Re: [tor-talk] PGP fiddly-diddly - action required
On Wed, 16 May 2018, at 00:37, panoramix.druida wrote: > > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now The problem with quoting links is that the source can ALWAYS change the text to fit the latest developments. So you should link as a reference to the context, but do QUOTE the parts that disturb you. > So if I have PGP to protect my email, their solution is to stop using > PGP because someone could read my encripted mails. The current page says: + Our advice, which mirrors that of the researchers, is to immediately + disable and/or uninstall tools that automatically decrypt PGP- + encrypted email. Notice the words automatically and decrypt, besides the immediately that unsettled you. > So now everyone would be able to read all of may emails. I doubt even EFF would have written such a thing. > Wouldn't be better to ask people to disable HTML on email and to > upgrade their email clients to stay protected. Only TorBirdy and other email related projects do say that. And there is no upgrade so asking users to upgrade would have been only a hysterical reaction. > I know PGP is not perfect, but it is the best we have for email. The best you know. And there is no "we". Different needs, different tools. > I know email is not perfect but it is more or less descentralize. More, less, the same. Emotion and zero information. > Why should be stop using email in favor of something such as Signal > (recomendation from EFF article) that is centralize and we should > trust the guys running the server are good guys. In its current form, it says nothing about "stop using" anything but software that automatically decrypts PGP. Anyway it is called trying to give a solution. And as far as I know Signal has a much better security history than the email client addons. > I understund that Signal has great security features like foreward > secrecy that PGP doesn't. I know it is open source, but you are forbid > to installed from free repostiories such as Fdroid. Nobody forbids anyone from installing anything from Fdroid. That IS EXACTLY the point of Fdroid. > Also you can not use Signal if you don't have a phone number. How > great is that for anonymity. In the country where I am living you can > not activiate a mobile phone number without your national id. In many countries you can't do that. So the responsibility should be ENTIRELY with you. People from other countries give you FDroid, Android, Internet, websites, and so on. It is up to you to either change that reality or vote with your feet if you are too weak, incompetent, and so on. Cheers -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] PGP fiddly-diddly - action required
> On 16 May 2018, at 9:42 pm, Larawrote: > > On Wed, 16 May 2018, at 11:31, Sydney wrote: >> >> encrypted email.” >> >> This could easily be interpreted — especially by someone that doesn’t >> natively speak English — that PGP is not safe. > > Hence the corollary: if you are not a native speaker wait for a > translation. > >> This is how I initially read the article. > > Stop reading PGP email means "everyone would be able to read ALL my > email". A problem it is, but language is not. It’s a effectively security alert; it warrants caution. I’m a native speaker and read it the same way. You need to pull your head in. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] PGP fiddly-diddly - action required
> On 16 May 2018, at 6:34 pm, Larawrote: > >> So now everyone would be able to read all of may emails. > > I doubt even EFF would have written such a thing. >> The EFF website still has the following, which you actively chose to ignore: “...and temporarily stop sending and especially reading PGP-encrypted email.” This could easily be interpreted — especially by someone that doesn’t natively speak English — that PGP is not safe. This is how I initially read the article. I agree with ProtonMail when they said: “We agree that the @EFF warning is overblown and disproportionate... we think that stories claiming "PGP is vulnerable" are inaccurate.” (https://www.reddit.com/r/ProtonMail/comments/8jabm6/pgp_is_broken/) Sydney. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] PGP fiddly-diddly - action required
On Wed, 16 May 2018, at 11:31, Sydney wrote: > >> So now everyone would be able to read all of may emails. > > I doubt even EFF would have written such a thing. > The EFF website still has the following, which you actively chose > to ignore: > > “...and temporarily stop sending and especially reading PGP- > encrypted email.” > > This could easily be interpreted — especially by someone that doesn’t > natively speak English — that PGP is not safe. Hence the corollary: if you are not a native speaker wait for a translation. > This is how I initially read the article. Stop reading PGP email means "everyone would be able to read ALL my email". A problem it is, but language is not. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion
On Wed, May 16, 2018, at 8:13 AM, Lara wrote: > On Wed, 16 May 2018, at 11:53, Nathan Freitas wrote: > > Since we release Orbot roughly 8 years ago, it has been installed > > more than 20 million times, by people from hundreds of different > > countries and walks of life. Even better, we have cross the 2 million > > active user mark, with growing adoption in many “mobile first” parts > > of the world. > > Congratulations! > > But see the thread about EFF's reaction to the PGP related issues, be > sure that people do not confound popularity with safety. > -- Agreed. It is good to celebrate milestones to ensure we keep our energy and optimism up. Most of the time, however, we keep our heads down, and focus on quality. I have been actively maintaining Orbot for 9 years, so keep hope alive! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion
Orbot: Over 20 Million Served, Ready for the Next Billion https://guardianproject.info/2018/05/16/orbot-over-20-million-served-ready-for-the-next-billion/ We recently published the latest release of Orbot (16.0.2!), and as usual, we make it available via Google Play, as well F-Droid, and through direct download on our website. Whether we like it or not, Google keeps tracks of things like total installs and active installs (i.e. not uninstalled), and reports on that for us through their dashboard. While publishing this release, we noticed a milestone that made us a bit proud… so pardon this humblebrag. Since we release Orbot roughly 8 years ago, it has been installed more than 20 million times, by people from hundreds of different countries and walks of life. Even better, we have cross the 2 million active user mark, with growing adoption in many “mobile first” parts of the world. Of course, none of this would be possible without Tor Project itself, at the core of what we do, and empowering us through the years, to pave the way on free, open, mobile circumvention. We are also especially excited about the direction things are headed with Tor’s new executive director, Isabela Bagueros. That is because Isa understands that the vast majority of the world, including her home country of Brazil, accesses the internet using smartphones, which essentially include surveillance, censorship and privacy invasion as core features. Fortunately, she shares our optimism that with the right software and service, we can fight back against this and provide working solutions for human rights defenders, activists, journalists and everyday people. We are really excited about Tor’s new mobile initiative and their new stewardship of Orfox (soon to be Tor browser for Android!). Also, if you didn’t know Isa is the one responsible for Twitter adding proxy features into their Android app many years ago! With that global population in mind, we’ve focused this latest release of Orbot on size and efficiency, with the goal of making the app less than 10 megabytes in size. This 10MB limit qualifies Orbot to be promoted to Android Go devices, which is Google’s attempt to serve “the next billion”. You might have heard about lightweight “Go” editions of apps like YouTube, that are both smaller in size, and have features that enable data saving and offline use. With Orbot, we have started by focusing on reducing our binary size (which adds up over time with regular updates, etc), to reduce it by nearly 1/3, instead of just letting it grow bigger and bigger with each release. Over the next year, we will be working with the core Tor team to improve the core efficiency of the service running on mobile architectures, and to implement new features for data management, battery saving and more. A deep, onion-infused thank you to the multitudes who have helped us get to this point. We couldn’t have done it with out all of your patches, bug reports, complaints, praise, donations and encouragement. Now, let’s keep it up until we get to the billion install mark! signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion
On Wed, 16 May 2018, at 11:53, Nathan Freitas wrote: > Since we release Orbot roughly 8 years ago, it has been installed > more than 20 million times, by people from hundreds of different > countries and walks of life. Even better, we have cross the 2 million > active user mark, with growing adoption in many “mobile first” parts > of the world. Congratulations! But see the thread about EFF's reaction to the PGP related issues, be sure that people do not confound popularity with safety. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk