On Tuesday, September 20, 2011 02:21:55 PM, Ron Guerin wrote: > Chris Knadle wrote: > > On 9/15/2011 8:32 AM, Joseph Apuzzo wrote: > >> A friend of mind turned me on to https://www.google.com aka to have an > >> encrypted conversation with Google. > >> I've been using it, since I like as much crypt-o traffic on the net as > >> possible. > >> > >> But why? Anyone have any intelligent toughs on the subject, I would like > >> to hear your take on the service and what it's good for. > > > > 1. Your search results are valuable. People can be recognized for who > > they are based on what they search for. (There have been articles on > > that.) > > > > 2. More important than your search results are your logins to Google > > such as for GMail and other services. You would probably not appreciate > > finding out later that someone was secretly getting CC:ed on every email > > you send and receive, and used this information in order to change the > > ownership on your domain name(s) via email while you were away on > > vacation. > > > > 3. A natural extension of the combination above is "if it's going over > > the 'net, it should be encrypted if possible." So if there's an > > encrypted version of the same service available, use it. > > > > 4. Have a quick look at DuckDuckGo as an alternative to Google. > > > > https://duckduckgo.com/ > > > > And read about what Google does that they don't tell you. > > My original request for SSL on a mail server was from a user who, after > I explained how one shouldn't rely on SSL to keep messages encrypted via > e-mail, explained to me that he and I had completely different > perspectives.
I'm assuming in this case you were telling him that not all MTAs are able to transfer messages over ESMTPS, rather than this being about GPG or S/MIME encryption at the email client (MUA). One interesting note on this is that ESMTPS transfers between MTAs encrypts the transfer of the entire message, where as GPG, PGP, and S/MIME will all expose who the email is from, who it's to, and what the subject line is, all in clear text. Or perhaps you meant SSL/TLS for email access like for POP3s or IMAPs. ;-) 'Aint clear. > I was looking at it from an Internet perspective, he was > looking at it from the "nosy neighbor" perspective, which is a perfectly > valid concern that last-hop SSL does indeed address. > > Google has, more than Apple or Microsoft, a vested interest in the > Internet both being more secure and appearing to be more secure than it > is well-known to be. So I think there's that also. If "The > Cloud"/Web2.0/etc. collapses as it has every other time its been tried, > Microsoft and Apple have something to fall back on, Google not so much. Sadly the general public doesn't seem to worry much about encryption or even about privacy or lack thereof. As a matter of fact many of the engineering students I was in a recently in college weren't aware that there was this thing they could put into their browser called "https://"; and what that did. :-/ So I don't know what would cause Cloud/Web2.0 to "fail" in that sense. [Other than that, I generally agree with you.] -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 5 - Distributed Authentication Systems Nov 2 - Nov 2011 Dec 7 - Chef
