On 11/24/2013 12:38 PM, Tempest wrote: >carlo von lynX: >>Hmmm.. if you're anonymous, then you don't have friends to email with... >that is an incredible logical fallacy. myself and many others >communicate with each other without having the sligtest amoont of >knowledge as to who each other actually are.
Ok, Mr Tempest. Now that I understand your point of view better I see that it is a very unusual use case you have there. You are not my target audience. For your use case PGP may just be superfine. I am talking about the people that are currently exposing all of their social and private life over Facebook, SMS and E-Mail. These folks should be able to speak to their real life friends without being graphed and mapped. Btw, you bypassed all of my criticism for your proposed solution, so there isn't very much left to say. On Sun, Nov 24, 2013 at 02:41:18PM -0500, Jonathan Wilkes wrote: > >>Pond, Cables, Bitmessage, Susimail, Briar, I2PBote.. even RetroShare > >>does that part right. > > But what about Cables? Would those Silk Road users you reference > have been more or less safe if they had used Cables instead of > GPG-with-Tor? We are still talking about a scenario that is not my main focus, but.. yes. They would be safer. In detail: - Whoever has been talking over silkroad in the clear is subject to investigation immediately. - Whoever has been using PGP with the same id as in regular e-mail (and OpenPGP leaked it, check Fabio's thread next to this one) might be getting visitors at home. - Whoever else has been using PGP is postponed for later analysis, either should in some other way the suitable private keys surface, or because someday all of that will be decrypted. - At that point it depends on whatever is in there, if it is still going to get people to jail. - Depends also on the state of democracy and justice, if limitation period and due process are still state of the art. - Should those people have exchanged PGP only to then bootstrap a communication over safer means, then they would indeed be safer. So the question is, what IS safer? Arguably something that uses DJB's elleptic curves, in any case something that does forward secrecy, but since even that will one day be decryptable, what really counts is how the communication is lost in much larger amounts of cover traffic and transmission obfuscation. A tool like Pond makes it hard for an attacker to figure out what he should try to decrypt - should he one day have the processing power to try. That is why it is much safer than PGP on some .onion website, where the valuable content is just waiting to be processed. Still, if you don't trust tools like Pond, you can always embed PGP into them - that makes them double bullet proof. I'm describing Pond because I think I understood its architecture the best, but the other tools might be just as good. Pointing out how the new code hasn't been reviewed yet only re-enforces the need to do so. But, I repeat, it is not my interest to keep people out of jail. I am interested in the respect for the constitution to avoid us experiencing a further degradation of the quality of democracy. So when you use PGP instead of something more advanced, it is not about you. It is about us all. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
