Hey coderman, [i'm having a psychotic break right now, but this topic is pretty important] Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive. We need to discuss that continuously so that people do something about it. On 1/6/21, coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 5, 2021 8:31 AM, Karl <gmkarl@gmail.com> wrote:
Please collect proof and logs that our communications are altered in transit, so that system administrators and programmers will resolve the situation.
Karl note that some integrity verification is provided by your email provider - gmail.
for example, your email had the following headers:
-----begin-cut-----
<snip: email headers. The machine text is too dense for me to understand the content.>
the DKIM signatures in particular allow anyone to verify that your email was sent from Google, and is indeed intact.
Gmail often shows me incorrect e-mails. For example, here's an attached e-mail that is going very strangely. I sent this e-mail during my current psychotic break, but earlier on. Here's what makes this email weird: - I sent it in reply to a thread. Unlike other e-mails in that thread, gmail shows it in its own separate thread. - Usually when I save an e-mail, the server gives its subject as its filename. This one gets the phrase "original_msg" as its filename. - This email was strangely flagged as containing a virus by its recipient, even though I sent them other emails also written in gmails html web interface, which weren't. I don't expect any information on this stuff is in the headers, but here it is attached in case something is.
for more information, see this detailed explanation of all the gmail headers your emails contain, including the integrity and authentication functions.
Well, coderman, I don't know why you are claiming that cryptographic behavior involving keys not held by either the sender or recipient would secure e-mails, on this list. Were you coerced to say this? This reminds of when I complained to redhat that they weren't offering cryptographic signatures of their install images. They tried to claim that server SSL certificates were sufficient. I sent them a link to a recent news report regard a major SSL certificate authority compromise, and explained how a single certificate authority compromise could be used to produce a man-in-the-middle attack on all SSL connections. They escalated my ticket and proceeded to ignore it for a year. I did not renew my subscription, but I see that other distribution vendors are also removing their image signatures.
https://emailheaders.net/gmail.html
note that this is indeed separate from other authentication mechanisms like PGP/GPG signatures.
It sounds like you're scared to support this concern, and don't want to make me more scared. What's relevant is that the problem is ongoing and undiscussed.
best regards,
coderman used to sign their e-mails with a pgp signature, and no longer does. This is not being discussed, and is clear indication that our communications are compromised. If people are having trouble using email signatures, it is for a reason. These people are very experienced with pgp.