Re: [Evolution] Evolution/GPG
- From: Stig Roar Wangberg <srw openmailbox org>
- To: Ralf Mardorf <silver bullet zoho com>
- Cc: evolution-list gnome org
- Subject: Re: [Evolution] Evolution/GPG
- Date: Mon, 22 Feb 2016 14:06:00 +0100
må. den 22. 02. 2016 klokka 03.58 (+0100) skreiv Ralf Mardorf:
On Sun, 21 Feb 2016 21:22:02 +0100, Stig Roar Wangberg wrote:
I only encrypt to people I trust IF the message requires it.
Here we face another issue. If you don't always encrypt messages, then
a judge could assume that the encrypted email are related to a crime.
In some countries, IIRC e.g. Great Britain, people can be forced by law
to decrypt data, if they don't do it, they get arrested. In Germany we
have a strong data protection, AFAIK you can't be forced to decrypt
data. Btw. by accident I lost some unimportant keys, so I can't decrypt
some unimportant data, but this could become an issue in countries,
that are allowed to force you, to decrypt data. However, some nations
even use torture. "IF the message requires it" is a strange statement.
Actually all mail, perhaps excepted of postcards, are liable to
inviolability of the mail. If you like to turn the spotlight on you,
then encrypt just a few messages, so police and others know at least
dates, when you might be involved in crimes or whatsoever they are
interested in. IOW by decrypting messages that "require" decryption and
at the same time not encrypting other messages, you already provide
useful data to those who are interested in it. The content of the
message might be unimportant to them, the only information they need
is, that at a given date you corresponded by encrypted emails. Now you
could argue, that in addition you're using anonymous mailing, mixminion
or similar. Since TOR was mentioned I'll quote from the FAQs:
"So I'm totally anonymous if I use Tor?
No.
[snip]"
"What attacks remain against onion routing?
As mentioned above, it is possible for an observer who can view both
you and either the destination website or your Tor exit node to
correlate timings of your traffic as it enters the Tor network and also
as it exits. Tor does not defend against such a threat model.
[snip]
Furthermore, since Tor reuses circuits for multiple TCP connections, it
is possible to associate non anonymous and anonymous traffic at a given
exit node, so be careful about what applications you run concurrently
over Tor. Perhaps even run separate Tor clients for these applications."
- https://www.torproject.org/docs/faq.html.en
IOW e.g. even if you run Ardour, a digital audio workstation that phones
home and it phones home, while you are using TOR browser, a lot of the
security provided by TOR could be null and void.
Regards,
Ralf
But I DO agree with the facts you are presenting.
Thank you, Ralf.
Best regards,
Stig
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
