxes of 1000, typically, and powder in one-pound cans. And it's cheaper (per unit) to buy 10K primers and 10 pounds of powder.
Also, I teach rifle classes so it's not uncommon for me to go through a thousand rounds of.22LR in a weekend. For that reason, I tend to keep ~10K rounds in stock, buying in bulk whenever I can find a good price. 9mm for pistol classes is a similar story, though the on-hand supply is closer to 2K rounds. I typically only have a few hundred rounds for the hunting rifles... but could reload thousands.
So, assuming judicious use, my ammunition would easily last decades.
That's why gold doubloon is king, always has been, always will be.
Nah. If you're planning for the collapse of civilisation - even temporary - bottled water, canned food, gasoline etc, are king. When the lights go out, gold will suffer just as much from superinflation as anything, but a can of beans will always be worth a day's food.
In a temporary situation, one where people know that things will be back to normal quickly, having cash is useful for exactly the same reason money is useful in general: It's an all-purpose medium of exchange.
I try to stay fairly well-prepared for disasters. I have water, food, fuel (gasoline and diesel), solar panels on my camp trailer with batteries and a big inverter. I have a good-sized generator. I have tools that could be useful, including a chainsaw, an ATV, a tractor with a front end loader, etc. I have guns. And I have cash. Not a huge quantity, but a few thousand dollars in bills of various denominations, especially small ones.
Out of all of those things, I actually found cash among the most useful when my neighborhood was isolated by flood waters a few years ago (when I lived in Colorado). The grocery store nearby was unable to take delivery of new goods, and when the power was out was unable to accept credit card payments, but they were happy to take cash for whatever they had on the shelves. I mostly gave my cash to neighbors who didn't have the food storage that I did, but we bought a few things as well.
All in all, I'd say cash was the second most-useful thing I had in that situation. I had food, but if I hadn't had it, I could have gotten it with cash. The most useful thing I had was a gravity-fed water purification system. The city water supply was still functional in the sense that it delivered water, but it was unsafe to drink because some of the pipes had broken, allowing contaminants into the system. My purification system supplied clean water for my family and a dozen or so neighbors.
Now, I also have two 55-gallon drums full of water in addition to the purification system. Clean water is critical.
A competitive duopoly is much better for consumers than a monopoly.
Well, yes, a duopoly is better than monopoly, but not by very much. If a duopoly is firmly established, then the two tend to start colluding and generally acting together as a monopoly.
If they're colluding, they're not a competitive duopoly.
Slashdot Mirror
compromising my email would probably net a clever attacker access to that money.
This made me do a quick mental inventory -- I don't think I have any emails that would give attackers enough information to drain my accounts -- but my email archives go back nearly two decades, so I can't be sure.
It's not so much about your archives. Old emails are very useful for social engineering -- and looking for "security question" answers -- but the real benefit is that your online accounts generally use your email as proof of identity for password reset.
I should disclose, though, that I've been working in computer security (with an emphasis on network security) for years now, an so I'm more cautious -- or paranoid, if you prefer -- and capable than the average user.
I've been doing security consulting and engineering for 20+ years, and I ran my own mail server -- with a highly paranoid configuration -- for most of that time. After I joined Google and got a look at how Gmail security is set up, I moved my archives into Gmail and not only do I no longer have to put all that time into it, but I'm quite confident that my email is more secure than I could make it. Oh, and far better spam filtering. I suspect it's much better defended against legal process, too.
My email does get scanned to target advertising to me, but I don't care about that.
Also true, but not as important. If people have gained access to my home, the security of my email is perhaps the least of my security problems.
Maybe... looking only at money, I have a lot more of it in my bank and brokerage accounts than is in movable form in my house (the house itself is worth more, but hard to steal), and compromising my email would probably net a clever attacker access to that money. I should mention that my personal email account is on a personal domain hosted by Google, i.e. Gmail. I use hardware tokens for authentication most of the time, though I do also have the Authenticator app set up. SMS auth is turned *off*.
Regarding personal safety, I agree that if someone is in my house I have much bigger worries than email security. Though I generally have a gun in my pocket.
Although it would still be a pain (but certainly possible) to subvert. My basic assumption with my security measures is that all machines and networks, inside and out, are already subverted -- so I don't trust anything just because it's sitting on my side of the firewall.
Very good assumption! With constant scrutiny you can minimize that risk, but that's really not practical without a large, dedicated security team. Which, as it happens, Google has :P
Exactly. Google is allegedly making it safer by keeping everyone from reading it - except themselves, of course.
Allegedly?
You're not thinking this through. Okay, I get that you don't like targeted advertising, and if you use Gmail you are accepting, even embracing, that particular risk. And maybe you don't like that government agencies with proper paperwork can force Google (or any other email provider in the relevant jurisdiction) to hand over your data. But your statement is making about a hundred separate false equivalencies.
