Are you using, or do you plan on using, PGP, TrueCrypt, a VPN, Tor ?
I've got GPGMail on mac for a while now, however there's almost no one with the corresponding software to communicate with.
Not sure if we should frame this in terms of technological solutions.
First, the problem is on two ends. If Alice wants to communicate privately with Bob, it doesn't make sense for Alice to implement a privacy solution if Bob doesn't.
Second, it's hard, and a lot of people are going to get it wrong. Somebody might say "I use SSL," and then you ask them which cipher suite? does the server accept SSL v2? do you implement PFS? and you get blank stares.
Third, it's hard to implement a defense when you don't know the capabilities of the attacker: if the attacker can just generate whatever cert for whatever site they want, SSL is useless, we don't need to debate cipher suites anymore
The solution is ultimately a political and legal one. That does not sit well with those of us who are more comfortable with technological solutions to problems :wink2: but the fact is, the 4th Amendment already exists, people just need to obey it. The government does NOT have the power to scoop up everyone's communications. They've only been getting away with it because it has been done in secret.
In this case, the steps to protect your privacy online should be donating to and supporting groups such as the EFF and the ACLU. They have lawsuits pending. When this dragnet of innocent people stops, it will be because a court waves the Constitution in the NSA's face... not because we found the right app, protocol, or cipher.
Very well said, Snugglebites. I agree. I have taken some steps, but describing them in an open forum would just give the spooks more data, no?
This is the exact reason I've done nothing. I am not technologically literate enough to work any solution without a high chance of failure. Plus, on a fundamental level, I would prefer we change the political landscape where this is unacceptable in the first place.
Thanks. Well, I don't want to add to the already legitimate levels of paranoia people have about this stuff, so if people want to chime in with specifics, that's fine. But you're right, it's good to be concerned about this kind of information disclosure.
It's little like asking "What steps, if any, have you taken to protect your money, since the financial scandal?" You probably don't want to reply, "Well here in my penthouse apartment in Lower Manhattan, I keep all my cash in a shoe box under the bed, and the shoe box is labeled 'Baseball Cards.'"
In that case, it's not the government you should be concerned about taking advantage of that info.
Well, they have the power, just no right.
You are very correct either way.
My approach consists of continuing to be irrelevant.
this continues to be my default plan of defense.
I send all my sensitive stuff, terrorism plans, assassination details, and so on, by First Class Mail (tm).. Then I just use the email to say, "Granny is fine," which is code for "Execute the Evil Plot!"
A 'How To (for Non-techheads)' on this subject would be a great topic for BB.
My country, a small Western democracy, has recently been exposed as having perpetrated regular illegal spying on its citizens over the past decade, and the govt. is currently in the process of legalising all that and more.
I currently feel quite uncomfortable about criticising our govt. online because there are so few who do, and I am concerned that I would be profiled.
Security through obscurity is bullshit, we know that. Even then, why announce what countermeasures you've taken? It's like saying on a forum (and I've seen this before), I use lock brand X or alarm brand Y. Your lock may stop them, but it's one less step for the 'badies' to get in. I don't brag about what video surveillance or network security systems we use at my job, so why should you about your shit? In some countries just the admission of using some of these tools is enough to be investigated or jailed. Be careful what you say folks!
Well, except if you have a solution that needs to be vetted, from a crypto standpoint for instance. Or if your idea only works if a lot of people do it, such as "use tor for pirating tv shows", that way people using it for protection against oppresive regimes are hidden in the crowd.
I've done the same as I've been doing for the last 20+ years: pretty much nothing. I helped build some commercial Internet in the early 90s and learned from the start that there really is no expectation of privacy at all unless you trust the entire environment end to end and I've never had the resources to get that assurance.
I understand the level of file/message/channel crypto I can accomplish and roughly how long it will last and I understand the difficulty of protecting the physical layer of the network and the various devices on the communications channel as well as the difficulty of dealing with the hosts in between me and my recipient.
My plan for keeping secrets is not to expose them in the first place.
This topic was automatically closed after 1329 days. New replies are no longer allowed.