date:20180516

Re: [tor-talk] PGP fiddly-diddly - action required

2018-05-16 Thread Lara

On Wed, 16 May 2018, at 00:37, panoramix.druida wrote:
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now

The problem with quoting links is that the source can ALWAYS change the
text to fit the latest developments. So you should link as a reference
to the context, but do QUOTE the parts that disturb you.

> So if I have PGP to protect my email, their solution is to stop using
> PGP because someone could read my encripted mails.

The current page says:

+ Our advice, which mirrors that of the researchers, is to immediately
+ disable and/or uninstall tools that automatically decrypt PGP-
+ encrypted email.

Notice the words automatically and decrypt, besides the immediately that
unsettled you.

> So now everyone would be able to read all of may emails.

I doubt even EFF would have written such a thing.

> Wouldn't be better to ask people to disable HTML on email and to
> upgrade their email clients to stay protected.

Only TorBirdy and other email related projects do say that.

And there is no upgrade so asking users to upgrade would have been only
a hysterical reaction.

> I know PGP is not perfect, but it is the best we have for email.

The best you know. And there is no "we". Different needs,
different tools.

> I know email is not perfect but it is more or less descentralize.

More, less, the same. Emotion and zero information.

> Why should be stop using email in favor of something such as Signal
> (recomendation from EFF article) that is centralize and we should
> trust the guys running the server are good guys.

In its current form, it says nothing about "stop using" anything but
software that automatically decrypts PGP. Anyway it is called trying to
give a solution. And as far as I know Signal has a much better security
history than the email client addons.

> I understund that Signal has great security features like foreward
> secrecy that PGP doesn't. I know it is open source, but you are forbid
> to installed from free repostiories such as Fdroid.

Nobody forbids anyone from installing anything from Fdroid. That IS
EXACTLY the point of Fdroid.

> Also you can not use Signal if you don't have a phone number. How
> great is that for anonymity. In the country where I am living you can
> not activiate a mobile phone number without your national id.

In many countries you can't do that. So the responsibility should be
ENTIRELY with you. People from other countries give you FDroid,
Android, Internet, websites, and so on. It is up to you to either
change that reality or vote with your feet if you are too weak,
incompetent, and so on.

Cheers
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] PGP fiddly-diddly - action required

2018-05-16 Thread Sydney


> On 16 May 2018, at 9:42 pm, Lara  wrote:
> 
> On Wed, 16 May 2018, at 11:31, Sydney wrote:
>> 
>> encrypted email.”
>> 
>> This could easily be interpreted — especially by someone that doesn’t
>> natively speak English — that PGP is not safe.
> 
> Hence the corollary: if you are not a native speaker wait for a
> translation.
> 
>> This is how I initially read the article.
> 
> Stop reading PGP email means "everyone would be able to read ALL my
> email". A problem it is, but language is not.

It’s a effectively security alert; it warrants caution. I’m a native speaker 
and read it the same way. 

You need to pull your head in.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] PGP fiddly-diddly - action required

2018-05-16 Thread Sydney

> On 16 May 2018, at 6:34 pm, Lara  wrote:
> 
>> So now everyone would be able to read all of may emails.
> 
> I doubt even EFF would have written such a thing.
>> 

The EFF website still has the following, which you actively chose to ignore:

“...and temporarily stop sending and especially reading PGP-encrypted email.”

This could easily be interpreted — especially by someone that doesn’t natively 
speak English — that PGP is not safe.

This is how I initially read the article.

I agree with ProtonMail when they said: “We agree that the @EFF warning is 
overblown and disproportionate... we think that stories claiming "PGP is 
vulnerable" are inaccurate.” 
(https://www.reddit.com/r/ProtonMail/comments/8jabm6/pgp_is_broken/)

Sydney.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] PGP fiddly-diddly - action required

2018-05-16 Thread Lara

On Wed, 16 May 2018, at 11:31, Sydney wrote:
> >> So now everyone would be able to read all of may emails.
> > I doubt even EFF would have written such a thing.
> The EFF website still has the following, which you actively chose
> to ignore:
>
> “...and temporarily stop sending and especially reading PGP-
> encrypted email.”
>
> This could easily be interpreted — especially by someone that doesn’t
> natively speak English — that PGP is not safe.

Hence the corollary: if you are not a native speaker wait for a
translation.

