How To Enable Mom w/ Encrypted E-Mail? 269
mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"
Stymie the goons in charge (Score:3, Funny)
Reality Check... (Score:2, Informative)
Re:Reality Check... (Score:4, Interesting)
Has the Bush administration actually invoked FISA as their legal basis? If so, I missed it. And, from what I've heard, it wouldn't fit. AFAIK, FISA requires either a warrant or only monitoring where no US person is likely to be involved (see Q18 in the EFF writeup).
Carter [fas.org] and Clinton [fas.org] both issued executive orders authorizing FISA monitoring, but specifically quoted FISA regulations to be followed. I haven't seen a similar order from Bush, and even according to legendary conservative Rush Limbaugh, the FISA courts were bypassed. Limbaugh's take on it was that the unprecedented denials and modifications [upi.com] of Bush's FISA requests forced him to go around the process.
In short, the President is not asserting legal authority under FISA. According to the Attorney General, his authority hinges [washingtonpost.com] (PDF) on his "inherent authority" [washingtontimes.com] as Commander-In-Chief, and Congress's Use of Force Resolution [pbs.org].
Of course, in my strict interpretation, I missed the part of the Presidential Oath [loc.gov], Constitution [archives.gov] or the above resolution that grants him any power over surveillance. And, according to Daschle (partisan to be sure, but you'd think records of this kind of stuff would be easily checked), Congress specifically rejected [washingtonpost.com] the administration's request for having the resolution cover actions in the US.
Re:Reality Check... (Score:3, Informative)
Has the Bush administration actually invoked FISA as their legal basis?
No they have not. Interestingly enough, the FISA court itself became quite alarmed when evidence started to appear in its proceedings which was obtained through the executive order.
The current justification for the wire-tapping executive order is based upon the War Powers Act. As I understand it, the basic gist of this position is (1) we are at war and (2) any surveillance gathered is therefore military intelligence, exempt from t
Re:Stymie the goons in charge (Score:2)
One word (Score:4, Funny)
Don't.
-Colin [colingregorypalmer.net]
Re:One word (Score:4, Interesting)
The issue here is not being concerned about what you might disclose in a letter home to your Mommy. The issue is that nearly anything you do can be watched. And we have nearly no oversight to make sure that US governmental agencies are conducting this surveillence in a legal and ethical manner. Also, if you write something that could sound a little strange out of context (paintball, for example), you could end up with some big hassles because you seemed a bit "suspect". Your argument is nearly as bad as the "you shouldn't have anything to hide" ones.
Re:One word (Score:3)
If you only encrypt the communications that contain sensitive information, then it is pretty obvious to even the dumbest of spys when you have something to hide. Encrypt everything, and no one will know if you do or don't have secrets.
Re:One word (Score:3, Insightful)
But in just the same way, encrypting your correspondence will flag you as suspicious. If the original poster's concern about unwarranted government snooping is justified, then this is precisely the sort of thing that will draw their interest, lead them to investigate him th
Re:One word (Score:4, Insightful)
Good time to be living in a freer country, don't you think?
Re:One word (Score:3)
Got a list? It seems every place you read about lately is in the middle of becoming less free with each passing week.
Here's the right to privacy (Score:3, Informative)
Forth Amendment
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
pretty much covers privacy, since you can't violate privacy without viloating something in the above, not at least without twist
Re:One word (Score:2)
Which is why we want as many people as possible to encrypt their e-mail: the more people there is doing this, the less at
Re:One word (Score:2)
Yes, but that's not going to happen unless "everyone" (or some approximation thereof) is concerned enough about privacy to consider using encryption. The only scenarios in which I can imagine that actually happening are those in which private no-back-doors encryption has already long-since been criminalized.
Re:One word (Score:3, Insightful)
1) It's so easy that there's no reason NOT to do so, and
2) it contains trade secrets, and
3) it contains private data about clients.
