[broadcast] Please collect proof and logs that our communications are altered in transit, so that hackers will resolve the situation
Please collect proof and logs that our communications are altered in transit, so that system administrators and programmers will resolve the situation. I've sent some messages to this list indicating alteration that are misleading. I often get confused. We need actual logs for the problem to be resolved. If you can, please reply to this email so that logs can be combined. Note: it is _highly_ abnormal for nobody to cryptographically sign their emails on a hacker list, but the humans have been hacked as well as the communication systems, so it's hard to know what's going on for sure.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 5, 2021 8:31 AM, Karl <gmkarl@gmail.com> wrote:
Please collect proof and logs that our communications are altered in transit, so that system administrators and programmers will resolve the situation.
Karl note that some integrity verification is provided by your email provider - gmail. for example, your email had the following headers: -----begin-cut----- Received-Spf: Pass (mailfrom) identity=mailfrom; client-ip=209.85.167.51; helo=mail-lf1-f51.google.com; envelope-from=gmkarl@gmail.com; receiver=<UNKNOWN> Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=wuoW8fe3vleDWwRQdkOEzpCdCDRHbCjOlyvrrheNPIk=; b=tEQQyf82sNOpmHV/yW8AMr06zqXLFizOSh2r5Dle2RELW90TWFBCTAl2sMQz0pbiZ/ 2STegzVtFCOCKGfYgJivwIx5OgJd5LssfUB3gYQyrm0yKdzRG+eEnzckdUoBiWQuX0qM o+IKpYhJtwY4Ft+h0TDfqQH64m3p+4pVTpyjfnfGwA3vC+8ckcRs1qz3SosggBdBV31m d01C0vZPrWNdCaj98sCZOI5H5vk6xWcbFllCVELN1/bqFZvbbeDmLoS/898U7Fzxa1Dk aEYQ+ESRKa2YCo/j7VUjlWSFKPSvrVht+rd6I4aB+FMYVKAGhnBDu1Mo22clwUXXRVVH 71Fg== X-Google-Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=wuoW8fe3vleDWwRQdkOEzpCdCDRHbCjOlyvrrheNPIk=; b=rAezP2YENrtDiDhih8jG0sJ8GtJ1TTGqy4zOx2kaIeKX9Bxw8aPQf0bOi4zV22FkaR wpA0fGczxaBWhsHt2kwREQZvironbUbEBHHaISLt5cIJJag8Ctv7lo2vCqS0Y/RTR4Y0 MNQTdv+hSoomip+qV/uRTjM+60bf7p9GkZGQ/X7mHTDoeFyQLAgRy6tDUtPPTfO8aXJy lJimTfTVotu2uIK/DMdjizAJ8LKwsgJqQsE0YjMx7DXfGk+47wabRpk1fhttG/etofoF QOeaBgU38eWY569VULr28U4r/Lvogax4Aof0QHnIleqfS8QVJxC21jOUzYHIbhvJRgWK Ppvw== X-Gm-Message-State: AOAM533p9tfSdPSJcMEEawNcXZSVox4HkcujRWhaudXIPyql1b3iP6u2 MO8+loN7/h1vAImuQPlxzAIOwe8zTiefQKBBENOL1EaG X-Google-Smtp-Source: ABdhPJwQX0Ukd0XXGKcgETkuW2Aiixrl5UL5zP2qz6FkJL0yU8RtrY9xYw5MRclvwFHQPQ8MhbFUDR8txC6ImNFwRWA= X-Received: by 2002:a2e:9797:: with SMTP id y23mr39133887lji.358.1609835488129; Tue, 05 Jan 2021 00:31:28 -0800 (PST) From: Karl <gmkarl@gmail.com> Date: Tue, 5 Jan 2021 03:31:27 -0500 Message-Id: <CALL-=e6+_c3N4LnHkybCEbm4bwXbcufpaVdyV3i=9XjyZJX=7w@mail.gmail.com> -----end-cut----- the DKIM signatures in particular allow anyone to verify that your email was sent from Google, and is indeed intact. for more information, see this detailed explanation of all the gmail headers your emails contain, including the integrity and authentication functions. https://emailheaders.net/gmail.html note that this is indeed separate from other authentication mechanisms like PGP/GPG signatures. best regards,
Hey coderman, [i'm having a psychotic break right now, but this topic is pretty important] Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive. We need to discuss that continuously so that people do something about it. On 1/6/21, coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 5, 2021 8:31 AM, Karl <gmkarl@gmail.com> wrote:
Please collect proof and logs that our communications are altered in transit, so that system administrators and programmers will resolve the situation.
