no encryption even worse? (Re: Groklaw shuts down)

Adam Back adam at cypherspace.org
Tue Aug 20 22:52:25 PDT 2013


Yes but my point was they didnt have to throw out the baby with the
bathwater; silent circles email I think was basically two products combined:

1. end2end secure, store-and-forward encryption between silent circle users;

2. server-side encryption of opportunistically SSL encrypted (potentially
unencrypted) incoming emails + presumably unencrypted outgoing emails.

Why not keep 1?  They obviously have the technology for it because they have
retained encrypted SMS-like functionality which is the same key management
and information flow.

Not forgetting there is a 3rd "product" which is the defacto which is normal
email:

3. opportunistically encrypted (SSL) email

(as well as SMIME (dont trust due to CA malfeasance) or self-managed PGP/GPG
which for some reason people find difficult).

and users who lose 1 & 2 due to the no-notice product end-of-life will
probably just switch to 3 as an alternative to stopping communicating.  

Even catching a flight with a USB drive apparently is risky via UK re the
curiously named David Miranda (Miranda rights eh) seems they demanded
decryption keys.  Seems like people who are couriering data ought to encrypt
it with the recipients public key before travel.

Adam

On Tue, Aug 20, 2013 at 06:03:39PM -0700, Rich Jones wrote:
>   I think the point that they're making is that one communicates
>   differently when one knows the line is tapped. Better self censorship
>   than blabbering with delusions of security. This isn't a philosophy
>   which I personally agree with, but I believe this was their intention.
>
>   On Tue, Aug 20, 2013 at 5:51 PM, Adam Back <[1]adam at cypherspace.org>
>   wrote:
>
>     On Tue, Aug 20, 2013 at 12:32:00PM -0400, John Young wrote:
>
>     Bluntly, anybody who peddles security is a cheat.
>     Those withdraw it are worse.
>
>     I was thinking something like that about the silent circle shutdown.
>      It
>     seems to me their problem case was the mail in (they would be
>     encrypting
>     that to the user PGP key or equivalent, after sender optional use of
>     SSL to
>     deliver it to them).  So would not a more sensible change be to
>     disable
>     mail in?  So then only silent circle users could encrypt messages to
>     each
>     other.  Even that would add pressure to other users to also get a
>     silent
>     circle account and so be a business advantage.
>     Puzzlingly spun "to protect our users privacy we removed their
>     encryption
>     feature" - so they'll probably send it plaintext instead, great.
>     Adam
>
>   --
>   Rich Jones
>   OpenWatch is a global investigative network using mobile technology to
>   build a more transparent world. Download OpenWatch [2]for iOS and
>   [3]for Android!
>
>References
>
>   1. mailto:adam at cypherspace.org
>   2. https://itunes.apple.com/us/app/openwatch-social-muckraking/id642680756?ls=1&mt=8
>   3. https://play.google.com/store/apps/details?id=org.ale.openwatch&hl=en



More information about the cypherpunks mailing list