An identity thief that hacks your primary email has a good shot at being able to reset your password and gain access to all of your bank accounts, your social media accounts, recover huge amounts of information to enable social engineering attacks against pretty much every organization you do business with, etc. If you're a businessman who uses email to do negotiations with customers or suppliers, or if you're a CEO of a publicly-traded company who uses email to negotiate acquisitions or discuss sensitive internal information, your email account is a treasure trove of exploitable data for insider trading or corporate espionage. If you're a political candidate running for preside... okay, let's not go there.
You get the point. If you have important stuff in your email... and the higher-profile, wealthier, more powerful, etc. you are the more likely it is that you do, there are lots of Very Bad things that people could do if they could get into your email account. For as much as you dislike Google and government agencies, they're not going to do any of those things. Google will show you ads. Government agencies may prosecute you for crimes (which is pretty scary, but there are a lot of other constraints on that).
It's perfectly conceivable that someone could be totally okay with Google seeing their email, and yet still feel the need to secure it from the world at large, and that is what this new authentication option does (to be very precise, this isn't a new authentication option, it's a new option to restrict allowable authentication modes to use only the most secure).
What difference does it make that Google encrypts data in-house?
It helps to ensure that in the event that Google is hacked, your email is not leaked.
Google is doing its users a disservice by making any claims that they can "secure" a fundamentally insecure messaging system.
Google is making no claims about making email "secure" as a system (note that the word "secure" is meaningless without a specified threat model; email can be very well-secured against some sorts of attacks and not at all against others), only about making it much harder for anyone to break into your email account.
Too bad that Google openly brags about providing (AKA selling) this so called "encrypted" information.
Google does not sell user data.
We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
That just says that Google outsources some data processing, but requires the organizations that do it to comply with all of the Google policies.
AIU, the whole point of developing Gmail was to give Google access to the contents of your mail for advertising/profiling purposes. If that's still done, the encryption is mostly pointless.
Only if you believe the point of the encryption is to prevent targeted advertising.
Otherwise, the keyword extraction and analysis can be done as the email comes in. Or it can be done dynamically as the email is retrieved and decrypted for display. I suspect the latter is what Gmail does, though I don't know for sure.
The point of encryption of data at rest is so that if someone breaks in and gains access to the data store they get nothing useful. Instead, a deeper and more sophisticated compromise of the key management system is required. In good architectures (and Google's is very good) key management systems are isolated and very well-hardened, keys are released on an as-needed basis, and only upon presentation of appropriate credentials. This doesn't guarantee that the data is completely unhackable, but it raises the bar considerably.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems.
Yes, that's why it's an incomplete solution -- but better than what Google is offering here. If the mail is encrypted at rest, that eliminates quite a lot of risk.
Well, Google does encrypt your email (and everything else) at rest. Fundamentally, though, either you trust your email provider not to read your email or you encrypt everything before it gets to them.
What provider do you use?
I run my own mailserver, but I do know there are multiple viable options if you want a third party solution.
The reason I asked is because I wanted to point out all the ways in which those third-party solutions don't meet your requirements. :-)
Running your own mail server does, assuming you can secure it adequately, which is much harder than it appears. In particular, there is no way that your mail server has anything remotely like the level of physical security that Gmail servers do. (Obviously I'm talking about different threat models again)
And you have what evidence for this? Unless you actually work at Google in a fairly technically privileged position you would have no way to know if they do or do not have backdoor access under any definition of the term you care to use.
I do work for Google, in security. And I don't have to be in a "privileged" position to know that. The internal architecture is such that providing such a backdoor would require willing collusion by multiple teams, and I know many of the people who would have to be involved. (Aside: I really, really wish that Google would publish details of its internal architecture for securing user data and controlling and auditing access to it. It is really good, innovative and beautifully paranoid. Far better than anything I've seen in my long and wide-ranging career.)
That means nothing to you of course. Just the word of some random guy on on the Internet who may be lying about working for Google, and could possibly even be lying about what Google does, since obviously he has a vested interest.
What might mean more is Google's public, legally-binding, statements to that effect, including statements by it's chief legal counsel. Should those turn out to be false, Google would be in violation of various federal regulations, including SEC and FTC regulations. I think it would also constitute a violation of Google's FTC consent decree.
(Note that IANAL, I'm a programmer. My assertions about legal issues should not be trusted. Do your own research.)
No, Google MIGHT refuse at their discretion. You have no way to be certain of their behavior and you should adjust your own behavior accordingly.
Sure. What I do know is that Google does often refuse, and that Google's lawyers claim to be extremely picky about validating requests. I'm clearly not privy to the details. I guess one other thing we know is that no one has complained publicly about Google disclosing data that they were not legally required to. With NSLs that's more or less impossible, but with traditional subpoenas and warrants it's totally possible. I don't think there would be any way to argue that evidence gathered through improper disclosure would be inadmissible in court, but they could definitely make a public stink about it and make Google look bad. That has not happened.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
But then there's this. So how, exactly, do you interpret the phrase? I know that's old news, but if they developed something new it's not as if they would tell us.
It appears that at that time the NSA was collecting data by tapping communications between Google data centers. Google responded by encrypting all of those links.
You can't use this the dongle described in the post without Google's apps.
Hmm. Probably true... though not certainly true. As I understand it, the protocols are open and standardized, so it should be possible to write, say, a Thunderbird plugin to do it.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
PRISM wasn't exactly a backdoor either, but it was effectively.
It's not clear exactly what PRISM was or wasn't. But it appears that the NSA was tapping connections between Google data centers to gather data, and exposing that through PRISM. Google responded by encrypting all of those connections.
NSLs provide access to metadata only, not content
Do you have a source for that? NSL's, generically, have no such inherent limitation (cf. Lavabit). is Google under an NSL to transmit all metadata to the US Government? This sounds like news.
Not news at all. This restriction has been in place since the original PATRIOT Act. What the law actually says is that NSLs are limited to "non-content" information. The best reference is the law itself, but it's scattered across multiple sections. I recommend starting with the Wikipedia article and you can chase down the specific language from there if you like.
The final order in the Lavabit case requiring disclosure of the keys -- and thereby giving access to everything -- had nothing to do with an NSL. That was an ordinary court order from a judge who was frustrated with Lavabit's obstructionism.
Not just that, but everything requires Google's apps (Chrome, Gmail, etc.), which requires you to let Google track you.
You can use Gmail without any of Google's apps.
Of course this brings other problems to the table, being a centralized service, like impersonating the service, or worse, impersonating recipients to that service in order to flag them as encryption-using thus preventing data decription of messages on their end.
Also, loss of your decryption keys, rendering all of your email inaccessible forever.
Oh, and I forgot the most important part:
None of what you say changes the fact that this change in no way makes GMail "the most secure email provider on the planet".
A claim that I'm fairly certain Google never made.
Or, even easier, use a mail provider that offers end-to-end encryption. That doesn't cover email in transit, but it does cover email at rest.
But still means that you trust your mail provider not to look at your email... because it arrives in plaintext. And that's only one of the problems. What provider do you use?
Mod parent up.
Without encryption on server and with law enforcement having backdoor access to Gmail, etc., this is meaningless.
Actually, Google does encrypt all of the email (and all other user data) on its servers, and even in-transit between servers in Google data centers, as well as in-transit between Google servers and your browser and (if supported by the other end) in transit between Google servers and non-Google email servers. Google encrypts all the things, all the time.
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase. What law enforcement does have is search warrants, subpoenas and national security letters (though NSLs provide access to metadata only, not content -- not that metadata isn't very valuable). If law enforcement or other authorized agents of the courts present a valid and duly authorized document which legally compels Google to hand over your data, Google will hand over your data. If it's not correctly executed, is overly broad or has some other legal defect, Google will refuse.
If you don't like that warrants, subpoenas and NSLs can be used to access your data, either move it to a jurisdiction not subject to such rules, or take it up with your political representatives. Or switch from email to a communication protocol that was designed with end-to-end security in mind, with all of the limitations that entails (mostly, that you will have a hard time keeping old messages for a long time... and if it's really easy to use, chances are god that implies there is some entity playing a trusted role which could defeat the security).
So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?
Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".
Meh.
"Secure" is a word that is meaningless without a threat model. It's often clear what the threat model is, so we often don't state it (and we often don't state it when it isn't clear). In this case, Google is talking about one threat model (security against unauthorized third parties gaining access to your email) and you're interpreting the statement in the context of another threat model (security against access by Google itself).
Also, it's worth noting that you probably don't actually want the thing you're asking for. If your mail provider has no access to the keys used to encrypt your emails then that means that you must have those keys. That's very nice for security, but it means that you have to be extremely careful never to lose those keys, while also being extremely careful never to leak those keys. Key management is hard.
If you do want that characteristic, you can get it with Gmail, though not through the Gmail web UI. You need to use another email client and use S/MIME or PGP mail. Of course, you need to get the people you correspond with to do this as well.
At some point in the future, you will probably be able use Google's E2Email Chrome extension, which implements OpenPGP secure email for Gmail. It's progressing very slowly, though, and is still labeled as "experimental, use only for testing". And even when it's fully usable, you'll still have to get all of the people you exchange email with to use it. That's the real obstacle to secure-from-the-provider email. Because unless you do that, every email you receive arrives at the provider in plaintext. That's how email works.
