Nowadays is GPG/PGP-ing your emails really that hard? Thunderbird supports GPG on all platforms, Apple's default Mail works with PGP/GPG, I'm sure there are plenty of windows clients that do the same. In additional, online providers like Hush are bringing PGP to the masses without them having to know what in fucks name it is.
Even if you don't encrypt every mail you send, signing is a good idea. Is it unnecessary in many circumstances? Yes, but at least I find it nice to be able to verify authenticity. I don't understand why my bank (Wells Fargo) can't figure out how to sign all their emails [1].
Yes, they can sign some emails...but it requires someone inside WF "sponsor" you to be added to their PKI and it still won't lead to signed or even encrypted emails for online banking. WF is also particularly egregious in not offering real 2FA...they count a username AND a password as "two factor authentication". sigh
GPG support is actually one of the very big things that has kept me using KMail even with Akonadi's rather poor support for POP3 w/ filtering. Being able to expand that web of trust even to businesses and among the tech-savvy would be wonderful, if only to increase awareness of the idea that things which need to be secret from unintended viewers (including, but not limited to, the NSA) need to be encrypted.
I don't need extensions with Kontact, it's built-in. Also I still use Akregator and the organizer/calendaring.
What I'll probably do is to switch my damn email over to IMAP at some point, apparently that's what the kdepim devs are all using... but I don't want to have to fix all my filters, and then I would have to use fetchmail and run dovecot or similar to have my email on my own computer.
"Nowadays is GPG/PGP-ing your emails really that hard?"
Try convincing people to not use webmail and accept the fact that they cannot just check mail on whatever random computer they come across. I speak from experience: this is the biggest hurdle.
Have them use Hush, or any number of the in-browser GPG/PGP extensions that will encrypt your gmail then! At least their webmail is encrypted then (and Hush integrates with most of the notable PKI servers). You have to start them somewhere, just lamenting about it isn't going to change anything. I've moved my family and friends into GPG over the lsat few years and now I receive GPG-encrypted mail more often than not.
Browser plugins are good, but they do not solve the problem most people have complained about to me: that they cannot check their mail on their friend's computers, at the library, etc. Hushmail is snake oil, I would not recommend it to anyone and I doubt that it is even relevant to the problem at hand (how to communicate privately in a world of NSLs).
Set-up can be daunting, but I always found that entering one's password every time a new mail comes in is unbearable. They should highlight that the pgp password timeout can be changed to something less intrusive.
The default timeout, at least for gpg, is 3600sec (1 hour) which should be more than enough for the majority of people's emailing habits (Sitting down and checking / emailing once or twice a day). Recently setup has become super easy[1], especially on the OSX or *nix side of things. OSX probably has the easiest flow, all you have to do is install one thing[2] and you're off. It will walk you through everything[3] and it supports the built in Mail.app.
>When you run GPG Keychain Access for the first time, the window will be empty or contain only the GPGTools Project Key (delivered via the GPGTools Installer).
>If you don't have a private key, you'll be prompted to create a new key pair.
I think most people respond to their mails pretty much as they come in. I'd add that in corporate settings a norm of near immediate response has developed. I've set my timeout at 9999sec -- mutt throws in an error if I add a digit.
I don't use OSX, but can you comment on how easy key exchange is nowadays?
I have to admit that I have it set up and ready to roll, but pretty much no one I know is willing to take the plunge.
>I think most people respond to their mails pretty much as they come in
Maybe when at work, but at home most people (Especially of the older generation) seem to check their email a few times a day.
Corporate users should never be using webmail on their work computer...If they're MS Exchange based, they should be using Outlook and their exchange policy should allow (and prefer) S/MIME. There are a variety of plugins for Outlook that support GPG and S/MIME is already signed and encrypted.
Pubkey's should always be make available through the existing online PKI services. I personally send all my keys through pgp.mit.edu to be mirrored world-wide. Key-exchange (For High to Ultimate trust scenarios) is simple and easy. Send someone your pubkey by signing it with their pubkey and email it in a signed email (with signed attachments) to them. Have them do the reverse.