Not encrypting your email is a good way to get sued into oblivion, if not by a disgruntled client or former employee, then by your own shareholders.
Re:One word (Score:2)
I don't care if these fuckwits think it looks suspicious or not.
Re:One word (Score:2)
The point is that unencrypted email is really more of an e-postcard -- anyone can read it, and it's none of their goddamned business what my mail is.
GPG/PGP: Thunderbird and Enigmail (Score:5, Informative)
Enigmail project [mozdev.org] website features are:
Works for me!
Re:GPG/PGP: Thunderbird and Enigmail (Score:4, Informative)
Some free clients have limited support for GPG/PGP, such as gmail through thunderbird. The last time I tried the encrypted attachments, however, they didn't go through quite as expected(Don't remember what the actual effects were, but the cause was a mishandling of the MIME types.)
As it stands, Thunderbird and Enigmail seems to be the easiest method for sending/receiving encrypted/signed emails, but free services are still a grey area for support. If it handles the MIME type on the encrypted attachments improperly serverside(the basic problem I ran into with Gmail) or they use the web interface regularly, there really isn't much you can do right now.
Re:GPG/PGP: Thunderbird and Enigmail (Score:3, Insightful)
At my university, Every student is given a connectivity CD which configures their computers for the network and installs firefox/thunderbird (even adds putty and an SFTP client). Next year it will also include gaim/adium as they are currently beta-testing a jabber server. If you want to get online when you show up at school, all you have to do is plug the CD in an
Re:GPG/PGP: Thunderbird and Enigmail (Score:2)
Re:GPG/PGP: Thunderbird and Enigmail (Score:2)
Our CS department even offers a course called "Free Software Practicum" [uchicago.edu] and its course description is as follows : Students who are already proficient in programming are provided with the experience of working on real software and the opportunity to collaborate with distributed teams of developers. The course work consists entirely of one or more programming tasks, which must produce freely distributed code. Course work may be chosen from the bug lists and to-do lists
GMAIL and Thunderbird/Enigmail (Score:5, Informative)
Thunderbird/Enigmail combo neatly address your privacy issues for both sending and receiving.
With PGP/GnuPG perfect forward-secrecy protection, you can leave all your emails in your gmail account and not bother to delete them (EVER or until your GnuPG passphrase is compromised).
Google deux-machination of trying to find AdWords in your email for their massive onslaught of advertisement campaign will come to a screeching halt when your gmail InBox contains nothing but psuedo-random data.
Good riddance to invasive AdWords into your emails...
Re:GMAIL and Thunderbird/Enigmail (Score:4, Interesting)
Re:GPG/PGP: Thunderbird and Enigmail (Score:2)
Yeah, this is real problem.
What we really need is for email providers to step up and make encrypted email the default.
What would it take for this to be built in to Thunderbird default installs in the future, I wonder?
Enigmail does not work with HTML. (Score:3, Informative)
HTML does not belong in encrypted email payload. (Score:2)
99% of email sent to me having HTML encoding is SPAM. About 3% of those emails have embedded URLs directing me to malicious websites trying to probe your computer for vulnerabilities or phish for your personal information.
The very IDEA of encrypting email with embedded URL DEFIES the privacy concept. Ever hear of 1-bit embedded GIF images? Oh boy, what a great tracking d
Re:HTML does not belong in encrypted email payload (Score:2)
The problem isn't the HTML per se, it's the half-assed implementation in most mail readers. Rich text in general is a good thing. HTML is a reasonable choice for rich-text. Ther are just two rules for securing HTML mail: Do not display anything not included in the message. Embedded images are okay, but don't fetch <img> links. And donot, under any circumstances, run any scripts of any sort. That's it. Pay attention to those two rules and you get HTML mail that's exactly as secure as plain-text mail
I write long reports that need to be formatted. (Score:2)
Thunderbird can be configured to:
1) Not open external (not embedded) image files. This is the default.
2) Not run scripts. This is the default.