Karl note that some integrity verification is provided by your email provider - gmail.
for example, your email had the following headers:
-----begin-cut-----
<snip: email headers. The machine text is too dense for me to understand the content.>
the DKIM signatures in particular allow anyone to verify that your email was sent from Google, and is indeed intact.
Gmail often shows me incorrect e-mails. For example, here's an attached e-mail that is going very strangely. I sent this e-mail during my current psychotic break, but earlier on. Here's what makes this email weird: - I sent it in reply to a thread. Unlike other e-mails in that thread, gmail shows it in its own separate thread. - Usually when I save an e-mail, the server gives its subject as its filename. This one gets the phrase "original_msg" as its filename. - This email was strangely flagged as containing a virus by its recipient, even though I sent them other emails also written in gmails html web interface, which weren't. I don't expect any information on this stuff is in the headers, but here it is attached in case something is.
for more information, see this detailed explanation of all the gmail headers your emails contain, including the integrity and authentication functions.
Well, coderman, I don't know why you are claiming that cryptographic behavior involving keys not held by either the sender or recipient would secure e-mails, on this list. Were you coerced to say this? This reminds of when I complained to redhat that they weren't offering cryptographic signatures of their install images. They tried to claim that server SSL certificates were sufficient. I sent them a link to a recent news report regard a major SSL certificate authority compromise, and explained how a single certificate authority compromise could be used to produce a man-in-the-middle attack on all SSL connections. They escalated my ticket and proceeded to ignore it for a year. I did not renew my subscription, but I see that other distribution vendors are also removing their image signatures.
https://emailheaders.net/gmail.html
note that this is indeed separate from other authentication mechanisms like PGP/GPG signatures.
It sounds like you're scared to support this concern, and don't want to make me more scared. What's relevant is that the problem is ongoing and undiscussed.
best regards,
coderman used to sign their e-mails with a pgp signature, and no longer does. This is not being discussed, and is clear indication that our communications are compromised. If people are having trouble using email signatures, it is for a reason. These people are very experienced with pgp.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, January 7, 2021 11:50 AM, Karl <gmkarl@gmail.com> wrote: ...
Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive. We need to discuss that continuously so that people do something about it.
there is a study, "Why Johnny Can't Encrypt" - https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/... this outlines a number of usability failures in email encryption using PGP/GPG tools. sure, things are a little better now. but core deficiencies remain. for this reason, i have avoided email encryption for years now, preferring end-to-end encrypted messaging systems instead. these have better idioms around privacy, and are more intuitive for less technical users. if you used a protonmail account, we would have an additional layer of authentication and privacy between us, however :) best regards,
hey coderman, On 1/8/21, coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, January 7, 2021 11:50 AM, Karl <gmkarl@gmail.com> wrote:
...
Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive. We need to discuss that continuously so that people do something about it.
there is a study, "Why Johnny Can't Encrypt" - https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/...
this outlines a number of usability failures in email encryption using PGP/GPG tools.
it seems to me the reason johnny can't encrypt is not because the pgp protocol has a problem strongly related to that, but rather because the devs working on encryption software are struggling to do so effectively. any thoughts? it's notable that pgp encourages end-to-end encryption and protonmail does not, no?
sure, things are a little better now. but core deficiencies remain. for this reason, i have avoided email encryption for years now, preferring end-to-end encrypted messaging systems instead.
did you make a signed post when you stopped using PGP, so that people would know you hadn't been coerced or manipulated to do so, or replaced by an impostor or a gpt-in-the-middle?
these have better idioms around privacy, and are more intuitive for less technical users.
true
if you used a protonmail account, we would have an additional layer of authentication and privacy between us, however :)
(it's really hard for me to stay on protonmail, with my amnesia and budgeting issues combined with their deletion of inactive accounts ... isn't protonmail vulnerable to everything hushmail was? i've now registered gmkarl@protonmail.com but i'm hesitant to use it because i don't want to lose my mail history when my account expires ... i'll think on that. must be a solution.)
