On 10/18/2013 01:20 PM, Fabio Pietrosanti (naif) wrote: > Il 10/16/13 12:07 AM, Yosem Companys ha scritto: >> If you have any thoughts about Riseup, whether >> security/privacy-related or otherwise, I'd love to hear them. > > While i appreciate Riseup project goals and approach, i would not > personally keep my usual email flow (inbound/outbound) going trough a > communication line that's used by many other "sensible users", because > it's more likely to be massively monitored. > > Generally is not valuable to use only 1 email provider, because email is > made up of many pieces: > - Inbound flow > - Outbound flow > - Data storage > > That require a user to have at least 3 different providers by: > - Splitting your communication flow > - Stay on countries with (strong economy & strong privacy law)
I'm not sure how any of that would help if your upstream connection is tapped or if the attacker has a sufficiently large view of the Internet as we thing agencies like GCHQ and NSA have. Assuming they don't have the TLS keys for the particular services you're using, it would be trivial to do traffic analysis and grab the data as it's being transferred between provider machines. Keep in mind that most server to server email traffic isn't actually encrypted yet. Or am I missing something you're saying? Anthony -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