Thunderbird cannot run ActiveX. That gives me perfect safety. Enigmail [mozdev.org] should support what Thunderbird supports.
Many programmers have very limited in social abilities, so they don't like to or want to communicate. Also, many programmers are, maybe surprisingly, not big users of their computers. They program
Re:Enigmail does not work with HTML. (Score:2)
Is there any valid technical reason, or do the authors simply think that HTML email is a Bad Idea?
(I happen to agree with other posters that using "limited" HTML is a reasonable way to achieve email with styled text. Sometimes it's nice to be able to emphasize a point, you know?)
Re:Enigmail does not work with HTML. (Score:2)
The Outlook plugins for PGP and some of the other mail readers out there won't work with it but enigmail to enigmail it works just fine.
Re:GPG/PGP: Thunderbird and Enigmail (Score:2)
http://www.mirrors.wiretapped.net/security/crypto
I hope you know (Score:5, Informative)
Personally, I just assume that whatever I write or say is being listened to. It sucks, but that's the world we live in. Don't like it? Vote for a non-fascist next time.
Re:I hope you know (Score:2)
Do we have quantum technology yet?
No, and no.
Re:I hope you know (Score:4, Insightful)
Don't be so sure! I recall about eight years ago it was discovered that GSM's 64-bit encryption keys defaulted the last 16 bits of every key to zero, significantly reducing the amount of processing needed to decrypt GSM transmissions. At the time this was widely suspected as an intentional back-door so GSM would gain approval from the necessary goverments before being deployed.
All I'm saying is who's to really, really know if a publicly-traded company like RSA can't get "leaned on" by the government to provide the NSA with a back door? In fact, according to Steven Levy in "Crypto" there was the possibility that the original RSA encryption would never see the light of day if users didn't surrender their keys to the government to be held "in escrow", to be made available to law enforcement with the appropriate warrant... These are just 'for examples'.
Encryption is no panacea and it probably only protects you from the average criminal who tends to prefer easier targets that don't encrypt their data. For these reasons, I just don't see encrypting email as a way of protecting yourself from your own government.
Re:I hope you know (Score:5, Informative)
Well, I know that they appear to know more than what the general cryptography community knows. For example (lifted from wikipedia, emphasis mine):
Re:I hope you know (Score:2)
Yes. There are countless times where the US government has cracked an encryption and not told anyone for years, even decades, because otherwise cracking it would be useless. They can't even publicize information encrypted with that method, because then people will figure it out. Assume that any encryption that has been here for over a couple of years has been cracked by the NSA.
By the way, at the risk of invoking Godwin's law, remember that this is the same mistake made by the Germans
Re:I hope you know (Score:5, Insightful)
Actually it is pretty simple.
As far as most of us know, cracking RSA (and DES, and all the 'good' encryption) can be done, but it can only be done via brute force (ie, trying different keys until one is found that works.) There is a little more to it than that, but lets just say it is incredibly time and processor intensive. Just like SETI.
One of three things has happened at the NSA, you can pretty well bet :
1. Every year computers get twice as fast, for free.
2. The can add more machines without removing the old ones, (thing Beowulf.)
3. They came up with an algorythm that is faster than brute force, but haven't let on.
That third one is the most scary - it is like when the Enigma was cracked. No longer did it take brute force
RSA / DES keeps the honest people honest, and it keeps the first level bad people honest - but the days of keeping the hardcore bad guys honest are pretty much over.
And yes, I mean the gvmt.
Re:I hope you know (Score:2)
Personally, I just assume that whatever I write or say is being listened to. It sucks, but that's the world we live in. Don't like it? Vote for a non-fascist next time.
