Urban75 Home About Offline BrixtonBuzz Contact

David Cameron suggest banning message encryption

TLS (SSL) is fairly easy to subvert. There are commercial products that do this all the time and hats of all hues brew their own for both good and bad reasons. In addition a lot of the ciphers still in use are pretty weak. If you really want to protect email content you have to head down the route of public key crypto with suitably strong keys. TOR-a-likes help obfuscate the metadata.

Run your own numbers station? :p
 
mauvais said:
Post up your email and password then. More 'nothing to hide' bollocks.
Click to expand...
I think the majority of active emailers have accepted the level of security they have from normal email. I have seen calls from people for emailers to encrypt everything, to ensure their privacy, but I don't believe many users have gone to those lengths especially because it is my understanding that their communication partners would also have to decrypt the resulting emails.

How many people on here encrypt their normal emails?
 
mwgdrwg said:
1. Who is opposing this, what does the boy Corbyn say?

2. I currently use GMail, how can I encrypt my email?

3. How can I keep my web history private, a colleague mentioned VPN?
Click to expand...
1. Not found anything from him on it. Would hope he would oppose. Edward Snowdon has something to say, unsurprisingly.

2. There are browser add-ons for Chrome and Firefox (at least) which add GPG encryption options to Gmail.
3. A VPN will hide your web history from your ISP, by encrypting traffic to and from an exit point. TOR will do a similar job if used correctly
 
mwgdrwg said:
I have some questions! :D

1. Who is opposing this, what does the boy Corbyn say?

2. I currently use GMail, how can I encrypt my email?

3. How can I keep my web history private, a colleague mentioned VPN?
Click to expand...

to add to what LL said -
2) PGP relies on people sending you encrypted mail, and you sending them encrypted mail. Both sender and receiver need to get the other party's public key and use it.
In the real world, no one has ever used my public key to send me anything encrypted.

Looking at the logs on my mailservers, about 65% of the connections to them are SSL. Meaning the remaining percentage are in plaintext.
Think of an email being about as secure as sending a postcard.

Storing email on your own server would let you encrypt the lot, but a government could still look at what is arriving before you get it.

3) Your web use has to leave your trusted network at some point. By default it leaves to your ISP. So they have a record of everything you see.
You can pay to use a VPN to some other place on the internet. So that the VPN provider has a log of everything you see. People put a lot of trust in this. But its technically no different to your ISP - except in some cases is in another country.

Tor lets you mask everything to some extent. But gives you an unworkably slow connection, and if you do anything that's not plain html, you open yourself up to some risks.
 
weltweit said:
I think the majority of active emailers have accepted the level of security they have from normal email. I have seen calls from people for emailers to encrypt everything, to ensure their privacy, but I don't believe many users have gone to those lengths especially because it is my understanding that their communication partners would also have to decrypt the resulting emails.

How many people on here encrypt their normal emails?
Click to expand...
Not the point, though, is it. Most people are comfortable with the contemporary state of commercial email - which involves some level of encryption - because to all intents and purposes, noone else is ever going to read their email. So one doesn't have to be "Mr Big" to have an interest in security.

More so your internet history which, in local terms, is also very likely encrypted, with you the only keyholder.
 
joustmaster said:
3) Your web use has to leave your trusted network at some point. By default it leaves to your ISP. So they have a record of everything you see.
You can pay to use a VPN to some other place on the internet. So that the VPN provider has a log of everything you see. People put a lot of trust in this. But its technically no different to your ISP - except in some cases is in another country.
Click to expand...
Unless your VPN provider does not keep logs... and you're happy to believe them.
I use Private Internet Access (although I switch it off when I want to get max download speed as their throughput can't cope) and apparently...
Do you log the traffic of your users?
Privacy is the number one concern for our VPN service. Logging directly compromises that privacy, and also slows down the efficiency of an internet connection. When using a VPN service, privacy, speed and connectivity are all important factors to bring customers a better service. In order to provide the most private, efficient and high-speed VPN service to our customers, PrivateInternetAccess.com does not maintain any logs of any kind, period.
Click to expand...
 
Nicked from Could a simple mistake be how the NSA was able to crack so much encryption?
I encrypt every email I send with a page from a 50 Shades book.
I then send the details of the page I used by letter, encrypted (obviously) with a passage from the next 50 Shades book.
So then I have to visit the recipient and whisper the book, page and line number into their ear.

So far I've had 3 disciplineries, 1 very unusual date, and won a game of battleships I didn't even know I was playing.
Click to expand...
 
mauvais said:
Not the point, though, is it. Most people are comfortable with the contemporary state of commercial email - which involves some level of encryption - because to all intents and purposes, noone else is ever going to read their email.
Click to expand...
I would hope the recipients of my emails read them :)

mauvais said:
So one doesn't have to be "Mr Big" to have an interest in security.
Click to expand...
I once worked on a technology item for a defence firm and asked if we could encrypt our communications because the item was confidential and it was important to us that it remained so. They declined which I thought was short sighted and sure enough they leaked like a sieve in other respects also.

mauvais said:
More so your internet history which, in local terms, is also very likely encrypted, with you the only keyholder.
Click to expand...
I would have thought our internet histories at the ISP stage are quite easy to see no? requests for pages etc, rather like a server log file .. is that not the case?
 
weltweit said:
I think the majority of active emailers have accepted the level of security they have from normal email. I have seen calls from people for emailers to encrypt everything, to ensure their privacy, but I don't believe many users have gone to those lengths especially because it is my understanding that their communication partners would also have to decrypt the resulting emails.

How many people on here encrypt their normal emails?
Click to expand...

We've already established that few people encrypt their "normal" e-mails, you twat.
I use PGP to encrypt the occasional e-mail to people,where I wouldn't want the content to be read by anyone but the recipient.
 
pinkychukkles said:
Unless your VPN provider does not keep logs... and you're happy to believe them.
I use Private Internet Access (although I switch it off when I want to get max download speed as their throughput can't cope) and apparently...
Click to expand...
I bet they'd switch logging on as soon as the police turned up with a warrant.
 
Sometimes sales teams are told to use encryption. But they don't understand it, so end up up forwarding the mail, and passphrases to several people to help them access the emails. :D
 
weltweit said:
I think the majority of active emailers have accepted the level of security they have from normal email. I have seen calls from people for emailers to encrypt everything, to ensure their privacy, but I don't believe many users have gone to those lengths especially because it is my understanding that their communication partners would also have to decrypt the resulting emails.

How many people on here encrypt their normal emails?
Click to expand...
I have the facility to, but it's still something that is regarded as a bit techie, so most of the people I'd email aren't in a position to use it. It'd be useful for exchanging confidential client info and bank details, quite apart from any question of snooping.
 
on more than one occasion where i've worked has had emails from the police asking for information about e.g. cold case murders or historical allegations of child abuse - including on one occasion an email which contained previous correspondence detailing the name of the victim, the details of the abuse and the name of the alleged offender. i do not believe my experience to be unique. the volume of sensitive information emanating in such a fashion from organs of the state speaks to the existence of large numbers of people in charge of extremely personal information who will email it round to all and sundry without thinking twice of it. without taking the slightest precautions to protect it. and yet they will be in a position to demand all manner of information from private citizens who have the gall to want to keep their private discussions private.
 
existentialist said:
I have the facility to, but it's still something that is regarded as a bit techie, so most of the people I'd email aren't in a position to use it. It'd be useful for exchanging confidential client info and bank details, quite apart from any question of snooping.
Click to expand...
That is part of the issue, encryption is techie, it isn't something that the average internet user knows how to use, (myself included) assuming they even wanted to. And if they did want to, their message recipients would also have to know how to use it, and want to.

And people send bank detail via normal email often, and give their credit / debit card details out, often many times a day, to all sorts of individuals and businesses.

Would I like that my communications were available to their recipients but not to others, and my browsing history was private, yes I probably would prefer that just because it is basically none of their business, but I recognise government is not going to permit that my trace across the net be completely secret, because under certain conditions they are going to want to snoop on some people.
 
Last edited:
weltweit said:
That is part of the issue, encryption is techie, it isn't something that the average internet user knows how to use, (myself included) assuming they even wanted to. And if they did want to, their message recipients would also have to know how to use it, and want to.

And people send bank detail via normal email often, and give their credit / debit card details out, often many times a day, to all sorts of individuals and businesses.

Would I like that my communications were available to their recipients but not to others, and my browsing history was private, yes I probably would prefer that just because it is basically none of their business, but I recognise government is not going to permit that my trace across the net be completely secret, because under certain conditions they are going to want to snoop on some people.
Click to expand...
The point that it's a bit techie is a reason for it not being taken up much, but it's a specious argument against the prniciple of email encryption. After all, managing files and directories at the command line is a bit techie, but with the right tools - ie, a graphical filesystem explorer, anyone can do it.

And, in a perfect world where I could trust the agencies of the state to use information only for its stated purpose, I might see the merit of your argument about them needing to access our browsing histories, etc. But there are too many instances to count where powers, once handed over, are misused and applied for purposes that are a mile away from the ones they claimed them for, and are frequently really quite threatening.
 
You must log in or register to reply here.

Similar threads

Humberto
David Cameron is a walking disaster. And war criminal.
Replies
12
Views
751
Mation
Mation
Kid_Eternity
David Lammy’s time is up
Replies
11
Views
671
Whagwan
Whagwan
Pickman's model
david cameron's time is up again
3 4 5 6 7
Replies
190
Views
10K
brogdale
brogdale
T & P
Fucking King Charles’s voiceover, and fucking ‘Britain welcomes everyone’ message during the NYE London fireworks
2 3 4
Replies
103
Views
4K
Spymaster
Spymaster
elbows
End-to-end encryption propaganda campaign
Replies
1
Views
461
NoXion
NoXion
Back
Top Bottom