> they count a username AND a password as "two factor authentication"
I was so flabbergasted by that I had to look it up and it seems like you're wrong. This page[0] describes a feature called Advanced Access that sends a code to your phone whenever you do certain actions on the website.
That's only for things like online money transfers, and not account related. They maybe have pulled the particular document I'm referring to, but at one point they had the same / similar text to what Schneier quotes.
Encrypting email would only make sense if both sides are equally encrypting it.
If you're using the most paranoidal encryption, but your email buddy does not - than it's all just plain silly.
But even then if Joe and Bill suddenly got smarty-pants and started encrypting their communication - NSA would get suspicious and will find out what you guys are up to via other channels.
"The best way to hide information - is to convince others that it does not exists"
--Me
I wouldn't be so sure. Snowden was hinting at the NSA having the mechanism to break encryption. I lost the exact quote, but it was a direct response to the suggestion that we encrypt everything, and was something along the lines of, "you wouldn't even believe what the NSA is really capable of - it's scary."
Even if they don't have the means to get around encryption, you still aren't fully secure. What if you have a keylogger installed on your machine? What if the hardware itself has been designed to aid the NSA? Intel, after all, is one of their regular collaborators.
If NSA can break modern crypto (especially if they can do it in real time) then it is a secret at least as big as Ultra/Magic and the NSA wouldn't ever dare to use anything they found on you this way, even if it was the only way to prevent another 9/11.
If this becomes popular (easy-to-use bundled software is a must), knowledge about whenever one uses Tor or I2P would be as useful as knowledge that the person in question uses the Internet.
> But even then if Joe and Bill suddenly got smarty-pants and started encrypting their communication - NSA would get suspicious and will find out what you guys are up to via other channels.
Unless everyone used encrypted email.
And the only way to achieve that is to make it really easy to use, i.e. to have a zero user interface, so the program automatically encrypts it on the way out and automatically decrypts it on the way in. Key distribution can be handled by putting the public key in the header.
The only drawback is this is vulnerable to man-in-the-middle attacks.
Are there any heavily supported projects that seek to replace email as we know it with a 'secure by default' implementation?
I.e. One that keeps the decentralized simplicity of email as it is today, whilst both securing it and removing the negatives, such as spam?
If Microsoft, Yahoo and Google got together they could flesh this out, and as long as the specifications were open and license free, then other third parties would start to develop SecMail servers.
None that I'm aware of, and IMO none is likely to be launched any time soon.
Email is open and license-free, only because it was invented back in the days when not even Richard Stallman saw any need for free software. If email were reinvented today, you'd end up with something very different. It would be copyrighted, patented, and supported by corporations who have strong financial incentives to keep it locked into their proprietary platforms.
The only company that I can think of who might have a chance of success at producing an open and license-free reinvention of email is Mozilla, but they don't seem to be particularly interested in email nowadays. Thunderbird has been stuck at version 17 for ages.
Only one webmail provider would need to deploy PGP-by-default to start the ball rolling. The system is currently in a dynamically stable (extremely) insecure state. Starting widescale adoption of PGP would disrupt the state of the market and, perhaps, lead to an escalation of deployment security.
How is PGP not a solution here? You are (a) using the email system, (b) your messages are privacy, and (c) your mail client will perform spam filtering. If you need to hide who you are communicating with, there are anonymous remailers, or you can broadcast your encrypted messages over Usenet.
Really, these problems were already solved a long time ago, but people thought it was just paranoid to even suggest that the solutions were necessary.
Explain PGP to my old mum. It has to be a seamless replacement, without barriers to entry. PGP is certainly not easy for anyone, and that's the problem. It also depends on the receiver and sender having the same technical knowledge. Again not seamless.
"PGP is certainly not easy for anyone, and that's the problem"
I have managed to explain it to people with no technical background, and they were able to use it within a day. It is really not that complicated. Most people give up on it not because of the difficulty of using it, but because they want to be able to read their email from whatever random computer they happen to find lying around. Smartcards are part of the solution, but you would need browser support (yeah, I am looking at you Mozilla) and the willingness to buy them.
The wrong approach is to assume that everyone is completely stupid and absolutely helpless. People in general lack knowledge about computers; they does not mean that they cannot be taught something new.
