Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] TLD for Personal Use - Email

On 6/11/2013 9:03 AM, Will Rico wrote:
> On Sun, Jun 9, 2013 at 4:10 PM, Bill Horne <bill at> wrote:
>> If you are concerned about preventing  a stranger from reading your email,
>> you can purchase or create a digital certificate that makes it much less
>> likely, no matter what path the bits take on their way from your email
>> client to someone else's email client.  That is what "SSL' is for.
> As I understand, this assumes you control the email server.  If you
> rely on Google (as I do at the moment), it appears (as per PRISM) that
> there are backdoors for the government, et. al. to read your email.
> PGP would prevent this, but you would need cooperation from the people
> you email with.  Meta data (who is emailing who) would still be in the
> open.

You're right: PGP or GPG or SSL would prevent the government from 
*reading* your email, but the meta-data would still be available.

The type of encryption that protects your email from being *read* is 
still subject to traffic intelligence efforts, which will tell Uncle Sam 
that a given email /existed/, and /who/ sent it, but not what it /said/. 
Here's the problem: keeping Uncle Sam from reading your email (which 
AFAIK /is/ possible) is different than preventing Uncle Sam from seeing 
the information which makes him /want/ to. News reports claim that PRISM 
had direct access to the email servers of some major players, although 
that has yet to be proven, but it's possible to gather meta-data at 
multiple points in the chain of switches, servers, backbones, ISPs, and 
websites that are between you and whomever is sending you an email.

When we discuss traffic intelligence, I'll ask you to think of PRISM as 
a mailman writing down the return addresses of all the mail (s)he puts 
in your mailbox, and sending the list to the CIA. If that happened, then 
the CIA would know who had sent you a letter, but not what was inside 
the envelope. Of course, if the person who sent a letter wrote down a 
false return address, then the CIA has a bad data point in its database: 
that's a different issue.

If you want to prevent PRISM from collecting traffic intelligence, then 
you'll need an email delivery system which keeps meta-data private. 
Groupware such as W.A.S.T.E. can do that, but only for a subset of your 
email that comes from people whom are willing to participate in a 
W.A.S.T.E. (or equivalent) system, and the fact that you have access to 
an "off the books" communications channel is, in itself, another data 
point for any of the various cops in the various woodpiles.

Very few people are willing to anticipate a chain of events that leads 
to Uncle Sam trying to discredit /them/, or to put /them/ in prison. 
After all, most ordinary people have little to fear from the government, 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /