Re: [liberationtech] to encrypt or not to encrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/21/2013 07:18 PM, Eleanor Saitta wrote: ...and for any kind of business-related organizational work, much of the time, wherein you do get plenty of actual high-value information. Engineering discussions are often had over e-mail, not just out of convenience but because messages are archived, indexed, and referred to in lieu of notes. Same with organizational planning and strategy. Don't forget documents being e-mailed back and forth... Because we're unlikely to move businesses off email any time soon (and I include NGO- and much of organized activist-land here), we do in the end need to do something for it. The private sector, too. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Sendmail isn't evil, it's job security. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHFx5QACgkQO9j/K4B7F8GKngCgjvCorYJI8Y+L6qFnT/gh4peo qL4An0yu6tn5p/WthpCt6wY8rDHw6Jnp =yBhS -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
That and get everyone to salt every message with a random assortment of words and phrases from flag lists On Jun 21, 2013, at 11:55 AM, Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. NK On 2013-06-21, at 11:52 AM, Michael Rogers mich...@briarproject.org wrote: Signed PGP part It's unfortunate that Ars Technica has chosen that angle, since I believe it misrepresents the situation: if you use encryption, the NSA may indeed retain your encrypted traffic, but won't be able to read it. If you don't use encryption, the NSA will be able to read your traffic, and will retain it if it contains anything interesting, or if you're not an American. So encryption is still a net gain for privacy. Blending in is a red herring in my opinion - metadata (which isn't subject to the restrictions discussed in the Ars Technica article) reveals who talks to whom and when. That's sufficient to identify persons of interest, regardless of whether they use encryption. Any activist or journalist should assume they're already a person of interest, thanks to their job and the people they talk to. Not to be subject to surveillance would be something of a professional embarrassment. ;-) So forget about blending in. Assume you're subject to surveillance, and think about what steps you're going to take in response. Cheers, Michael On 21/06/13 16:41, dan mcquillan wrote: a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. sample news item: http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml?utm_source=dlvr.itutm_medium=twitter how would list members answer the question 'to encrypt or not to encrypt'? cheers dan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
Hi, On Fri, 21 Jun 2013 18:51:01 +0200 phryk ph...@phryk.net wrote: On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. There is another ingredient to all this context of crisis and collapse: things are getting desperate in some cases where for a generation, people lived within a now dying mindset, so there is a lot of catharsis for change in the way we use data and networks just as there is with this cultural change and time of mass protests. Cities, neighbourhoods and regions can concievably plan or cultivate separate internets, or geographically dispersed interest groups can choose a platform or technology amongst the more secure or private/anonymous and work with that. Here in Catalunya we have the fast growing community run neutral wifi/cable network Guifi.net which can work as a separate internet and disconnect from it whilst still running services that users can connect to, for example. The key I think is to have locally funded data and networking services like data storage and transfer, maps, social network software and data storage or search, which also helps an area be resilient against google, facebook co's possible demise, or changes to legislation or of their business plans. I think there are 2 choices in planning for security in a more localised economy/community: you can create a walled garden within your network/community and keep a really tight control on who you let in, and what local processes or activities might work towards keeping that system going. Or you can work in a trust network of some kind, with each person or group gauging what and how much information to exchange between different networks. I wonder if the best way to enable more widespread use, alongside things like cryptoparties would be the creation of a fund for improving the interfaces, effectiveness and usability of these crypto/distributed data tools? Ale -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] to encrypt or not to encrypt?
