[FORGED] Re: [FORGED] Re: UK To Ban Crypto In Devices, Email And More

Tomas Overdrive Petru tpetru at gmail.com
Mon Nov 9 13:51:20 PST 2015 


On 08.11.15 14:41, Joseph Gentle wrote:
> On Sun, Nov 8, 2015 at 7:45 PM, oshwm <oshwm at openmailbox.org> wrote:
>> On 08/11/15 08:40, Peter Gutmann wrote:
>>> oshwm <oshwm at openmailbox.org> writes:
>>>
>>>> Can GPG be easier to use, I think so, is it too difficult to use by ordinary
>>>> people - no, they're just too fucking lazy and lack motivation.
>>> ... and this is pretty much the poster child for why we have so much unusable
>>> crypto today.
>>>
>> Or, why we have such a fucking retarded human race with the attention
>> span of a knat who expect everything to be given to them on a plate.
>> People have to stop being lazy and start taking an interest and
>> responsibility for what goes on in the world around them - your point of
>> view re-inforces the dumbing down of the population and the increase in
>> power of the Government and big Corps.
> Even if thats all true, its still also true that nobody is using PGP.
> Its easier to make a slick UI than convince people to do work. Is it
> so much to ask that people who make software try to make life easy for
> their users?
>
> For all your talk of doing hard work oshwm, it looks like you only
> created that PGP key yesterday:
> $ gpg --list-packets signature.asc
> hashed subpkt 2 len 4 (sig created 2015-11-08) [...]
>
> And as far as I can tell it hasn't been signed by anyone. At least I
> think so - after 15 minutes fighting with gpg I still can't find your
> actual key and I ran out of care.
>
> ... Which leads me into my second point, which is that here in 2015
> PGP is a terrible technical solution. It doesn't encrypt metadata
> (which is a non-starter these days - who you communicate with is some
> of the *most* valuable personal data for the NSA). It also leaks
> information about who signed your key. That means either:
>
> - Your key gets signed by your friends, so now your friend network public
> or
> - Emails with PGP are provably from you, in a way that can be traced
> back to physically witnessed government ID.
>
> ... Or both! Personally I would rather the possibility of forgery than
> either of those outcomes.
>
> -J
Whata hell of news, that email is not and never ever been secure
communication method. Same as Moxie defined SMS as hell of unsecure
because of metadata.
We know that already no? Same way we know that Web Of Trust is huge leak
of trust and security.
But count with GPG/PGP on long run. It could be important now who are
you talking with but it could be possible that on long run will be
important what are you telling.
Fact is that statistical analysis is bitch and it is pretty hard to hide
all kind of metadata traces you are producing.
Minimalize damage use at least encryption on level of email content.
OTR over facebook chat or Google chat protocol or whatever will leak
same amount of metadata because you share willingly when you are online
sometimes contact or who are you talking with.
This sword have two edges - we want to communicate and mostly socialise
but we do not want to leak who do we make love during lunch break with,
right?
Paranoia is nice and expected thing here but lets think reasonably -
usability versus security.

Of course could be really nice idea to strip all metadata from our
communication on some practical level but lest admit that email will
never be worth that work and it was never ever designed like that.


Regards,
- Over




-- 
“Borders I have never seen one. But I have heard they exist in the minds of some people.”        
  ―     Thor Heyerdahl 


Telegram................... at over23
facebook...................facebook.com/overdrive23
projects...................https://brmlab.cz/user/overdrive
twitter....................https://twitter.com/#!/over2393
last.fm....................http://www.last.fm/user/overdrive23
GnuPG key FingerPrint......08EA E4DC EF85 0F02 9267 5B48 2E58 6902 C5F8 794C
Public key ................http://overdrive.dronezone.eu/overdrive.txt


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151109/11f935c6/attachment-0002.sig>

More information about the cypherpunks mailing list