Meta Comment: Considering that Ars is mining their forum database and pissing off members/subscribers to post tabloid-style shaming articles about the NSA whistleblower, I believe the first step in privacy is to avoid visiting their web site ever again.
That may be, but really... privacy is dead. It is pretty much impossible to not be outed out on every last forum you used to participate in when the whole world has an eye on you. If Ars hadn't done it, someone would have put the pieces together.
In this day and age, to ensure 100% privacy you have to _really_ go out of your way. It's difficult for cypherpunks to pull it off, let alone normal users.
Yep, they're still rather vulnerable. I guess their approach would stop a dumb MitM which just replaces any .exe download. It also protects against the download server being compromised, assuming the original server is fine and your connection is clean.
The best way is to check the signature, but that requires GPG in the first place (and trust on the key remains hairy). At least they could serve the site with HTTPS (GPGTools does this right).
We are now using S/mime and in today's Apple+Thunderbird products it's completely built-in and pain-free. Set it up once and after that all emails get encrypted automatically, you don't even need to press a button. Provided of course that You were able to convince your colleagues to invest those 10 minutes to set it up as well.
PGP Was painful because every Mail.app update broke it, not sure about the current state-of-the-art there. But the whole point should be: it is not much of an annoyance anymore! Zero annoyance after installation, Works even on your iPhone etc.
How would you feel if your hacker news posts over the years were trolled into a very personal post about you on hacker news, done by a hacker news employee? The whole thing is creepy.
I'm sorry, but since when has quoting what someone publicly said been a "hatchet job"? 90% of it is quotes of what Snowden said, there's very little commentary. As the article pointed out, his identity on Ars Forums was already outed by Buzzfeed.
The term you're looking for is "quote mining". If you take only the most opinionated parts from a large enough corpus, you can make almost anyone seem like an obsessive radical. It's all the more dishonest for that it claims honesty on the basis of technical truth.
(I challenge anyone investigating my past to include this tidbit :)
I'm surprised more people haven't read between the lines: the NSA is in possession of quantum computers and interference based decryption is probably already in standard use. Insiders also have dropped hints the Tor networks is, in fact, a trojan horse. We basically have two * extreme * options: 1) a trusted courier with a sealed envelope (don't underestimate this Game of Thrones like scenario as the US Military defeated itself in the largest wargame in the gulf by using courier, sealed envelopes, and motorbikes) and 2) quantum cryptographic communication. The latter is still only the realm of university labs and down at LANL but I read a paper which stated it's physically possible to pass keys along ethernet cable, but all parties need a device which acts as a gate. This in turn opens up Alice and Bob to traditional decryption methods if they're not air gapped from the web.
Ah, thank you for sharing this. I agree it's unlikely but given some of the * cough * political events as of late it seems more and more likely. Taking off my aluminum foil hat now...
It doesn't seem improbable that the NSA are already recording encrypted communications because they are cheap to store and and have a reasonable chance of being broken in the future. They don't even need to break the algorithm for that data to become useful.
In particular SSL encrypted web traffic of sites they suspect they might physically raid (or have cooperation with) in future seem like an excellent target. Although hopefully the increasing awareness and deployment of perfect forward secrecy should help with that attack.
It's very unlikely. Just look at who they are hiring, still mostly mathematicians. Quantum computing is mostly physics, chemistry, and a lot of painstaking engineering.
Unless they are secretly borrowing people hired on at e.g. the DoE, I just don't see it.
Consider that In-Q-Tel, the VC firm whose sole purpose is keeping US intelligence agencies ahead of the game, [1] is one of the primary investors [2] into D-Wave, the first company to create a commercially viable quantum computer. [3]
Google moving to 2048-bit is probably an indicator of what they see as vulnerable.
Because of the current developments int the press this challenge is being viewed in the context of the NSA, but other foreign intelligence services also pose a threat to user data.
Concerning whether Tor networks might or might not be compromised trojan horses:
Reason why it might be: 80% of the Tor Project's $2M annual budget comes from the United States government (says wiki), this perhaps implies that the US gov. has some influence or control over what goes into Tor, and so if there's anyone who knows how to identify Tor users, it's the US gov.
Reason why it might not be: Snowden had Tor stickers on his laptop, that sort of lends credence to the fact that NSA doesn't have it down yet on how to id Tor users and it is still a good and reliable anonymity tool.
You missed the biggest reason why it probably isn't: Tor is Open Source. The chance of any deliberate Trojan Horse being added in such a high profile project is virtually nil.
He was referring to the possibility that the NSA can already crack the underlying encryption algorithms via quantum computing, etc. If that's the case, being open source and correctly implementing the encryption algorithms is moot.
LOL. You offer the presence of stickers on a laptop as proof of anything. What a joke. Perhaps the govt money is because the gov needs cover traffic just like everyone else. Or perhaps the feds have a vested interest in providing a secure comm channel or dissidents in unfriendly countries.
I need to reinstate my moratorium on reading HN prism discussions. I can't wait to tell people:
"Its not the academic literature or availability of the source code that makes me confident in tor's security, its the stickers I saw on a laptop"
Didn't we just see a story posted to HN about how those who believe in one conspiracy theory are likely to believe in others? They make the evidence fit their worldview, not the other way around.
Quantum decryption sounds expensive and time consuming, so they wouldn't be able to apply it to everything. As long as you have something basic going it might be enough deterrent to keep you out of the light. You just need a better bike lock than the other bikes have on the rack. I guess if you're being targeted specifically then there's not much you can do though.
Also, do you have more info about the courier/motorbike thing? It sounds interesting.
Please show me where the hints about Tor being a trojan horse. That is not a challenge, I am really interested. If these allegations are true they represent a serious reputation risk to the EFF.
Okay, so lets assume that the NSA has quantum computers that can decrypt RSA and ECC with ease. They would have to assume another state funded effort by someone like China could do so as well. Then the NSA wouldn't issue recommendations that the US Government itself use these encryption methods for TOP SECRET and CONFIDENTIAL documents.
The military exercise in the gulf that you mention is the near-equivalent of what Kirk did in the Kobayashi Maru scenario, so I'd be careful with how much you draw from that inference. There are certainly lessons to learn, don't get me wrong, but unless you have the details on the war game and the training to understand what happened and why then you're guessing just as much as anyone else is.
Besides, the government can easily get human informants; there's no such thing as a truly trusted courier system.
I think it not outside the realm of realistic to imagine that the NSA has the ability to break all/nearly all encrypted data with ease. I mean, I have had quite a few friends with PhD level mathematics degrees hired by the NSA. Haven't heard from them in a while, but I can guess at the reasons behind hiring people like them.
Basically I would say the question isn't if we should encrypt e-mail (I think we should in general, regardless of NSA spying), but instead what encryption methods (if any) exist that would be beyond the capabilities of the NSA to easily break.
I am not sure if such system existed in the past or if I read about it in some sci-fi book, but it worked as follows:
You generated your key pair. In (almost) every country in almost every city there were “key signers” (basically trusted members of the PGP community). You met with them and they verified your identity and signed your public key. You needed to visit couple of them to get enough signatures to obtain certain level of trust in the PGP community. Once your level of trust was high enough you could start signing keys of other people. Too good to be true I guess…..
As far as I know, that's pretty much how it used to happen. I do believe there even used to be things called 'key signing parties' which was just a way to get a heap of people to do it en masse. Not to be confused with simply a 'key party', though, I presume.
joey@gnu:~>gpg --recv-keys 2512E3C7
gpg: requesting key 2512E3C7 from hkp server pool.sks- keyservers.net
gpg: key 2512E3C7: "Joey Hess <joeyh@debian.org>" 24 new signatures
gpg: Total number processed: 1
gpg: new signatures: 24
KSP's still seem to be alive and well. I'm sure the NSA has long since pulled in this info about the people I met and signed keys with at Linux Conf Australia this winter. (Of course I Have Nothing To Hide.)
If you're using any Linux distribution, there is certainly use of the web of trust at many points in the development, build, and delivery chain of its software.
Why do you even want to keep the NSA away? I am more worried about companies such as Intelius than the NSA.
Private companies such as Intelius are posting my personal information on the internet.