Ever see the vote or die episode in south park? I think it summed it up nicely. You have a choice to vote between a giant douche or a turd sandwich. Both are shitty choices, but they're the only choices. Since the system is not perfect you have to find ways to protect your freedom. After all, it's the patriotic thing to do and anyone
Re:I hope you know (Score:2)
Each time you encrypt a communication, those tho have no business snooping on you will lose time decrypting it, thus decreasing their general effectiveness. Eventually, when EVERYONE will encrypt their own communications, EVERYONE will be a suspect. Only in communist co
Re:I hope you know (Score:2)
I would not say ONLY in communist countries is everyone suspect... there are plenty of brutal places that havn't chosen communism as the rhetoric to justify their inhumanity
-Steve
Re:I hope you know (Score:2)
I did (along with the majority of US voters)... alas, it didn't seem to matter.
The best encryption is plain text (Score:4, Interesting)
The best plaintext is encryption (Score:5, Insightful)
I'll be darned if I'm going to live my life in fear that some TLA will mistake some perfectly innocent activity for terroristic proclivities. I only have control over my own mind - it's beyond my abilities to make someone else interpret my actions in the way I want.
So, I'll keep encrypting the emails I send to my friends. I'll also keep locking my door and sealing my envelopes, even though I don't have any secrets the government would be interested in.
Re:The best plaintext is encryption (Score:3, Informative)
Forgive me for adding a hint of rationality to this discussion, but really... Just don't live in fear. Sure, there may be some reprehensible things going on that you should oppose, but you shouldn't be afraid. How many people have been investigated? Give it your best bet. Hundreds perhaps? Divide that by the number of people out there and then compare it to the posibil
Re:The best plaintext is encryption (Score:2)
Re:The best encryption is plain text (Score:2)
Ah... (Score:2, Funny)
Re:Ah... (Score:5, Insightful)
Fighting the drug dealers was the excuse in the 80s. In the 90s it was saving the children. Now it's fighting terrorism. Please, keep up to date on the latest doublespeak - otherwise it's harder for the government to strip us of our rights.
Get real! (Score:2, Insightful)
Re:Get real! (Score:2)
A welcome letter to my campus policing progrma
A product replacement request followup from Apple
Working hours from my boss for xmas break
Photos of my puppy from a friend taking care of him this week
I certainly wouldn't exert the hassle to encrypt these emails, and I'm sure the person on the other end would say the same thing
Re:Get real! (Score:2)
I'd like to know your mail address and when you are visiting your mom so I can rob your house.
If you could just post me a username/pw for your machine I'll take a look around and see what *I* consider to be interesting, not what you think I'm interested in.
ta
Re:Get real! (Score:2)
Re:Get real! (Score:2)
I'd like to know your mail address and when you are visiting your mom so I can rob your house.
I do believe you're losing sight of the original argument here. The submitter referenced Bush and the NSA's spying as reason for using encrypted email, which is the argument at hand.
Protecting data like that from someone who wants to steal my identity or rob my house is a completely different issue. If Bush wants to raid my house encrypted email isn't going to do much.
Re:Get real! (Score:2)
True, but that's merely the last straw, as it were. It's been said that e-mail should more accurately be called "e-postcard" since anyone can snoop it. Do I have something to hide? Well, not really, at least not at the present time. But the point is that it's none of the government's freakin' business what email I'm sending (unless they can get a warrant... which seems to be too much trouble for this administration)
Despite
Re:Get real! (Score:2)
Re:Get real! (Score:2)
Can you really beat the NSA? (Score:3, Interesting)
I understand the math behind it. Keep in mind a few bright Chinese scientists were able to find weaknesses in once stalwart signature technology. The stuff we use today isn't impervious, and we know that there are ways around it. We just don't know for sure how easy it is until someone proves it.
China's only problem is that they allowed these scientists to publish this. Why the communists didn't bring these guys into their top-secret intelligence org is beyond me. In the US, if a scientist discovered how to thwart similar security measures, they wouldn't be allowed to publish it. They would be instantly whisked away to the NSA secret HQ to work on similar problems for untold amounts of cash.
