Re: [liberationtech] Interesting QA
On Mon, Jun 17, 2013 at 5:23 PM, Richard Brooks r...@acm.org wrote: From Guardian QA with Snowden http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. How strong is strong enough? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
Why settle for strong enough? Use the strongest options you have at your disposal. On Tue, Jun 18, 2013 at 9:02 AM, Helder Ribeiro hel...@gmail.com wrote: On Mon, Jun 17, 2013 at 5:23 PM, Richard Brooks r...@acm.org wrote: From Guardian QA with Snowden http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. How strong is strong enough? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
On Tue, Jun 18, 2013 at 12:18:38PM +0300, Michael Azarkevich wrote: Why settle for strong enough? Use the strongest options you have at your disposal. One-time pads are provably strong if done right, but come with considerable usability disadvantages (but are potentially worth it if people's lives are on the line). Moreover, the point was that available encryption is sufficiently strong so that it's being worked around in practice. These are not the droids you're looking for. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/17/2013 10:53 PM, Eric S Johnson wrote: Agreed. Even my 13-year-old's using it. I do wish something as easy existed for MS Outlook users. Symantec Desktop Encryption works well and is much more powerful but is also much harder to use (besides costing much more!). It's also very finicky - while it does disk encryption quite well, sometimes the e-mail and file encryption bits freak out and Do the Wrong Thing(tm). Complaints about it stacked up at the DC cryptoparty last year. That said, I've been using and teaching GPG4win (http://www.gpg4win.org/) for about a year now. It includes GpgOL (GPG for Outlook), and attempts to accomplish the same tasks as Enigmail (and mostly succeeds). - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ SEARCH PARTY ATTACKED BY MONSTER -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHAmcAACgkQO9j/K4B7F8E4ywCeNZrztH3URxjKbyIwRP1SaQR/ UUoAn2xX/b6V/PjLoy8nMJBs0Ka6NY0+ =NnA1 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Interesting QA
From Guardian QA with Snowden http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17 Jun 2013, at 22:23, Richard Brooks wrote: From Guardian QA with Snowden http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. Encryption does work but it needs to be something that everyone can install configure and use. I wonder what encryption software would look like if Apple made it as friendly as their products What was also interesting was the following: Question: 1) Define in as much detail as you can what direct access means. (Anthony De Rosa 17 June 2013 2:18pm) Answer: 1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed. Bernard - --- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRv4g6AAoJENsz1IO7MIrrOpoIALrbBA6OthlKhPs8sY/xk6JU W8nTnPE6fLH0vCgTwsg/EnF71Ac5isJRfhOWozV82RtMvbZtbZtiSm2z8bqP+/1p 41Yxk5KaZ08vIFOdEsPZ5e4W2CzSePagicNKCmC8d2amFQ3wMzSEJSweqZ/WxMQu raRSmtuI+U5sGYkiwwwmEEM7/OIn8/Ob6V6KuhmJMcxHe1KD3OLTDE0AASdIGDWr /BKLDLgi3Tr8Bdb9BkyfiOTfHnAuskMqjK8yqid4dkUJ4MQnIk7sKgBBDgewd5Sz Sh1BEtIB0R0DAlZyHFH0kn57t/2YWt/uQKF2sdvR1qusmnuO1mb592lCoBAk8+4= =HRib -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
On Jun 17, 2013, at 3:05 PM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: I wonder what encryption software would look like if Apple made it as friendly as their products While not from Apple, I think the latest version of GPGtools for the Mac (https://gpgtools.org) is quite nice. Regards, -drc -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
Apple already builds in encryption into many of its products: FileVault disk encryption, Mail.app S/MIME support, iMessage Facetime end-to-end encryption, and iCloud keychain are a few examples. File Vault 2, the whole-hard-disk-encryption solution built in to Mac OS 10.7 and up, is super-easy to use--precisely the same as BitLocker, the analogous solution built in to Windows 7 Ultimate and Windows 8 Pro. Cybersecurity seminar trainees are often surprised to find they already have these tools but never knew it. They're not on by default. Best, Eric -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
I wonder what encryption software would look like if Apple made it as friendly as their products While not from Apple, I think the latest version of GPGtools for the Mac (https://gpgtools.org) is quite nice. Agreed. Even my 13-year-old's using it. I do wish something as easy existed for MS Outlook users. Symantec Desktop Encryption works well and is much more powerful but is also much harder to use (besides costing much more!). Best, Eric -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech