Comment: PGP keyed e-mails

(See in situ)


PGP keyed e-mails

You used to be able to send and decode e-mails using PGP, and it was revolutionary for its time, but even the guy who created it says that it is so annoying to de-crypt e-mails from people, he doesn't even use it anymore.

Tor is actively being targeted by the government, presumably to find out if terrorist cells and adversarial nations are using it to undermine the country. Even though the founder of TOR was invited to speak about the benefits of Tor to the NSA, he was alarmed that they were so forthright in being against it completely.

I also look at this way. It was the DOD that authorized 256-bit encryption for websites, so SSL is probably already broken. It took them awhile to authorize it, too.

There is little traffic that is not going through US servers. While Tormail may be the best right now, if speculation that it is being infiltrated is true, you may be monitored any way.

Sadly, it seems like a waste of time, until someone invents a new way to enforce anonymity through online communications. Because of botnet spam, most SMTP, POP3, and IMAP servers require some form of identification, when sending and receiving e-mail. This usually comes in the form of a proper reverse DNS lookup to make sure the IP address correlates with the mail server and e-mail address being used. This is why the collection of meta data is a ploy. That information can lead to directly uncovering your mail server IP and then snooping traffic straight off your own IP or that of the entire mail server.

Lavabit uses SSL keys and before Ladar Levison closed down the business, he was ordered to provide the government with the keys. Essentially this would allow the government to use the certificates as Lavabit. When you hear from a root certificate authority from Google or Microsoft being compromised, you may not know what it means, but this is a "big deal" in the IT world. Essentially it means that anyone can now potentially forge SSL with a top level root CA from Microsoft or Google. Fortunately, the system was designed for certificate authority servers to be able to redact the keys as quickly as possible.

There is no easy answer to this question. Assume all communications are monitored. Whether or not anyone is actually reading them is very unlikely, but they are no doubt being targeted for storage, indefinitely, in a massive waste of hard disk space, to say the least.

The type of surveillance going on now seems to be industrial espionage projects overseas and domestic. If you had this above-the-law power, without morals, what would you use it for? To blackmail Congress, perhaps? The president? His cabinet? How about insider trading? They probably don't need your information unless you're a major player.

The latest news I read about was that they are trying to translate all communications to text. This means phone conversations and conversations overheard through any of the Defense Intelligence Agency/NSA programs. They are probably doing it to be able to correlate a call with keywords and search on those keywords from a giant database.

Overall, I don't think we can turn it back. There was a massive smoke screen about the NSA when the MSM aired that Trayvon Martin/George Zimmerman trial non-stop. It was almost like they had to prove the justice system was still online to get people away from targeting NSA activities.

Don't trust everything you read in the news. Don't expect privacy online anymore. The defunding war should be about NSA appropriations and not the Affordable Healthcare Act, but we have a complicit Congress and President in that area. To me this shows the top leadership in both parties are simply using divide and conquer tactics against the American people.

There always has to be a domestic wedge issue, whether it is abortion, gay rights, or something else, to get people to stop paying attention to the real criminality going on. Don't get me wrong, those are real and serious issues, but they are entirely manipulated for political purposes and so is 9/11.