Which brings an interesting thought: How smart are the people who work at NSA, and how much can they crack? How do these people's intelligences and knowledge compare to the rest of the world, at least, the public world? We'll never know for sure unless we get a job working there as a scientist who has to develop new methods of cracking encryptions. And then we wouldn't be allowed to tell anyone. So the public will never know for sure, and can never know for sure.
In short, the encryption race can't be won with the US government, any more than you could win a nuclear arms race. You can go ahead and compete with nosy neighbors and competitors, and perhaps even 2nd or 3rd world foreign intelligence, but I strongly doubt that you'll be secure from the prying eyes of any administration of any of our allies. Besides, this is one area where our government has spent and will spend the required resources to ensure they are #1, just like the arms race was.
And remember, in security, the question is, "How secure do you really need to be, and how much are you willing to pay for it?" In the end, is your grandmother really that worried about some administration official reading her super-secret brownie recipe that she passes on to her friends? What will she say that could possibly alarm them? How secure will the recipients of her messages keep those messages? What's the point of being secure if you can't secure both ends of the conversation?
Ciphire (Score:2, Informative)
https://www.ciphire.com/ [ciphire.com]
Re:Ciphire (Score:2)
like all public key systems, the problem is with the key distribution. they tend to brush over this...
Really Simple... (Score:3, Funny)
Kmail and Thunderbird (Score:3, Interesting)
The only thing any of them notice is that ocassionally they have to enter their password again.
I have to say though that when Kmail popped up a message that was all in red to indicate that a signature was invalid, everyone loved it (it wasn't sinister, MS Exchange mangles certain messages).
Being sure that your email wasn't read, nor was it tampered with is a great feeling. Nothing any of us say to each other is, in theory, worth protecting in this way; however, it's now perfectly safe for them to send, say a home address or a telephone number or any other personal information in the knowledge that it hasn't been read. It's not national security stuff, it's just privacy. You're not protecting against government snooping, you're protecting against random snooping by some bored mail server operator.
I'd argue that if the government wanted to spy on me, they'd find it very dull, but wouldn't be thwated by the fact that I encrypt my emails.
Two things come to mind... (Score:3, Funny)
1. What are you trying to hide?
2. Tell me where Osama Bin Laden is
.
PGP (Score:3, Informative)
If changing the mail client isn't an option (Score:3, Informative)
Why bother? (Score:2)
Double encription, using two schemes is also about as useful as rot-13. They've already thought that far ahead.
Simple (Score:2)
Then, use S/MIME.
The best reason ... (Score:4, Insightful)
To all the "you don't need encryption unless you have something to hide" people. Wow. I'm truly astounded by those people who have failed to learn anything from history.
Re:The best reason ... (Score:2)
First they came for the people using encrypted email and I did not speak out because I wasn't using encrypted email.
Patterns more important than content (Score:2)
For typical criminal cases, obtaining wiretaps isn't always practical -- but obtaining phone records is trivial. If you have a pattern established of communicating with someone who is a criminal or terrorist figure (even without your knowledge), your encrypted communications suddenly become damning.
Use S/MIME / personal certificate (Score:2, Informative)
http://j [joar.com]
Re:Use S/MIME / personal certificate (Score:2)
"Slow Down Cowboy!"
Go High Tech (Score:4, Funny)
Obtain a molecular transfer device that puts a dark material on semi-permiable surfaces, such as the paper you use in your printer.
Encode your message by placing dark marks on the paper. Seal it in an opaque layer of similar material and encode the physical address of the recipient on the outside.
You can then purchase a government document (for less than the cost of a cup of cofee, or of supporting a third world waif for a day) from a government agency tasked with transfering such encrypted information, afix it to the outside of the "envelope", and trick the 3\/1L goobermint into delivering your secret message for you.
If you REALLY want to be certain of your security, you can seal the "envelope" with the semi-transparent film developed by the security firm "3-M". The adhesive on one side of the film prevents unauthorized opening.