> This is how I initially read the article.

Stop reading PGP email means "everyone would be able to read ALL my
email". A problem it is, but language is not.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

2018-05-16 Thread Nathan Freitas

On Wed, May 16, 2018, at 8:13 AM, Lara wrote:
> On Wed, 16 May 2018, at 11:53, Nathan Freitas wrote:
> > Since we release Orbot roughly 8 years ago, it has been installed
> > more than 20 million times, by people from hundreds of different
> > countries and walks of life. Even better, we have cross the 2 million
> > active user mark, with growing adoption in many “mobile first” parts
> > of the world.
> 
> Congratulations!
> 
> But see the thread about EFF's reaction to the PGP related issues, be
> sure that people do not confound popularity with safety.
> -- 

Agreed. It is good to celebrate milestones to ensure we keep our energy and 
optimism up. Most of the time, however, we keep our heads down, and focus on 
quality. I have been actively maintaining Orbot for 9 years, so keep hope alive!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

2018-05-16 Thread Nathan Freitas

Orbot: Over 20 Million Served, Ready for the Next Billion

https://guardianproject.info/2018/05/16/orbot-over-20-million-served-ready-for-the-next-billion/

We recently published the latest release of Orbot (16.0.2!), and as
usual, we make it available via Google Play, as well F-Droid, and
through direct download on our website. Whether we like it or not,
Google keeps tracks of things like total installs and active installs
(i.e. not uninstalled), and reports on that for us through their
dashboard. While publishing this release, we noticed a milestone that
made us a bit proud… so pardon this humblebrag.

Since we release Orbot roughly 8 years ago, it has been installed more
than 20 million times, by people from hundreds of different countries
and walks of life. Even better, we have cross the 2 million active user
mark, with growing adoption in many “mobile first” parts of the world.

Of course, none of this would be possible without Tor Project itself, at
the core of what we do, and empowering us through the years, to pave the
way on free, open, mobile circumvention. We are also especially excited
about the direction things are headed with Tor’s new executive director,
Isabela Bagueros.

That is because Isa understands that the vast majority of the world,
including her home country of Brazil, accesses the internet using
smartphones, which essentially include surveillance, censorship and
privacy invasion as core features. Fortunately, she shares our optimism
that with the right software and service, we can fight back against this
and provide working solutions for human rights defenders, activists,
journalists and everyday people. We are really excited about Tor’s new
mobile initiative and their new stewardship of Orfox (soon to be Tor
browser for Android!). Also, if you didn’t know Isa is the one
responsible for Twitter adding proxy features into their Android app
many years ago!

With that global population in mind, we’ve focused this latest release
of Orbot on size and efficiency, with the goal of making the app less
than 10 megabytes in size. This 10MB limit qualifies Orbot to be
promoted to Android Go devices, which is Google’s attempt to serve “the
next billion”. You might have heard about lightweight “Go” editions of
apps like YouTube, that are both smaller in size, and have features that
enable data saving and offline use. With Orbot, we have started by
focusing on reducing our binary size (which adds up over time with
regular updates, etc), to reduce it by nearly 1/3, instead of just
letting it grow bigger and bigger with each release. Over the next year,
we will be working with the core Tor team to improve the core efficiency
of the service running on mobile architectures, and to implement new
features for data management, battery saving and more.

A deep, onion-infused thank you to the multitudes who have helped us get
to this point. We couldn’t have done it with out all of your patches,
bug reports, complaints, praise, donations and encouragement. Now, let’s
keep it up until we get to the billion install mark!

signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

2018-05-16 Thread Lara

On Wed, 16 May 2018, at 11:53, Nathan Freitas wrote:
> Since we release Orbot roughly 8 years ago, it has been installed
> more than 20 million times, by people from hundreds of different
> countries and walks of life. Even better, we have cross the 2 million
> active user mark, with growing adoption in many “mobile first” parts
> of the world.

Congratulations!

But see the thread about EFF's reaction to the PGP related issues, be
sure that people do not confound popularity with safety.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] PGP fiddly-diddly - action required

Re: [tor-talk] PGP fiddly-diddly - action required

Re: [tor-talk] PGP fiddly-diddly - action required

Re: [tor-talk] PGP fiddly-diddly - action required

Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

[tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

7 matches

Site Navigation

Mail list logo

Footer information