You should make a difference between demotivating and disagreeing to blind faith in "free" as a synonym of "safe".

Nobody here says that "free" is synonymous with "safe" (again: good work at not "putting words into other people's mouth"!). "Free" is a necessary condition to "security", not a sufficient condition (hence not "synonymous"). Because security must be against the authors of the software too (not a theoretical threat given the back doors that have been discovered in many popular proprietary software programs). Even if we only consider third-party attacks, the so-called "security through obscurity" is a bad practice.

Taking every possible precaution is absolutely necessary.

No, it is not "absolutely necessary". The necessary precautions depend on your threat model.

But one should remember that this includes also going down to the lowest level

Do you have "your own network, completely isolated from the Internet" (as you wrote)? Of course not: it is not a practical solution. Yet, you use it to discard practical solutions that are sufficient for the vast majority of the users.

That does not mean better solutions, including security improvements at lower levels (e.g., works to evade management engines), should not be sought.

You can still live with that level of (in)security but if you don't get "tracked" it is because you are lucky, not because you are really safe. And lucky means - not specifically targeted. Once you become a target (which is not impossible) - good luck with your "free software recommendations".

Edward Snowden successfully exchanged emails with Laura Poitras and Glenn Greenwald (both specifically targeted) without raising flags at the NSA. Not merely because they were lucky but because they used GPG on top of Tails GNU/Linux.

Perfect security does not exist. We all agree. That does not mean security recommendations (including using free software) are useless, that, in the end, it is only luck if your were not caught. It is a perfect solution fallacy:

This means: a service provide who can proof that their systems are free from malware on firmware level (at least to the currently possible level) and for which there is a verifiable proof that their systems don't use any software whatsoever which may indirectly provide data to NSA.

You cannot know what the service provider runs or does. It is impossible to know that. It may lie. And it may *directly* provide data to the NSA, e.g., through the PRISM program. And you do not deserve the control of the servers you do not own.

Without that just a note on someone's site "we use only free ethical software" is just marketing through wishful thinking.

It makes no difference for the server's users. Nobody pretended the opposite here.

I have also shown specific video which shows that they do care about removing Intel ME.

That is good for Google. It makes no difference for the users of Google servers.

I also explained that switching the mail server doesn't really add any privacy as long as on the other side of the wire you are communicating with someone who is part of the PRISM or who uses a system with security issues explained above. These are all actual irrevocable facts.

So what? Users should keep on using GMail like you do? Doing so, your interlocutors who chose another provider, not part of the PRISM program, do not have privacy. Because of you. How is that good?

That is your problem - you believe in things, you don't look at facts. And you make conclusions about "logical manner" based on the illusions you believe in.

We look at facts. For instance, Snowden's story show that end-to-end encryption on a free software operating system provides, in practice, a pretty good privacy. You discard that fact through a conspiracy theory (Snowden would be "a deliberately created figure"), based on nothing.

Reply via email to