må. den 22. 02. 2016 klokka 03.58 (+0100) skreiv Ralf Mardorf:
On Sun, 21 Feb 2016 21:22:02 +0100, Stig Roar Wangberg wrote:I only encrypt to people I trust IF the message requires it.Here we face another issue. If you don't always encrypt messages, then a judge could assume that the encrypted email are related to a crime. In some countries, IIRC e.g. Great Britain, people can be forced by law to decrypt data, if they don't do it, they get arrested. In Germany we have a strong data protection, AFAIK you can't be forced to decrypt data. Btw. by accident I lost some unimportant keys, so I can't decrypt some unimportant data, but this could become an issue in countries, that are allowed to force you, to decrypt data. However, some nations even use torture. "IF the message requires it" is a strange statement. Actually all mail, perhaps excepted of postcards, are liable to inviolability of the mail. If you like to turn the spotlight on you, then encrypt just a few messages, so police and others know at least dates, when you might be involved in crimes or whatsoever they are interested in. IOW by decrypting messages that "require" decryption and at the same time not encrypting other messages, you already provide useful data to those who are interested in it. The content of the message might be unimportant to them, the only information they need is, that at a given date you corresponded by encrypted emails. Now you could argue, that in addition you're using anonymous mailing, mixminion or similar. Since TOR was mentioned I'll quote from the FAQs: "So I'm totally anonymous if I use Tor? No. [snip]" "What attacks remain against onion routing? As mentioned above, it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model. [snip] Furthermore, since Tor reuses circuits for multiple TCP connections, it is possible to associate non anonymous and anonymous traffic at a given exit node, so be careful about what applications you run concurrently over Tor. Perhaps even run separate Tor clients for these applications." - https://www.torproject.org/docs/faq.html.en IOW e.g. even if you run Ardour, a digital audio workstation that phones home and it phones home, while you are using TOR browser, a lot of the security provided by TOR could be null and void. Regards, Ralf
I know. Like Trump and the debate about Apple, universal back-doors, and the rest of Pentagon et al going on and on about that encryption equals crime. I'm in Scandinavia. And I hope we don't have to become an American state in the near future. Even though it's 10,000 American soldiers in my city right now, and just a base in the eyes of the Americans. If the USA insist on becoming the new 3rd Reich or the New Soviet Union, it will probably not last for long. It never does. It's sad if the USA works the way you describe, like China and other non-democratic countries. There are many reasons to encrypt, also for people in Scandinavia. There can be journalists, human right groups, gay people that needs help, Anonymous, and many people that are not criminal at all. You think I encrypt because I want to hide from my government? (It's a part of my education also, to know about this.) In Scandinavia there are many other groups to hide from with the knowledge to hack both computers, networks and emails. I don't want to live in a word where you're automatically suspicious because you use Tore or encrypt your messages. In most European countries we have still some privacy, and are protected by the law and our constitutions. And we never had a prime minister using our constitution as toilet paper. Yet. But this is why I like to engage in the free software movement, in the Tor Project, - not because I'm a criminal or have something to hide. And by the way. Everyone has something to hide. About our orientation, health (perhaps we don't want our boss to know), our partners (privat, business), and so on. It sounds like you 1. don't see the point of encryption, and 2. if you encrypt, encrypt everything. Or perhaps we all can just go back to Windows 10 and welcome universal back-doors and stop fighting for our rights to freedom, privacy and anonymity? I don't want the American paranoia to infect Europe. Even though it has to some point. To me this is about philosophy, democracy, what kind of society I want to live in. I don't like it when governmental agencies trys to forbid, hack and DDoS Protonmail. Recreantly someone hacked a version of Mint, making a back-door in it, linking to it on the Mint official site, Openmailbox was under heavy DDoS-attack yesterday. I'm not saying no to backdoors, DDoS-attakcs, governmental hacking, criminals etc. because I have something to hide.
Attachment:
signature.asc
Description: This is a digitally signed message part