Of course this is all for naught due to the CIA's "remote viewers" unless you remain in motion. So when you're encrypting/molecular transfering, it's important to run around in circles so they can't focus on you. A tin foil hat won't actually help, but wearing one while running in circles will prevent those around you from asking pesky questions. Remember: shiny side out, otherwise a feedback loop can occur and cause dain bramage.
* As an alternative, entirely graphical representations can be developed. Pictures created with polychromatic, wax-based molecular transfer devices are especially attactive to moms, who tend to archive them on the outside of their refrigerator.
Who needs encryption! use family sarcasm (Score:2, Funny)
So you can see that family sarcasm can easily eliminate the need for encryption.
postfix, IMAPS, SMTP/STARTTLS (Score:2)
Give your Mom an account on your server where you have postfix set to opportunistically encrypt, your IMAP daemon to use SSL (courier, cyrus, etc) and require SASL on STARTTLS connections for outgoing e-mail (postfix again).
This way, large numbers of users of users can have their wire-level communications encrypted without requiring the users to do much work. For example, if/when AOL starts accepting SSL at the MTA level (and they e
Simple solution (Score:3, Funny)
Simply included an encrypted and plaintext version in every email; problem solved!
So sad and pathetic.... (Score:3, Interesting)
Freedom of Speech does not imply the Freedom to Hear whatever is said!
(-hrair-)
no real point (Score:3, Funny)
Get someone to fix Mozilla bug 135636 (Score:3, Interesting)
This bug says that Mozilla (aka Seamonkey) should implement the "encrypt when possible" feature. That is, if the email client has the public key of all recipients, then the email should be automatically encrypted. If this feature were implemented in Seamonkey and Thunderbird, it would do wonders for increasing the usage of encryption. All you would need to do then is get a private/public key for everyone you know, and then all email will be automatically encrypted. Your mom wouldn't even know it was happening.
Re:Don't bother (Score:5, Informative)
I love this type of thinking.
Check out the 60 minutes inteview on Echelon:
KROFT: (Voiceover) Is it possible for people like you and I, innocent civilians, to be targeted by Echelon?
Mr. FROST: Not only possible, not only probable, but factual. While I was at CSE, a classic example: A lady had been to a school play the night before, and her son was in the school play and she thought he did a--a lousy job. Next morning, she was talking on the telephone to her friend, and she said to her friend something like this, 'Oh, Danny really bombed last night,' just like that. The computer spit that conversation out. The analyst that was looking at it was not too sure about what the conversation w--was referring to, so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.
KROFT: This is not urban legend you're talking about. This actually happened?
Mr. FROST: Factual. Absolutely fact. No legend here.
http://www.freerepublic.com/focus/f-news/1543347/
Re:Don't bother (Score:3, Insightful)
You know how large the "possible terrorist" list would be, then? I'm sure all of us have used a suspicious word over a communication network in a normal way at some point....
If they're using that kind of criterion, then I know I'm on that list. Now what? They can't well hassle half the people boarding the plane; they might as well hassle them all and drop the list.
Re:Don't bother (Score:4, Insightful)
Only, unlike Gilmore, you are probably not a multi-millionaire...
Re:Don't bother (Score:2)
I'm fairly sure that not even a dictatorship can keep its capitalism afloat if they put half the passengers on a no-fly list.
Re:Don't bother (Score:2, Informative)
so i can only think of a few ideas to
Re:Don't bother (Score:2)
Re:Don't bother (Score:5, Insightful)
--Cardinal Richelieu
Re:mom? (Score:5, Insightful)
Who cares? Do you write your letters on postcards or do you seal them inside an envelope?
Maybe he has a nosy mailadmin. Maybe he doesn't want his kid sister reading mail meant for his parents. Some of us value our privacy, even though we don't have anything to hide.