a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. sample news item: http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtmlhttp://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml?utm_source=dlvr.itutm_medium=twitter how would list members answer the question 'to encrypt or not to encrypt'? cheers dan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's unfortunate that Ars Technica has chosen that angle, since I believe it misrepresents the situation: if you use encryption, the NSA may indeed retain your encrypted traffic, but won't be able to read it. If you don't use encryption, the NSA will be able to read your traffic, and will retain it if it contains anything interesting, or if you're not an American. So encryption is still a net gain for privacy. Blending in is a red herring in my opinion - metadata (which isn't subject to the restrictions discussed in the Ars Technica article) reveals who talks to whom and when. That's sufficient to identify persons of interest, regardless of whether they use encryption. Any activist or journalist should assume they're already a person of interest, thanks to their job and the people they talk to. Not to be subject to surveillance would be something of a professional embarrassment. ;-) So forget about blending in. Assume you're subject to surveillance, and think about what steps you're going to take in response. Cheers, Michael On 21/06/13 16:41, dan mcquillan wrote: a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. sample news item: http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml?utm_source=dlvr.itutm_medium=twitter how would list members answer the question 'to encrypt or not to encrypt'? cheers dan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRxHajAAoJEBEET9GfxSfM2HkH/Rm25AIazNgkqxadf/vzXX+6 mF7r0OCJxskiItRiGIYPLQm82Ig7lPe2cKdi+B7EGkxe9e2CekgC5gFlY8m5b7dt F9ivv//LjZnBscwHKNT4mZ073188BlsDRB0pSKQuYlZ1R8PCHfjM+U8l5nVaX0Ox +tmwylPA5GKV9IQYtRHUlZlOd2wM2fmaaGMRZCdxOF/rk4m8fxZn/Emsj3Yq4IeG syVZHqRwB6VkVA6YL5TllATpOqd+NE0JpwNPOsFUBVVN7XsUVeZeYIGx7k7lZ8AU VI+dklvAIGDrkHEabnMhRQPABVh4XyWuwstJUPiDtMCDQ8f0vXz8tVAaGfN/p/Q= =4kJw -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. NK On 2013-06-21, at 11:52 AM, Michael Rogers mich...@briarproject.org wrote: Signed PGP part It's unfortunate that Ars Technica has chosen that angle, since I believe it misrepresents the situation: if you use encryption, the NSA may indeed retain your encrypted traffic, but won't be able to read it. If you don't use encryption, the NSA will be able to read your traffic, and will retain it if it contains anything interesting, or if you're not an American. So encryption is still a net gain for privacy. Blending in is a red herring in my opinion - metadata (which isn't subject to the restrictions discussed in the Ars Technica article) reveals who talks to whom and when. That's sufficient to identify persons of interest, regardless of whether they use encryption. Any activist or journalist should assume they're already a person of interest, thanks to their job and the people they talk to. Not to be subject to surveillance would be something of a professional embarrassment. ;-) So forget about blending in. Assume you're subject to surveillance, and think about what steps you're going to take in response. Cheers, Michael On 21/06/13 16:41, dan mcquillan wrote: a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. sample news item: http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml?utm_source=dlvr.itutm_medium=twitter how would list members answer the question 'to encrypt or not to encrypt'? cheers dan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
On Fri Jun 21 12:51:11 2013, phryk wrote: On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. What about the theory that by encrypting all the things we are feeding some massively large NSA cryptanalysis project that uses different flavors of ciphertext to find weaknesses? Very conspiracy theorist-y, but I've heard a few people say that maybe we shouldn't donate unnecessary ciphertext to such a project. :/ best, Joe -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/21/2013 11:41 AM, dan mcquillan wrote: how would list members answer the question 'to encrypt or not to encrypt'? Assumption: Your traffic is being recorded. Assumption: You can't transmit anything without leaking at least one bit (You're transmitting something.) Case: Don't encrypt. - - Your traffic is being captured. - - This means all of your plaintext traffic has been captured and is being data mined. Outcome: You're branched. Case: Encrypt. - - Your traffic is being captured. - - Whatever cleartext traffic you send has been captured and is being data mined. - - Cleartext metadata is being data mined. This means packet headers (IP address, TCP or UDP port, nature of connection (TCP session setup, TCP session teardown)) and whatever message metadata or routing information (SMTP headers) is being datamined. - - Whatever cyphertext traffic you send has been captured. - - The cyphertext remains cyphertext - packet payloads, e-mail contents, what have you remain unknown. Outcome: The attacker knows that you encypt some volume X of your traffic, of which some subvolume Y can be characterized as traffic of type Z and the rest may or may not be recognizable as being related to Z or some other protocol Q that can't be characterized yet. Most favorable outcome: Encrypt. In comparison... Perfect outcome: Don't transmit anything. Just give up. But then, why are you on this mailing list? - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ The future belongs to the brave. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHEhk8ACgkQO9j/K4B7F8G/OACgkEiUWH0ZVdnrfxfGcTO7FLRZ KJgAoNG+VkPCFGr4sbOTX13fu1SCOzc9 =8zTD -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