If OpenBSD doesn't honor embargoes,
"Hey I found a flaw in your OS. I am also telling shittons of other people about it. Please respect my embargo and not fix it for 6 months. ok thanks"
Yep.
The alternative is "Hey I found a flaw in your OS six months ago and told shittons of other people about it. I'm publishing it tomorrow. I didn't tell you earlier because you don't honor embargoes."
well I do love how OpenBSD already fixed this months ago
The discoverer didn't love it. In fact, in the Q&A on his web site he says: "To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo."
If OpenBSD doesn't honor embargoes, OpenBSD will not be informed of vulnerabilities until shortly before the public release. Hopefully, researchers are able to accurately guess how long it will take OpenBSD to release a fix. If they find guessing accurately to be too hard, they'll just have to be conservative -- possibly not giving OpenBSD any advance notice at all.
It seems as if I was a bad guy, I would keep an unpatched device handy to do bad deeds and there's nothing anyone can do to stop me?
Having your own unpatched device would just allow you to break the security of the connection between your unpatched device and the AP. What you want is to break into the connection between someone else's device and the AP. If that other device is patched you can't do it.
Note that patching of APs isn't necessary unless the AP in question also acts as a client. So repeaters and mesh network nodes needs to be patched.
Google seems to have been asleep
https://android-review.googles...
https://android-review.googles...
https://android-review.googles...
https://android-review.googles...
https://android-review.googles...
https://android-review.googles...
https://android-review.googles...
https://android-review.googles...
All of those patches were prepared some time ago, distributed to device makers, and landed in AOSP when the embargo lifted.
Has nobody seen Home Alone 2? Using electricity to process a CC purchase is relatively new. This is a solved problem. https://www.youtube.com/watch?... The problem is not with credit cards, but incompetent cashiers and owners who cannot handle changing situations.
Most retailers don't have those old zip zap machines any more... and many credit cards no longer have the embossing to make them work.
a gun is a very short-term tool for survival
Not if you reload. Anyone who reloads much ends up with supplies on hand for thousands of rounds of ammunition, just because that's the economical way to buy components. Primers come in boxes of 1000, typically, and powder in one-pound cans. And it's cheaper (per unit) to buy 10K primers and 10 pounds of powder.
Also, I teach rifle classes so it's not uncommon for me to go through a thousand rounds of .22LR in a weekend. For that reason, I tend to keep ~10K rounds in stock, buying in bulk whenever I can find a good price. 9mm for pistol classes is a similar story, though the on-hand supply is closer to 2K rounds. I typically only have a few hundred rounds for the hunting rifles... but could reload thousands.
So, assuming judicious use, my ammunition would easily last decades.
That's why gold doubloon is king, always has been, always will be.
Nah. If you're planning for the collapse of civilisation - even temporary - bottled water, canned food, gasoline etc, are king. When the lights go out, gold will suffer just as much from superinflation as anything, but a can of beans will always be worth a day's food.
In a temporary situation, one where people know that things will be back to normal quickly, having cash is useful for exactly the same reason money is useful in general: It's an all-purpose medium of exchange.
I try to stay fairly well-prepared for disasters. I have water, food, fuel (gasoline and diesel), solar panels on my camp trailer with batteries and a big inverter. I have a good-sized generator. I have tools that could be useful, including a chainsaw, an ATV, a tractor with a front end loader, etc. I have guns. And I have cash. Not a huge quantity, but a few thousand dollars in bills of various denominations, especially small ones.
Out of all of those things, I actually found cash among the most useful when my neighborhood was isolated by flood waters a few years ago (when I lived in Colorado). The grocery store nearby was unable to take delivery of new goods, and when the power was out was unable to accept credit card payments, but they were happy to take cash for whatever they had on the shelves. I mostly gave my cash to neighbors who didn't have the food storage that I did, but we bought a few things as well.
All in all, I'd say cash was the second most-useful thing I had in that situation. I had food, but if I hadn't had it, I could have gotten it with cash. The most useful thing I had was a gravity-fed water purification system. The city water supply was still functional in the sense that it delivered water, but it was unsafe to drink because some of the pipes had broken, allowing contaminants into the system. My purification system supplied clean water for my family and a dozen or so neighbors.
Now, I also have two 55-gallon drums full of water in addition to the purification system. Clean water is critical.
A competitive duopoly is much better for consumers than a monopoly.
Well, yes, a duopoly is better than monopoly, but not by very much. If a duopoly is firmly established, then the two tend to start colluding and generally acting together as a monopoly.
If they're colluding, they're not a competitive duopoly.