best regards,
On Fri, 8 Jan 2021 15:01:05 -0500 Karl <gmkarl@gmail.com> wrote:
Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive.
there's a name for that and it's 'non sequitur'. Not using gpg doesn't necessarily mean stuff is being intercepted. If un-signed messages is all the proof you have, then you have no proof. If you have other actual evidence, please post it.
i've now registered gmkarl@protonmail.com but i'm hesitant to use it because i don't want to lose my mail history when my account expires ...
dude, the most obvious and correct way to use email is through a 'normal' MUA so you store all the data yourself, MUAs which by the way protonmail don't support. Because protonmail is a piece of shit, set up by a bunch of US subjects who inspire little confidence. Also switzerland is hardly different from the US as far as so called 'laws' go.
On 1/8/21, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Fri, 8 Jan 2021 15:01:05 -0500 Karl <gmkarl@gmail.com> wrote:
Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive.
there's a name for that and it's 'non sequitur'. Not using gpg doesn't necessarily mean stuff is being intercepted. If un-signed messages is all the proof you have, then you have no proof.
Get a signed message of yours to this inbox and I'll counter your bogus points.
If you have other actual evidence, please post it.
The only people who benefit from stopping message signatures are those who change them. But, obviously, my message was a _request_ and _reminder_ for people to collect and share evidence.
i've now registered gmkarl@protonmail.com but i'm hesitant to use it because i don't want to lose my mail history when my account expires ...
dude, the most obvious and correct way to use email is through a 'normal' MUA so you store all the data yourself, MUAs which by the way protonmail don't support. Because protonmail is a piece of shit, set up by a bunch of US subjects who inspire little confidence. Also switzerland is hardly different from the US as far as so called 'laws' go.
Thank you for saying so incredibly indirectly that we need to run our own mail servers, and are not doing this.
On Fri, 8 Jan 2021 16:03:21 -0500 Karl <gmkarl@gmail.com> wrote:
On 1/8/21, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Fri, 8 Jan 2021 15:01:05 -0500 Karl <gmkarl@gmail.com> wrote:
Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive.
there's a name for that and it's 'non sequitur'. Not using gpg doesn't necessarily mean stuff is being intercepted. If un-signed messages is all the proof you have, then you have no proof.
Get a signed message of yours to this inbox and I'll counter your bogus points.
I didn't make any bogus points, and as expected you have no proof for your claims. Last but not least your own messages are not signed.
If you have other actual evidence, please post it.
The only people who benefit from stopping message signatures are those who change them. But, obviously, my message was a _request_ and _reminder_ for people to collect and share evidence.
i've now registered gmkarl@protonmail.com but i'm hesitant to use it because i don't want to lose my mail history when my account expires ...
dude, the most obvious and correct way to use email is through a 'normal' MUA so you store all the data yourself, MUAs which by the way protonmail don't support. Because protonmail is a piece of shit, set up by a bunch of US subjects who inspire little confidence. Also switzerland is hardly different from the US as far as so called 'laws' go.
Thank you for saying so incredibly indirectly that we need to run our own mail servers, and are not doing this.
you have to at least run your own MAIL CLIENT.
don't want to lose my mail history when my account expires
so keep a copy of your sent/received messages in your computer, not in jewmail's servers, protonmail's servers etc.
On 1/8/21, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Fri, 8 Jan 2021 16:03:21 -0500 Karl <gmkarl@gmail.com> wrote:
On 1/8/21, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Fri, 8 Jan 2021 15:01:05 -0500 Karl <gmkarl@gmail.com> wrote:
Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive.
there's a name for that and it's 'non sequitur'. Not using gpg doesn't necessarily mean stuff is being intercepted. If un-signed messages is all the proof you have, then you have no proof.
Get a signed message of yours to this inbox and I'll counter your bogus points.
I didn't make any bogus points, and as expected you have no proof for your claims. Last but not least your own messages are not signed.
can you talk nicer? I'd sign my messages if I could.
If you have other actual evidence, please post it.
The only people who benefit from stopping message signatures are those who change them. But, obviously, my message was a _request_ and _reminder_ for people to collect and share evidence.
i've now registered gmkarl@protonmail.com but i'm hesitant to use it because i don't want to lose my mail history when my account expires ...
dude, the most obvious and correct way to use email is through a 'normal' MUA so you store all the data yourself, MUAs which by the way protonmail don't support. Because protonmail is a piece of shit, set up by a bunch of US subjects who inspire little confidence. Also switzerland is hardly different from the US as far as so called 'laws' go.
