 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 6/11/2013 9:03 AM, Will Rico wrote: > On Sun, Jun 9, 2013 at 4:10 PM, Bill Horne <bill at horne.net> wrote: >> If you are concerned about preventing a stranger from reading your email, >> you can purchase or create a digital certificate that makes it much less >> likely, no matter what path the bits take on their way from your email >> client to someone else's email client. That is what "SSL' is for. > As I understand, this assumes you control the email server. If you > rely on Google (as I do at the moment), it appears (as per PRISM) that > there are backdoors for the government, et. al. to read your email. > PGP would prevent this, but you would need cooperation from the people > you email with. Meta data (who is emailing who) would still be in the > open. You're right: PGP or GPG or SSL would prevent the government from *reading* your email, but the meta-data would still be available. The type of encryption that protects your email from being *read* is still subject to traffic intelligence efforts, which will tell Uncle Sam that a given email /existed/, and /who/ sent it, but not what it /said/. Here's the problem: keeping Uncle Sam from reading your email (which AFAIK /is/ possible) is different than preventing Uncle Sam from seeing the information which makes him /want/ to. News reports claim that PRISM had direct access to the email servers of some major players, although that has yet to be proven, but it's possible to gather meta-data at multiple points in the chain of switches, servers, backbones, ISPs, and websites that are between you and whomever is sending you an email. When we discuss traffic intelligence, I'll ask you to think of PRISM as a mailman writing down the return addresses of all the mail (s)he puts in your mailbox, and sending the list to the CIA. If that happened, then the CIA would know who had sent you a letter, but not what was inside the envelope. Of course, if the person who sent a letter wrote down a false return address, then the CIA has a bad data point in its database: that's a different issue. If you want to prevent PRISM from collecting traffic intelligence, then you'll need an email delivery system which keeps meta-data private. Groupware such as W.A.S.T.E. can do that, but only for a subset of your email that comes from people whom are willing to participate in a W.A.S.T.E. (or equivalent) system, and the fact that you have access to an "off the books" communications channel is, in itself, another data point for any of the various cops in the various woodpiles. Very few people are willing to anticipate a chain of events that leads to Uncle Sam trying to discredit /them/, or to put /them/ in prison. After all, most ordinary people have little to fear from the government, right? Bill
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