Anyone who knows my real name can search the internet and find out where I work, my home address, my spouse's name, my home phone number and my age. I didn't put any of this information on the internet, in fact I don't even have a facebook account. Private companies collected and aggregated this information and put it on the internet. Some of the information came from public records (for example, home address from property ownership records), but some was very private (such as my home phone number, which is not even in my name and rarely given out). This is a huge violation of privacy and I have no way of stopping it. Anyone that wants to harm me can find out where I live with a few clicks of the mouse.
I am not worried about the government spying on me. I am very worried about these for-profit businesses spying on me and outing my information on the internet. Why isn't arstechnica writing stories about that instead?
>I am not worried about the government spying on me. I am very worried about these for-profit businesses spying on me and outing my information on the internet. Why isn't arstechnica writing stories about that instead?
You have the right to a private conversation. You don't have the right to a secret existence. Directory information (like a phone number) is not that private because there's nothing anyone can really do with it besides call you. We don't really recognize a right not to be called. Your phone records, however, lead to information about your friends, lovers, and business dealings. Exposure of that information is a much bigger deal to most people than the mere fact that they exist.
How is encryption a short-term solution? We want to be able to communicate privately, without having to trust Google or Facebook to respect our privacy or protect us from external threats. The answer is to encrypt our communications. In the case of social networking, we probably need something more sophisticated than just public-key encryption, but researchers are already presenting solutions:
If the government will not respect our privacy -- and frankly, there is no reason to believe they will -- then we need to take matters into our own hands. We need to use cryptography to protect our privacy, so that no matter who comes into power we can communicate privately. That is a long-term solution, one that outlasts the government.
PGP is useful, but pointless on a system that may be compromised/backdoored at any time (e.g. Windows, iOS, Android ... ). So the first - and possibly most annoying - step would be to install a secure OS.
95 comments
[ 4.7 ms ] story [ 170 ms ] threadEven if you don't encrypt every mail you send, signing is a good idea. Is it unnecessary in many circumstances? Yes, but at least I find it nice to be able to verify authenticity. I don't understand why my bank (Wells Fargo) can't figure out how to sign all their emails [1].
______
1: https://www.wellsfargo.com/downloads/pdf/com/cps/Secure_Emai...
Yes, they can sign some emails...but it requires someone inside WF "sponsor" you to be added to their PKI and it still won't lead to signed or even encrypted emails for online banking. WF is also particularly egregious in not offering real 2FA...they count a username AND a password as "two factor authentication". sigh
What I'll probably do is to switch my damn email over to IMAP at some point, apparently that's what the kdepim devs are all using... but I don't want to have to fix all my filters, and then I would have to use fetchmail and run dovecot or similar to have my email on my own computer.
Try convincing people to not use webmail and accept the fact that they cannot just check mail on whatever random computer they come across. I speak from experience: this is the biggest hurdle.
Two issues with this method are that TOR is 80% funded by the us government, using a computer opens you to backdoors.
But at least that's a good start.
I haven't tried it but if anyone here has, now would be an awesome time to tell us how it went.
_________
1: http://www.gnupg.org/related_software/frontends.html
2: https://gpgtools.org/
3: http://support.gpgtools.org/kb/how-to/first-steps-where-do-i...
>When you run GPG Keychain Access for the first time, the window will be empty or contain only the GPGTools Project Key (delivered via the GPGTools Installer).
>If you don't have a private key, you'll be prompted to create a new key pair.
I don't use OSX, but can you comment on how easy key exchange is nowadays?
I have to admit that I have it set up and ready to roll, but pretty much no one I know is willing to take the plunge.
Maybe when at work, but at home most people (Especially of the older generation) seem to check their email a few times a day.
Corporate users should never be using webmail on their work computer...If they're MS Exchange based, they should be using Outlook and their exchange policy should allow (and prefer) S/MIME. There are a variety of plugins for Outlook that support GPG and S/MIME is already signed and encrypted.
Pubkey's should always be make available through the existing online PKI services. I personally send all my keys through pgp.mit.edu to be mirrored world-wide. Key-exchange (For High to Ultimate trust scenarios) is simple and easy. Send someone your pubkey by signing it with their pubkey and email it in a signed email (with signed attachments) to them. Have them do the reverse.
