Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security



On Mon, Aug 05, 2013 at 02:49:32PM -0400, Richard Pieri wrote:
> Kent Borg wrote:
> >Requiring them to take active measures in advance of the communication
> >(MitM attacks) or even afterwards (human intervention) harms their
> >economics *enormously*.  Orders of magnitude.
> 
> What harm? The NSA has an effectively unlimited budget. The only
> real cost is time and that's short-circuited by knowing precisely
> where the weaknesses are in commercial-grade ciphers like RSA and
> AES.

If your enemy is the NSA and you are not a crime syndicate with the
deep pockets and motivation to fight them (and even then, maybe), you
loose.  But then, most of us aren't even on the NSA's radar.  It's
much more likely your foe is some Russian kid trying to steal your
credit cards (for example, not to pick on Russians in particular).

[Don't get me wrong, I'm deeply disturbed by the level of surveillance
perpetrated by law enforcement and intelligence agencies in this
country.  But in practice I'm quite sure I have not ever nor will I
ever give them any reason to care about me... And at such time as the
political climate changes to make that more likely, I will move to a
country that's more free, like China or Russia. =8^) ]

Of course, the banks are clueless about application security, so even
the crypto they use is useless; your data is not attacked in transit,
it's collected wholesale after the fact right out of the database.

> >Let's make it harder.  Yes, a web of trusted certificates is hard to
> >make air tight.  

Not harder than a blanket of untrusted certificates...  A security
blanket, if you will. ;-)

> Okay, don't insist it be air tight.  If end-to-end
> >encryption started to became common, even on a hodge-podge of
> >self-signed certificates, the howls of protest from the spies would
> >become deafening: because it would make their task much, much harder.
> 
> Y'know... this was me 25 years ago. I was dismissed as a crackpot.

This was a lot of us 25 years ago.  Or 15, or 10, at least.   But it's
still just techies talking.  You can't get "normals" to care about
this, because it's hard.  They don't understand how it works, and they
can't comprehend any of the risks, so they can't imagine why they
should care.  It's someone else's problem.  And these days, with
changes to banking regulations and practices, to a large extent, it
really is someone else's problem.  

Unless you're a terrorist, or know someone who might be.

Fortunately I'm not in that category... so it really isn't worth my
while.  I tried to get people to use encryption when they sent me
stuff, but I couldn't get anyone but eccentric nerds like me to do it.
But the banks have begun taking responsibility for fraud and identity
theft (as they should, it's entirely their fault it's so easy),
they've all put my financial information in their on-line databases
despite the fact that I never enrolled in on-line banking (or
whatever), and I don't use electronic communications for making plans
(so attackers can't, say, find out where I'm going to be this Saturday
night by reading my e-mail).  So what's the point?  There aren't
enough people who understand, never mind care, and I no longer have the
energy to preach, even to the choir, so I give up and give in.

Which is of course what "they" want... =8^)

And while I love the notion of individual liberties -- and I really
hesitate to say this -- we may need to face the possibility that
high-tech villains eventually make it virutally impossible for us to
ever enjoy those again.  And such villains aren't always obvious, or
even intentionally evil.  Most of you currently PAY to have a variety
of corporations spy on you.  Google and Facebook probably know more
about you than your own mother does... possibly even if you don't use
them yourself, if enough people you know do.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org