20 comments

[ 2.7 ms ] story [ 53.1 ms ] thread
Whether I do or don't, they're just going to imprison me until I comply with a judge's order to turn over the password I've forgotten from all the police beatings and solitary confinement I would have been through at the point.

Technical defenses don't work under fascism. Fascists will just physically and insidiously torture their rivals.

Security through obscurity is the only way to be pretty safe, and hopefully you can get some truly powerful political candidates elected that won't sell the populace into fascism, which is what the US is on its way towards. Beware, truly brazen fascist states will assassinate your political leaders of the opposition. See Russia and China for more details

Until then, stay underground!

It seems like "security through obscurity" could only successfully combine with encryption if a critical mass of the population got onboard very quickly. But security-conscious users are just such a minority, even programmers have bad security habits.

Anecdotally, almost everyone I know is using Gmail or Yahoo for email, and has never heard of ProtonMail or Signal. They'd probably mark an email from @protonmail.com as spam...

This is applicable regardless of who's in charge of the national security apparatus.

Not that encryption does much good against the state anyway; they'll just throw you in jail until you give them what they want:

https://arstechnica.com/tech-policy/2017/02/justice-naps-man...

> Not that encryption does much good against the state anyway; they'll just throw you in jail until you give them what they want:

It's clearly not effective against active, targetted collection by the State, for the reason you mention, but, presuming the encryption itself is secure, it's useful against passive, dragnet surveillance by the State.

Is this a problem? I have nothing to hide.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." - Edward Snowden
What's your home address, telephone number, and credit card number?
That's completely irrelevant.
The average American commits ~ three felonies a day by accident. The combination of district,city, county, state, country, and international law that applies to you would probably take a few hundred lifetimes to read.

Let's say, one day you write an article critical of your cities parking ticket policies. The police chief doesn't like it, he implemented the program.

Do you have anything to hide now?

Most people wear clothes when the weather is pleasant. Close the door going to the toilet. They don't share intimate sex details, how much they make, if they have a aids to everybody.

They all hide things on a daily basis.

You might not have anything to hide, but other people do. Their secrets can be used against them for leverage. Those other people could be your representative in congress, your lawyer, your judge, your employer,... Do you see the problem?
I don't get why talking about signal without mentioning that the same exact protocol is used by the (wildly more popular and Facebook owned) WhatsApp. All my family members, even an old uncle, use WhatsApp. Much easier for them, it has some cool feature nonetheless. So, my comms woth basically my whole family and friends is end-to-end encrypted. None of them was proactive in doing this, it just fell on their laps and - above all - there was Zero friction. We should advocate for making encryption default in more and more popular services, instead of writing the n-th guide or op-ed about how we all should use this or that encrypted service for the technically inclined.
WhatsApp has a userbase in the millions, if not billions. It may use the same protocol as Signal (I wasn't aware it does), but its existence is marketed as and understood as that of a messaging app. Signal's identity, in contrast, is predicated upon security. Based on that, along with the fact that Whatsapp is owned by Facebook and so its functionality can be changed by its owners, I would also probably advise acquaintances concerned about privacy to use Signal over Whatsapp.

(Personally, I've been using Threema for E2E encrypted communications with friends who care about privacy enough to not want to use Facebook Messenger or other Facebook-owned platforms.)

I found no where President Trump saying Snowden should be executed. He said "Spies in the old days used to be executed"

https://www.youtube.com/watch?v=_1ABLhi2PnA

Maybe some haters don't see the difference, regardless NY times shouldn't rephrase it, is there another direct source of him saying that on twitter or video?

https://mobile.twitter.com/realdonaldtrump/status/4724477348...

> Snowden is a traitor and a disgrace. Make no mistake, he is no hero. In fact he is a coward who should come back & face justice.

https://mobile.twitter.com/realdonaldtrump/status/3551192663...

> Snowden has given serious information to China and Russia-anyone who thinks otherwise is a dope! He is a traitor who fled-he knew the crime!

https://mobile.twitter.com/realdonaldtrump/status/3956837027...

> ObamaCare is a disaster and Snowden is a spy who should be executed-but if it and he could reveal Obama's records,I might become a major fan

https://mobile.twitter.com/realdonaldtrump/status/4573149344...

> Snowden is a spy who has caused great damage to the U.S. A spy in the old days, when our country was respected and strong, would be executed

Maybe the 'haters' have a point on this one?

Damn that 2013 tweet he really did call for Snowden's execution, I actually think hes a hero.
Government snooping (and, generally, privacy concerns) date back to at least Obama's presidency.

I always assumed that someone would be able to access my Gmail account if they really wanted to, but didn't really care - data mine my emails to deliver more targeted ads that I ignore as easily as the others, fine by me, I thought. However, I came across [0]; whether this story is true or not, it is plausible, and that has made me want to move off of Gmail.

I still use my old Gmail account for ordinary interactions which I do not feel are sensitive and whose reading by a third party would not bother me. For sensitive material, I have moved to ProtonMail [1], a privacy-first email service based in Switzerland and therefore subject to Switzerland's privacy laws, which I use with a custom domain registered under the Cayman Islands TLD. I have moved my cloud file storage from USA owned companies to a VPS hosted in Germany and therefore subject to its data privacy laws. The last step that I haven't taken is to set up a VPN on that VPS, or alternatively purchase a VPN service from a country with good privacy laws.

Overall, I am pretty happy with my shift; I do not feel that I have given anything up and feel reasonably confident that I have the privacy I want for things I want to be private.

[0] https://wikileaks.org/google-is-not-what-it-seems/

[1] https://protonmail.com/

> Government snooping (and, generally, privacy concerns) date back to at least Obama's presidency.

In a similar way to how 500 is at least 7, yeah.

To elaborate, "government snooping (and, generally, privacy concerns" date back before the founding of the US. Specific concerns around bulk electronic collection date back at least to the 70s, when concerns were raised over bulk collection of telegrams - a program ("SHAMROCK") dating back to the 40s.

Concerns about email in particular were a thing in the Clinton administration (e.g., see "Carnivore").

I understand the impulse to say "but the other side does it!" And that's not wrong, per se. But it misses the point.

And what's new about Trump is not that he's engaging in more surveillance - I have no reason to believe that he is. What's new is that he's so very deeply distrusted by such a wide swath of the population.

(comment deleted)
If you're using chrome, a strong recommendation for CryptUp: https://cryptup.org/ <- which does seamless gmail integration for pgp, compatible with all major external keyservers & other email encryption apps; without disclosing your keys to Google (or any third-party), or breaking your workflow.