On Fri, Jun 21, 2013 at 06:51:11PM +0200, phryk wrote: On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. You want it to happen, you get opportunistic encryption to happen on as a low level as possible, on as many devices as possible. Target consumer routers which run Linux or Freedombox-like devices. Sooner or later it will move to Android, other mobiles and desktops. Put it into the application layer. Want an actionable? Figure out how to implement BTNS straight from the RFC. Nobody seems to have bothered, so far. A CS student with basic crypto background could do it. If you have working code, even crappy working code, we have a really good chance to take it from there. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
From: dan mcquillan d...@internetartizans.co.uk To: Liberation Technologies liberationtech@lists.stanford.edu Sent: Friday, June 21, 2013 11:41 AM Subject: [liberationtech] to encrypt or not to encrypt? a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. sample news item: http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml how would list members answer the question 'to encrypt or not to encrypt'? cheers dan The technical answer is that the question makes the false assumption that privacy is a binary thing, either on-- you have privacy-- or off-- you don't. Unfortunately there are also threats from private corporations, thieves, hackers, ex-spouses, etc. If you turn privacy off in the perverse hope that you'll blend in with everyone else, you'd better hope that a) you never mention something that breaks one of the tens of thousands of laws you've probably never even read, because as the recent Guardian stories point out evidence of your criminal wrongdoing can be shared with other agencies even if you weren't the target of the initial query and even if it's not related to the initial investigation. And oh yeah, b) you've now turned on spying for all those groups I mentioned above and more, groups for which there isn't even the modicum of court oversight that there is for the NSA. As meaningless as that oversight seems to be, at least the NSA doesn't have the pressure of shareholders who want to see it monetize all the data it collects as soon as humanly (algorithmically?) possible. Facebook does. Google ad campaigns done by marketing idiots follow people around on webpages and creep them out, because it turns out suggesting that your customers Don't be evil doesn't work very well, even when it would actually help their bottom line. I'm sorry but you have to think about these things. The good news is that if you have nothing to hide, what better excuse is there to play around with crypto and possibly add cover for people doing important work in dangerous places? Finally, I'm also sorry that there's a gaping hole in the free software community wrt user experience. There's nothing implied by the four freedoms of the GPL that would lead a developer to take seriously the question of how to make those freedoms easy or even possible for the user to exercise meaningfully. How many crypto projects try to get the user experience right first, and fill in the crypto part later? There is plenty of crypto that has been well-tested and has a track record at this point, so it's not an impossible task. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
On 06/21/2013 10:00 AM, Eugen Leitl wrote: On Fri, Jun 21, 2013 at 06:51:11PM +0200, phryk wrote: On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. You want it to happen, you get opportunistic encryption to happen on as a low level as possible, on as many devices as possible. Target consumer routers which run Linux or Freedombox-like devices. Sooner or later it will move to Android, other mobiles and desktops. Put it into the application layer. Yes, securing the lower levels would seem to be an important long term goal. But even if this is achieved, this will not provide any security benefits to an average user who uses facebook/gmail/etc ... In my opinion, the first priority should be to secure email. For a variety of reasons: - email is used a lot (also for important stuff) - almost everybody has an email account - email plays an important role for authentication of other services (passwords / links to reset passwords are sent by email) - technology to secure email is readily available - the importance to encrypt email is easy to explain - if a lot of people start to encrypt their emails this would send a clear message and others might follow The problem is not technical, it is education. Still, some changes in email clients would help a lot: - have crypto integrated (not as a stupid plugin deactivated by default) - offer to create a key by default, educate the user at that time - sign by default (or at least indicate in some header that you have a key) - automatically download keys from a keyserver when receiving a signed email - opportunistically encrypt if a key is available - drop that broken web-of-trust model instead use the model used in ssh: warn about a possible MITM attack if the key has changed for some reason Martin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
