Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Running a mail server, or not



One point that often gets overlooked in discussions of cryptography is that
if you only encrypt the few things that must be kept secret, you make it a
lot easier for nefarious miscreants to focus their efforts on your secrets.
Whereas if you routinely encrypt everything, then those miscreants have to
work a hell of a lot harder decrypting a lot of worthless crap in hopes of
eventually uncovering your secrets.



On Sun, Jun 24, 2018 at 1:20 PM, Bill Horne <bill at horne.net> wrote:

> On 6/23/2018 11:35 PM, Derek Martin wrote:
>
>> On Wed, Jun 20, 2018 at 04:26:14AM -0400, David Kramer wrote:
>>
>>> My main motivations for running my own mail server is that I rely
>>> heavily on procmail rules to deliver mail to the right folders, and
>>> I am also not crazy about third parties scanning and storing all my
>>> mail, though that's negotiable.
>>>
>> I'm in pretty much this situation, but I've kind of given up on the
>> idea that no one should be able to read my e-mail.  The fact is your
>> e-mail is already being consumed by the great government surveillance
>> machine regardless, since both incoming and outgoing mail has to
>> traverse multiple ISP backbones (excepting perhaps the case where all
>> your recipients are on your own server), and only crazy people like me
>> were ever willing to put up with the hastle of encrypting all their
>> mail, so... it's a total loss, pretty much.
>>
>
> No matter how effective the NSA and the deep state and the man behind the
> curtain and J. Edgar's ghosts have been at weakening encryption algorithms,
> it's still a good idea to use end-to-end encryption on any emails that you
> want to keep private. In the first place, most of the people you want to
> prevent reading you emails don't have access to any decryption capability,
> and in the second, even law-enforcement agencies will be forced to get a a
> warrant (admittedly an easy task) or poison any evidence they gather. Even
> if you assume that the AES standard has custom-made holes in it for the use
> of government(s), the "equities" issue is as good a defense as any lawyer:
> if Uncle Sam introduces decrypted messages as evidence in a trial, then it
> has ipso facto admitted that it _can_ decrypt them, and thus will have
> compromised an invaluable source of information and offended some campaign
> contributors who would like that not to be true.
>
> No matter what, end-to-end encryption buys you time: you can't prevent the
> powers-that-be from obtaining envelope data, but there are ways around that
> problem, too.
>
> Bill
>
> --
> Bill Horne
>
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org