[Discuss] Running a mail server, or not

[jabr at blu.org (John Abreau)]

One point that often gets overlooked in discussions of cryptography is that
if you only encrypt the few things that must be kept secret, you make it a
lot easier for nefarious miscreants to focus their efforts on your secrets.
Whereas if you routinely encrypt everything, then those miscreants have to
work a hell of a lot harder decrypting a lot of worthless crap in hopes of
eventually uncovering your secrets.



On Sun, Jun 24, 2018 at 1:20 PM, Bill Horne <bill at horne.net> wrote:

> On 6/23/2018 11:35 PM, Derek Martin wrote:
>
>> On Wed, Jun 20, 2018 at 04:26:14AM -0400, David Kramer wrote:
>>
>>> My main motivations for running my own mail server is that I rely
>>> heavily on procmail rules to deliver mail to the right folders, and
>>> I am also not crazy about third parties scanning and storing all my
>>> mail, though that's negotiable.
>>>
>> I'm in pretty much this situation, but I've kind of given up on the
>> idea that no one should be able to read my e-mail.  The fact is your
>> e-mail is already being consumed by the great government surveillance
>> machine regardless, since both incoming and outgoing mail has to
>> traverse multiple ISP backbones (excepting perhaps the case where all
>> your recipients are on your own server), and only crazy people like me
>> were ever willing to put up with the hastle of encrypting all their
>> mail, so... it's a total loss, pretty much.
>>
>
> No matter how effective the NSA and the deep state and the man behind the
> curtain and J. Edgar's ghosts have been at weakening encryption algorithms,
> it's still a good idea to use end-to-end encryption on any emails that you
> want to keep private. In the first place, most of the people you want to
> prevent reading you emails don't have access to any decryption capability,
> and in the second, even law-enforcement agencies will be forced to get a a
> warrant (admittedly an easy task) or poison any evidence they gather. Even
> if you assume that the AES standard has custom-made holes in it for the use
> of government(s), the "equities" issue is as good a defense as any lawyer:
> if Uncle Sam introduces decrypted messages as evidence in a trial, then it
> has ipso facto admitted that it _can_ decrypt them, and thus will have
> compromised an invaluable source of information and offended some campaign
> contributors who would like that not to be true.
>
> No matter what, end-to-end encryption buys you time: you can't prevent the
> powers-that-be from obtaining envelope data, but there are ways around that
> problem, too.
>
> Bill
>
> --
> Bill Horne
>
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6