I was so flabbergasted by that I had to look it up and it seems like you're wrong. This page[0] describes a feature called Advanced Access that sends a code to your phone whenever you do certain actions on the website.
[0] https://www.wellsfargo.com/privacy_security/online/advanceda...
https://www.schneier.com/blog/archives/2007/04/bank_botches_...
But even then if Joe and Bill suddenly got smarty-pants and started encrypting their communication - NSA would get suspicious and will find out what you guys are up to via other channels.
"The best way to hide information - is to convince others that it does not exists" --Me
Then NSA does not know who is communicating and NSA does not know what they are talking about.
Problem solved.
I wouldn't be so sure. Snowden was hinting at the NSA having the mechanism to break encryption. I lost the exact quote, but it was a direct response to the suggestion that we encrypt everything, and was something along the lines of, "you wouldn't even believe what the NSA is really capable of - it's scary."
Even if they don't have the means to get around encryption, you still aren't fully secure. What if you have a keylogger installed on your machine? What if the hardware itself has been designed to aid the NSA? Intel, after all, is one of their regular collaborators.
It is complicated to explain to your family that they should make their emails a jumbled mess, however...
Unless everyone used encrypted email.
And the only way to achieve that is to make it really easy to use, i.e. to have a zero user interface, so the program automatically encrypts it on the way out and automatically decrypts it on the way in. Key distribution can be handled by putting the public key in the header.
The only drawback is this is vulnerable to man-in-the-middle attacks.
https://grepular.com/Automatically_Encrypting_all_Incoming_E...
I.e. One that keeps the decentralized simplicity of email as it is today, whilst both securing it and removing the negatives, such as spam?
If Microsoft, Yahoo and Google got together they could flesh this out, and as long as the specifications were open and license free, then other third parties would start to develop SecMail servers.
Email is open and license-free, only because it was invented back in the days when not even Richard Stallman saw any need for free software. If email were reinvented today, you'd end up with something very different. It would be copyrighted, patented, and supported by corporations who have strong financial incentives to keep it locked into their proprietary platforms.
The only company that I can think of who might have a chance of success at producing an open and license-free reinvention of email is Mozilla, but they don't seem to be particularly interested in email nowadays. Thunderbird has been stuck at version 17 for ages.
Really, these problems were already solved a long time ago, but people thought it was just paranoid to even suggest that the solutions were necessary.
I have managed to explain it to people with no technical background, and they were able to use it within a day. It is really not that complicated. Most people give up on it not because of the difficulty of using it, but because they want to be able to read their email from whatever random computer they happen to find lying around. Smartcards are part of the solution, but you would need browser support (yeah, I am looking at you Mozilla) and the willingness to buy them.
The wrong approach is to assume that everyone is completely stupid and absolutely helpless. People in general lack knowledge about computers; they does not mean that they cannot be taught something new.
In this day and age, to ensure 100% privacy you have to _really_ go out of your way. It's difficult for cypherpunks to pull it off, let alone normal users.
I wonder if I can add it to my LinkedIn profile?
Surely if you're worried about the integrity of the file you should also be worried about the integrity of the source website also?
The best way is to check the signature, but that requires GPG in the first place (and trust on the key remains hairy). At least they could serve the site with HTTPS (GPGTools does this right).
http://arstechnica.com/author/joe-mullin-2/
How would you feel if your hacker news posts over the years were trolled into a very personal post about you on hacker news, done by a hacker news employee? The whole thing is creepy.
(I challenge anyone investigating my past to include this tidbit :)
For some example algorithms that are not vulnerable to quantum computers, see: http://en.wikipedia.org/wiki/Post-quantum_cryptography
Also, it would be quite remarkable if the NSA had quantum computers capable of breaking 2048 RSA or PGP keys. Possible, but extremely unlikely.
It doesn't seem improbable that the NSA are already recording encrypted communications because they are cheap to store and and have a reasonable chance of being broken in the future. They don't even need to break the algorithm for that data to become useful.
In particular SSL encrypted web traffic of sites they suspect they might physically raid (or have cooperation with) in future seem like an excellent target. Although hopefully the increasing awareness and deployment of perfect forward secrecy should help with that attack.
Not the other way round.
Unless they are secretly borrowing people hired on at e.g. the DoE, I just don't see it.
[1] http://en.wikipedia.org/wiki/In-Q-Tel
[2] http://www.dwavesys.com/en/pressreleases.html#investment_201...
[3] http://en.wikipedia.org/wiki/D-Wave_Systems
Because of the current developments int the press this challenge is being viewed in the context of the NSA, but other foreign intelligence services also pose a threat to user data.
True, but it's the public key cryptography in use today that I'm concerned with!
Reason why it might be: 80% of the Tor Project's $2M annual budget comes from the United States government (says wiki), this perhaps implies that the US gov. has some influence or control over what goes into Tor, and so if there's anyone who knows how to identify Tor users, it's the US gov.
Reason why it might not be: Snowden had Tor stickers on his laptop, that sort of lends credence to the fact that NSA doesn't have it down yet on how to id Tor users and it is still a good and reliable anonymity tool.
I need to reinstate my moratorium on reading HN prism discussions. I can't wait to tell people:
"Its not the academic literature or availability of the source code that makes me confident in tor's security, its the stickers I saw on a laptop"
Also, do you have more info about the courier/motorbike thing? It sounds interesting.
https://en.wikipedia.org/wiki/Millennium_Challenge_2002
Besides, the government can easily get human informants; there's no such thing as a truly trusted courier system.
Basically I would say the question isn't if we should encrypt e-mail (I think we should in general, regardless of NSA spying), but instead what encryption methods (if any) exist that would be beyond the capabilities of the NSA to easily break.
You generated your key pair. In (almost) every country in almost every city there were “key signers” (basically trusted members of the PGP community). You met with them and they verified your identity and signed your public key. You needed to visit couple of them to get enough signatures to obtain certain level of trust in the PGP community. Once your level of trust was high enough you could start signing keys of other people. Too good to be true I guess…..
If you're using any Linux distribution, there is certainly use of the web of trust at many points in the development, build, and delivery chain of its software.
Private companies such as Intelius are posting my personal information on the internet.
Anyone who knows my real name can search the internet and find out where I work, my home address, my spouse's name, my home phone number and my age. I didn't put any of this information on the internet, in fact I don't even have a facebook account. Private companies collected and aggregated this information and put it on the internet. Some of the information came from public records (for example, home address from property ownership records), but some was very private (such as my home phone number, which is not even in my name and rarely given out). This is a huge violation of privacy and I have no way of stopping it. Anyone that wants to harm me can find out where I live with a few clicks of the mouse.
I am not worried about the government spying on me. I am very worried about these for-profit businesses spying on me and outing my information on the internet. Why isn't arstechnica writing stories about that instead?
You have the right to a private conversation. You don't have the right to a secret existence. Directory information (like a phone number) is not that private because there's nothing anyone can really do with it besides call you. We don't really recognize a right not to be called. Your phone records, however, lead to information about your friends, lovers, and business dealings. Exposure of that information is a much bigger deal to most people than the mere fact that they exist.
Sure, you can encrypt most things, but then maybe you look suspicious so you get special attention. Can you encrypt everything? Of course not.
But the real problem is: encryption is really only a short-term solution, we need a more fundamental one, see: https://news.ycombinator.com/item?id=5879308
https://www.cis.upenn.edu/~arielfel/pub/Frientegrity-UsenixS...
If the government will not respect our privacy -- and frankly, there is no reason to believe they will -- then we need to take matters into our own hands. We need to use cryptography to protect our privacy, so that no matter who comes into power we can communicate privately. That is a long-term solution, one that outlasts the government.
PGP is useful, but pointless on a system that may be compromised/backdoored at any time (e.g. Windows, iOS, Android ... ). So the first - and possibly most annoying - step would be to install a secure OS.
And that would be ???
A mostly secure linux distribution booted from a read-only device would be a good start.
c't Bankix is such a distribution, made specifically for secure online banking: http://www.heise.de/download/ct-bankix.html
Targeted, automatic updates by the vendor with a suitable payload.