dan mcquillan d...@internetartizans.co.uk wrote: a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. It's the old https problem again. If you're using https in an area where almost no one does, you stick out to anyone analyzing traffic. But not using pgp/otr/https is *far* worse than the minimal attention you might theoretically draw to yourself. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
On 06/21/2013 09:57 AM, Joseph Lorenzo Hall wrote: What about the theory that by encrypting all the things we are feeding some massively large NSA cryptanalysis project that uses different flavors of ciphertext to find weaknesses? Very conspiracy theorist-y, but I've heard a few people say that maybe we shouldn't donate unnecessary ciphertext to such a project. :/ best, Joe I wholeheartedly endorse many of the arguments /for/ consistent use of encryption that have been voiced so far -- but I'm still curious how people would handle the above challenge. It seems to me that one reasonable response would be that the proposed problem is largely a function of inconsistent use of cryptography: if all the things were encrypted, all the time, cryptanalysis would be considerably more costly than it is when people are only encrypting certain kinds of information (since plain-text versions of encrypted content would be less available, and predicting the nature/type of an encrypted stream would hence become more difficult). As someone else has already said, if everything were encrypted, it would be impossible to figure out what parts of that encrypted ocean would be worth filtering with a crypto-breaking strainer. Also, if the NSA is really intent on fundamentally breaking various crypto algorithms, I'm sure they have more than enough computing power in-house to generate and attempt to reverse engineer huge quantities of ciphertext; they probably don't really need our help to produce more of such data. :) Jordan -- Sent from a computer running Free and Open Source Software My GPG Public Key (0xDE1C1B53) https://seasprites.net/0xDE1C1B53.asc -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/06/13 17:57, Joseph Lorenzo Hall wrote: What about the theory that by encrypting all the things we are feeding some massively large NSA cryptanalysis project that uses different flavors of ciphertext to find weaknesses? Very conspiracy theorist-y, but I've heard a few people say that maybe we shouldn't donate unnecessary ciphertext to such a project. :/ Sorry to be blunt, but that theory is nonsense. The NSA can't possibly learn more from the ciphertext of an unknown plaintext than it could learn by generating its own ciphertext from a known plaintext - which would save the cost of a splitter cabinet, to boot. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRxKFlAAoJEBEET9GfxSfMJDMIAKE/4EamX+E6xPExWNTWb2ct ACpHkg2ovh6Ez8pS25h5arwicftWLo2fZUDicy6If0Vz2AWyr2iFBvknFezH+jlY X1Af+oWwScYEV3UmPQCQInQmXzDziXYXYxE6W2Tpokq3pkVguyTaqKZsxVQhMc3T oLZKGxKtXLaissBXDtLn/XRR5CNUsn1ZzSziJEynXO56gGut0eXGZIExdNCy8POt Tc2KzDyPaX91t2Zz1ecNUEN6h4FgUCgTOQcAndz7i+0cUG/5V+XhwJazct+00tqS LjasOQIU5ICCTEpJy3L2vxEB/jdDTZ21Xt+5WNdEMLOwXl56/DZkJc1chL6VRtA= =EAd2 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri Jun 21 14:54:29 2013, Michael Rogers wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/06/13 17:57, Joseph Lorenzo Hall wrote: What about the theory that by encrypting all the things we are feeding some massively large NSA cryptanalysis project that uses different flavors of ciphertext to find weaknesses? Very conspiracy theorist-y, but I've heard a few people say that maybe we shouldn't donate unnecessary ciphertext to such a project. :/ Sorry to be blunt, but that theory is nonsense. The NSA can't possibly learn more from the ciphertext of an unknown plaintext than it could learn by generating its own ciphertext from a known plaintext - which would save the cost of a splitter cabinet, to boot. No, thanks for being blunt and this makes a lot of sense! best, Joe - -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHEqL0ACgkQwOJtkPJXd/gYIQCeMK6ceaOBIbkDPH8yfmEofiK6 1EMAn00ygAaXouQFimc5ggCJS6Md9x4E =fBda -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
On Fri, 21 Jun 2013 10:28:51 -0700 Martin Uecker uec...@eecs.berkeley.edu wrote: - email is used a lot (also for important stuff) As far as I can tell, non-techy persons mostly use their email accounts for registering at various websites, online-shopping and that sort of thing, not active communication. I think the most private stuff goes through IM, a lot of that through sites like Facebook or programs like WhatsApp. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech