Safeguarding Data From Big Brother Sven? 345
An anonymous reader writes "Now that the Swedish government (in its infinite wisdom) has passed a law allowing them to monitor email traffic, a question that I think a lot of people are asking (or at least should be asking) is: 'What can I do to improve my privacy?' The answer is not obvious.
So, what are the best solutions for seamless email encryption, search privacy, etc? What are your experiences with PGP vs GPG vs ...? In this day and age, why is the use of this type of privacy technologies still so limited? Why isn't there a larger movement promoting the use of privacy tools? Also, what is in your opinion the largest privacy concern? Search tracking? Email transfer?
I believe this is an interesting question not only for Swedes, but for everyone. Lots of traffic is passing through Sweden, but more importantly, the Swedish government is not alone in using this type of surveillance."
Reader j1976 writes with a related question: "For most users with email addresses within large organizations, implementing their own email encryption scheme is not feasible, partly because of the technological aspects, but also since users in organizations often do not have administrative access to their workstations. What can an organization do, centrally, to lift the burden of encryption from the users? Are there any transparent schemes for email encryption which could be installed for the organization as a whole?"
Secure tunnels (Score:5, Interesting)
SMTP over SSL (Score:5, Interesting)
One of the things we need to add is SMTP over SSL. It won't prevent all snooping, but at least between 2 people that trust each other, no snooping happens on the path between.
Sweden's just being honest about it (Score:5, Interesting)
As the submitter points out, you cannot be sure where your data is being sent on the route between you and your recipient. For all you know your "Dear Mom" email might go through Sweden, the US, the UK, Denmark, Russia and China even though you live within 50 km of eachother.
And your Skype call? Well, that's likely to do the same thing with its routing feature.
Your SSL connection isn't any safer from snooping - not sure about MitM attacks, but if you're just listening in, do you really need to be a MitM?
Why can't it be simple. (Score:5, Interesting)
Some time ago I suggested someone write a thunderbird extension that was a "one click" encryption setup. On clicking "encrypt" it would create a gpg key > send the pub key to a key server > and if it does not have someone elses key it can suggest thunderbird and itself to that person.
I know this is not a good way to do this, but I can't see people using pgp/gpg it any other way.
GeoIP? (Score:1, Interesting)
Obviously it doesn't cover routes but it's a start.
Exchange servers can do messaging tunnels (Score:1, Interesting)
However, not everyone runs Exchange, and not everyone is willing to set dedicated send/receive connectors.
SMTP over SSL/TLS would be a great thing. Its already implemented, but few mail servers take advantage of this.
Re:Here is what you do (Score:4, Interesting)
Re:Sweden's just being honest about it (Score:3, Interesting)
these kinds of stories are philosphically naive (Score:2, Interesting)
if you take a large, open, sprawling network, there is no law or safeguard that can protect you from eavesdropping. forget the government for a moment, what about companies? what about technically astute oddballs? what about aspects of any country's government that does whatever the hell they want to regardless of what the goody two shoes in the legislature say? what about governments of other countries the network passes through? etc., etc.
let us say sweden instead passed a massive ANTI-eavesdropping law instead of the law it did pass. ok, are you going to celebrate? why? are there people out there who actually believe this would protect them from eavesdropping? who are you and what about the concept of a "vast open network" do you not understand?
the news of what the swedish government did is treated as if it were a ton of bricks here. folks: absolutely nothing has changed, and no law will ever protect you. ever. its called a sprawling, open network. its not a bank vault. your info, once it goes on the wire, is open season for snooping, is subject to thousands of different vectors for attack. by all sorts of entities
and there is no technological or legal to fix to that that does not also break what you like about the network in the first place: its openness. thats the downside to being open, call it a twist on the concept of the tragedy of the commons. its free for you to do anything you want... but that means it is also free for more nefarious interests to do whatever they want to to. there is no way to act against such nefarious interests that does not also somehow inconvenience what you like about the network at the same time
the solution? STOP ASSUMING PRIVACY ON AN OPEN NETOWRK IS POSSIBLE OR EVEN A VALID CONCEPT FOR YOU TO CONSIDER
seriously, get over it. privacy on the internet is a philosophical impossibility
Re:On NPR... (Score:5, Interesting)
Of course, I used to be one of those people, too. I started out listening to NPR because I liked classical and jazz music... eventually the news wore on me and I realized that I had been sort of a dick prior. Now I really like NPR news.
Re:Someone please remind me... (Score:5, Interesting)
Although I agree with your comment, just putting in an email, slashdot comment, or even one of my journals can't get the FBI and DEA and whatever anti-prostitution agency to break down my door. Otherwise it seems they already would have, as although I'm no gambler, my slashdot journals often feature potsmoking and hookers. Maybe I should add some blackjack.
However, adultery is NOT against the law. Do you want your wife to find the email you sent to your girlfriend because Sweden seems to be as anti-freedom as America?
(OT but related; why is it legal for me to fuck my congressman's wife, but illegal for me to pay her for it?)
Off the record messaging (Score:3, Interesting)
There are plug-ins available for it. OTR has some nice properties including the fact that messages are encrypted, but still deniable. What this means is an eavesdropper cannot read what you write, but at some later time an attacker with an unencrypted copy of the conversation cannot prove that you wrote it.
The goal of the project is to provide a level of security similar to meeting in a private place an d talking. Privacy without a paper trail.
http://www.cypherpunks.ca/otr/ [cypherpunks.ca]
Part 1 easy (Score:3, Interesting)
Easy thing to do, really no companies however offer this service
Re:encryption is irrelevant (Score:5, Interesting)
on the "public" portion, have semi-private personal pics, ie. your gf about naked, some sex stories from web and change them like they would be your experiences, love letters same thing, and other personalish data like that.
That "GF" doesn't be even YOUR gf, just grab some package of amateur pics of some website X)
Social engineering!
2nd solution: Public torrent based encrypted "backup" service, goes through the borders easily. Could be somekind of torrent & truecrypt mashup.
Could work if say you want to "backup" 5 gigs, you got to host atleast 10gigs. Gigantic waste of HDD space, Gigantic waste of bandwidth, no live usage, but have good key, and you are golden
In theory could work, anyone attempting something like this?
Re:On NPR... (Score:5, Interesting)
The 4th Amendment was written in response to the Stamp Act. Under the Stamp Act of 1765, all documents in your possession required the kings stamp on them to be legal. You had to by the stamps so this was in effect a tax.. the really ugly part of this law that people do not seem to know is that under the Stamp Act, British soldiers could come into your house any time they wanted to check your documents with what was known as a "writ of assistance". This is in effect a search warrant that British soldiers could write themselves. (It is akin to the NSA's National Security Letter as well..). Upon rummaging through your home, if you could not also prove that you paid taxes on other items such as your furniture or even your tea and your rum, they could arrest you.
Privacy is a property right, you are in your right not to show your property to anyone. This becomes all the more dangerous in a society of data mining and government provided "universal health care" because the government may decide you do not work out enough or your diet is not proper.
Don't think it can't happen.. In Japan the legal wast size is 33.5 inches. http://www.nytimes.com/2008/06/13/world/asia/13fat.html?_r=1&em&ex=1213588800&en=b5472f5ba2e31e50&ei=5087%0A&oref=slogin [nytimes.com] Anything over that and you may be sent to "re-education". If you deny "re-education" you may even be arrested for being fat.
Re:Here is what you do (Score:4, Interesting)
Re:What about PirateBay/Relakks? (Score:2, Interesting)
FRA 1 point, RELAKKS 0 points
Although not a bad idea they need stronger encryption to actually matter