Re:mom? (Score:2)
Re:mom? (Score:2)
Anyway, the point is that encryption isn't about hiding from the government. When you use ssh, are you trying to hide your shell commands from the government!? Why should e-mail be any diffe
Re:mom? (Score:2)
Re:mom? (Score:2)
It's true, I don't have anything to hide at the present time. But who knows when they might decide that I'm a target?
e.g.:
http://www.dailykos.com/storyonly/2005/12/20/9408/ 0642 [dailykos.com]
Back in May of this year, the news broke regarding FBI documents obtained by the ACLU revealing domestic surveillance of political activist groups (environmental, animal rights, peace and social justice groups, etc.).
Re:mom? (Score:5, Insightful)
As a case in point, if you are sending a check, money order, or even cash to someone, most people use some sort of method of further obscuring the contents than simply putting it into an envelope. They pay extra for a box of 'Security' envelopes, printed on the inside with some pattern that makes it difficult to discern writing or printing. They wrap an additional piece of paper around the instruments. And so on. This doesn't happen in every case, but just about as often as not.
It has also been long recognized that if you are sending mail to a country or person that someone has significant concerns about, that there are several ways of opening the envelope, or even extracting the letter from within the envelope without opening it. Read or copy the contents, then return the contents of the letter and send it on it's way.
In a lot of cases the real reason for using an envelope has more to do with protecting the contents of the envelope from smudging or being separated than with preventing anyone from knowing what those contents are. If you are paying a bill, you use an envelope to keep the check and the bill stub together so that the people being paid have some idea of what the check is for.
If you get a multi-page letter from Aunt May, she is more likely to be trying to keep the pages together and in order than otherwise. If you are traveling, you very probably do send post cards, often with a picture of where you are, and a brief note wishing the recipient were along for the trip. An interested party may glean far more from a brief glance at the picture than by reading pages of text.
Note that there are a couple of elements of the above that do make sense when related to encrypting or digitally signing the e-mail that you send. For all practical purposes the e-mail that you send is a single page document. Even if you print it to 100 pages of a single spaced double sided 6 point font as far as the e-mail handling software is concerned, it doesn't matter if the message is zero bytes, or a couple million bytes. If the parts are not all put together correctly at the far end, an error is logged, and the system trys to fix the situation. Likewise the system is mostly proof against smudging or error introduction to the body of the message, as it is being handled by a TCP connection. That does not prevent changes to the headers, nor does it prevent an alteration by a malicious server in the middle. Encrypting or signing the contents does reduce the likelyhood that a change to the contents will be noticed. (Though it does nothing for the headers, including the subject.)
Of course the above is a rather simplistic explanation, and there are other elements involved.
-Rusty
Re:solution (Score:2)
If you're going to be paranoid, do it right.
Re:solution (Score:2)
Re:solution (Score:2)
Don't forget also to either use low-pass filtered fonts on your CRTs or to add random noise to the least significant bits of the DVI-D data going to your TFTs. Stops the old Van Eck Phreaking [wikipedia.org] used to read your monitor from the oscillations in your graphics card.
And tinfoil!
Re:solution (Score:2)
I've toyed with this one myself to send chitchat back and forth to my Mum.
Use a geiger counter to fill a CD with random numbers, send a copy to Mum, and drive CSIS [csis-scrs.gc.ca]/NSA [nsa.gov]/GCHQ [gchq.gov.uk]/etc. nuts with email that they can't decode.
Given a CD full of random numbers, a couple of lines of perl [perl.org] would do the rest...
Yeah, I know, I need to get out more. I even recorded the leap second on WWV earlier today. Sad or what?
...tick...tick...tick...(blank)...(blank)...BEEP
Re:Hushmail (Score:5, Informative)
They used to be. The servers are in Canada now. You know, the Country that tried to pass the Lawful Access bill last session to "compel all telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number."
Re: (Score:2)
Re:Before you go and do that... (Score:2)
If they present me with a warrant, I'll be happy to give 'em my decryption key. (Well, maybe not *happy* about it...)
Re:Before you go and do that... (Score:2)
That isn't what encryption is meant to protect you against. Encryption is there to protect you against unauthorised snooping. As when your president decides he's above the law and