Are you using, or do you plan on using, PGP, TrueCrypt, a VPN, Tor ?
2 Likes
Iâve got GPGMail on mac for a while now, however thereâs almost no one with the corresponding software to communicate with.
Not sure if we should frame this in terms of technological solutions.
First, the problem is on two ends. If Alice wants to communicate privately with Bob, it doesnât make sense for Alice to implement a privacy solution if Bob doesnât.
Second, itâs hard, and a lot of people are going to get it wrong. Somebody might say âI use SSL,â and then you ask them which cipher suite? does the server accept SSL v2? do you implement PFS? and you get blank stares.
Third, itâs hard to implement a defense when you donât know the capabilities of the attacker: if the attacker can just generate whatever cert for whatever site they want, SSL is useless, we donât need to debate cipher suites anymore 
The solution is ultimately a political and legal one. That does not sit well with those of us who are more comfortable with technological solutions to problems :wink2: but the fact is, the 4th Amendment already exists, people just need to obey it. The government does NOT have the power to scoop up everyoneâs communications. Theyâve only been getting away with it because it has been done in secret.
In this case, the steps to protect your privacy online should be donating to and supporting groups such as the EFF and the ACLU. They have lawsuits pending. When this dragnet of innocent people stops, it will be because a court waves the Constitution in the NSAâs face⌠not because we found the right app, protocol, or cipher.
7 Likes
Very well said, Snugglebites. I agree. I have taken some steps, but describing them in an open forum would just give the spooks more data, no?
This is the exact reason Iâve done nothing. I am not technologically literate enough to work any solution without a high chance of failure. Plus, on a fundamental level, I would prefer we change the political landscape where this is unacceptable in the first place.
3 Likes
Thanks. Well, I donât want to add to the already legitimate levels of paranoia people have about this stuff, so if people want to chime in with specifics, thatâs fine. But youâre right, itâs good to be concerned about this kind of information disclosure.
Itâs little like asking âWhat steps, if any, have you taken to protect your money, since the financial scandal?â You probably donât want to reply, âWell here in my penthouse apartment in Lower Manhattan, I keep all my cash in a shoe box under the bed, and the shoe box is labeled âBaseball Cards.ââ
In that case, itâs not the government you should be concerned about taking advantage of that info.
Well, they have the power, just no right.
You are very correct either way.
My approach consists of continuing to be irrelevant.
1 Like
this continues to be my default plan of defense.
4 Likes
I send all my sensitive stuff, terrorism plans, assassination details, and so on, by First Class Mail â˘âŚ Then I just use the email to say, âGranny is fine,â which is code for âExecute the Evil Plot!â
3 Likes
A âHow To (for Non-techheads)â on this subject would be a great topic for BB.
My country, a small Western democracy, has recently been exposed as having perpetrated regular illegal spying on its citizens over the past decade, and the govt. is currently in the process of legalising all that and more.
I currently feel quite uncomfortable about criticising our govt. online because there are so few who do, and I am concerned that I would be profiled.
Security through obscurity is bullshit, we know that. Even then, why announce what countermeasures youâve taken? Itâs like saying on a forum (and Iâve seen this before), I use lock brand X or alarm brand Y. Your lock may stop them, but itâs one less step for the âbadiesâ to get in. I donât brag about what video surveillance or network security systems we use at my job, so why should you about your shit? In some countries just the admission of using some of these tools is enough to be investigated or jailed. Be careful what you say folks!
Well, except if you have a solution that needs to be vetted, from a crypto standpoint for instance. Or if your idea only works if a lot of people do it, such as âuse tor for pirating tv showsâ, that way people using it for protection against oppresive regimes are hidden in the crowd.
Iâve done the same as Iâve been doing for the last 20+ years: pretty much nothing. I helped build some commercial Internet in the early 90s and learned from the start that there really is no expectation of privacy at all unless you trust the entire environment end to end and Iâve never had the resources to get that assurance.
I understand the level of file/message/channel crypto I can accomplish and roughly how long it will last and I understand the difficulty of protecting the physical layer of the network and the various devices on the communications channel as well as the difficulty of dealing with the hosts in between me and my recipient.
My plan for keeping secrets is not to expose them in the first place.
This topic was automatically closed after 1329 days. New replies are no longer allowed.