Thank you for saying so incredibly indirectly that we need to run our own mail servers, and are not doing this.
you have to at least run your own MAIL CLIENT.
don't want to lose my mail history when my account expires
so keep a copy of your sent/received messages in your computer, not in jewmail's servers, protonmail's servers etc.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, January 8, 2021 8:01 PM, Karl <gmkarl@gmail.com> wrote: ...
it's notable that pgp encourages end-to-end encryption and protonmail does not, no?
if we both use protonmail, then it is end-to-end encrypted. (but you're running "code" from protonmail - a trusted third party.) there is a good explanation of their benefits (vs. gmail, etc.) here: https://protonmail.com/security-details note that running your own mail server removes a trusted third party! (but running your own mail servers sucks for many other reasons...)
did you make a signed post when you stopped using PGP, so that people would know you hadn't been coerced or manipulated to do so, or replaced by an impostor or a gpt-in-the-middle?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 hey Karl, email encryption still sucks :) best regards, -----BEGIN PGP SIGNATURE----- iNUEAREKAH0WIQSug7JItF9+Ek5e5vZQzZ94LsSMswUCX/jbC18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0QUU4 M0IyNDhCNDVGN0UxMjRFNUVFNkY2NTBDRDlGNzgyRUM0OENCMwAKCRBQzZ94LsSM s632AP99aH2NESOcnjQ6sEN87hMXLwBlFVMzxvZCdyhPBxi17gD+J0oh3eG7HcKt uKiNloa9pfwqMFzcYhNHzC/dkIFT8tc= =cLPa -----END PGP SIGNATURE----- bonus points for finding that key *grin*
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 here's another, but email encryption still sucks Karl :) -----BEGIN PGP SIGNATURE----- iNUEAREKAH0WIQRBwSuMMH1+IZiqV4FlqEfnwrk4DAUCX/jgNF8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NDFD MTJCOEMzMDdEN0UyMTk4QUE1NzgxNjVBODQ3RTdDMkI5MzgwQwAKCRBlqEfnwrk4 DCNHAPwMhJqjXXEL4l5VFhLol7qoACixtl0d9CSxC+Qy6L706QD/cb6MXK2SRjea kHRXWx75fCQ7twaUhoK7H47yu6HW/bY= =KbQX -----END PGP SIGNATURE-----
On 1/8/21, coderman <coderman@protonmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
here's another, but email encryption still sucks Karl :) <crucial pgp signature snipped>
we might be able to hit encryption a little by calling out how all our channels are obviously being sniffed, monitored, analysed.
On 1/8/21, coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, January 8, 2021 8:01 PM, Karl <gmkarl@gmail.com> wrote: ...
it's notable that pgp encourages end-to-end encryption and protonmail does not, no?
if we both use protonmail, then it is end-to-end encrypted. (but you're running "code" from protonmail - a trusted third party.)
there is a good explanation of their benefits (vs. gmail, etc.) here: https://protonmail.com/security-details
note that running your own mail server removes a trusted third party!
(but running your own mail servers sucks for many other reasons...)
did you make a signed post when you stopped using PGP, so that people would know you hadn't been coerced or manipulated to do so, or replaced by an impostor or a gpt-in-the-middle?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
hey Karl, email encryption still sucks :)
best regards, -----BEGIN PGP SIGNATURE-----
iNUEAREKAH0WIQSug7JItF9+Ek5e5vZQzZ94LsSMswUCX/jbC18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0QUU4 M0IyNDhCNDVGN0UxMjRFNUVFNkY2NTBDRDlGNzgyRUM0OENCMwAKCRBQzZ94LsSM s632AP99aH2NESOcnjQ6sEN87hMXLwBlFVMzxvZCdyhPBxi17gD+J0oh3eG7HcKt uKiNloa9pfwqMFzcYhNHzC/dkIFT8tc= =cLPa -----END PGP SIGNATURE-----
coderman and I were forced to aid government surveillance. we were also forced to cover this up. coderman is not able to talk about this safely.
bonus points for finding that key *grin*
participants (4)
-
coderman -
Greg Newby -
Karl -
Punk-BatSoup-Stasi 2.0