If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Raw Story)   Google is working to create an email encryption system that could resist government and hacker intrusion. Yahoo is mentioned as well, but subby just assumes they're just there to get the coffee   (rawstory.com) divider line 66
    More: Interesting  
•       •       •

588 clicks; posted to Geek » on 08 Aug 2014 at 10:29 AM (6 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



66 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2014-08-08 08:56:33 AM
Will it stop Google from reading your email?
 
2014-08-08 09:15:41 AM

MasterAdkins: Will it stop Google from reading your email?


FTFA Yahoo has altered its email process so users adopting encryption type messages in a separate window, preventing even Yahoo from reading the messages as they are typed, the Journal said.
 
2014-08-08 09:43:51 AM
Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).
 
2014-08-08 10:18:58 AM

dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).


Low tech is mostly the way to go nowadays. 

Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.

While keyloggers are very real, I think we somewhat overestimate the capabilities of the NSA.
 
2014-08-08 10:35:40 AM

bdub77: dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).

Low tech is mostly the way to go nowadays. 

Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.

While keyloggers are very real, I think we somewhat overestimate the capabilities of the NSA.


Don't mistake "capacity" with "capability".

They may not have the actual capacity to pull the plaintext or audio or whatever they want off of every computer/tablet/phone, but they certainly have the capability to do it nearly any individual device that is connected to the intarwebs.

And it's not just keyloggers.  They have a myriad of ways to get stuff off your machine(s) if they become interested in you.

And you'll never know if they are interested in you or not, because that information is highly classified.

If you just can't possibly *STAND* to do things manually, then having a separate air-gapped computer that is never connected to the webula for encryption/decryption is an option, and you can transfer the files with removable media.
 
2014-08-08 10:37:04 AM
www.rawstory.com

Dat B43!
 
2014-08-08 10:43:37 AM

bdub77: dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).

Low tech is mostly the way to go nowadays. 

Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.

While keyloggers are very real, I think we somewhat overestimate the capabilities of the NSA.


If you're that paranoid then just do all the confidential stuff on a Kali Live DVD in GEdit, encrypt the resulting text file, followed by hiding it in a kitten pic, save the kitten pic on an external flash drive, boot up Windows, send an email about a funny cat pic you found, call the person and say use X program followed by Y program to get the actual message...Even more paranoid....do it all via the Tor network or with a VPN...Even moar paranoid....embed the altered cat pic in a 2nd cat pic...
 
2014-08-08 10:46:02 AM

bdub77: dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).

Low tech is mostly the way to go nowadays.
Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.

While keyloggers are very real, I think we somewhat overestimate the capabilities of the NSA.


I like to think that if they're deft enough to get a keylogger on your computer, they're easily able to install software that reads the audio input buffer.
 
2014-08-08 10:47:08 AM

dittybopper: And it's not just keyloggers.  They have a myriad of ways to get stuff off your machine(s) if they become interested in you.

And you'll never know if they are interested in you or not, because that information is highly classified.


I'm really not into this whole fear the US government thing anyways. Oh sure we can talk about what we'd do if the wrong government took over, how we'd communicate, etc., but I like to talk about it in the same way you might discuss how you'd flee the country if you really needed to.

I am much more interested in mail encryption as a more secure way to send messages.
 
2014-08-08 10:50:31 AM

skeevy420: bdub77: dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).

Low tech is mostly the way to go nowadays. 

Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.

While keyloggers are very real, I think we somewhat overestimate the capabilities of the NSA.

If you're that paranoid then just do all the confidential stuff on a Kali Live DVD in GEdit, encrypt the resulting text file, followed by hiding it in a kitten pic, save the kitten pic on an external flash drive, boot up Windows, send an email about a funny cat pic you found, call the person and say use X program followed by Y program to get the actual message...Even more paranoid....do it all via the Tor network or with a VPN...Even moar paranoid....embed the altered cat pic in a 2nd cat pic...


With all that, you may as well just deliver it on horseback.
 
2014-08-08 10:51:09 AM

skeevy420: bdub77: dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).

Low tech is mostly the way to go nowadays. 

Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.

While keyloggers are very real, I think we somewhat overestimate the capabilities of the NSA.

If you're that paranoid then just do all the confidential stuff on a Kali Live DVD in GEdit, encrypt the resulting text file, followed by hiding it in a kitten pic, save the kitten pic on an external flash drive, boot up Windows, send an email about a funny cat pic you found, call the person and say use X program followed by Y program to get the actual message...Even more paranoid....do it all via the Tor network or with a VPN...Even moar paranoid....embed the altered cat pic in a 2nd cat pic...


Seems like a lot of work just to let the guys know I'm bringing beer to game night.
 
2014-08-08 10:53:10 AM

bdub77: I think we somewhat overestimate the capabilities of the NSA.


Back when I was an actual "ditty bopper", we had an unbelievable array of specialized, computerized equipment to intercept communications that only required a couple of shortwave receivers, an antenna, and a typewriter to accomplish effectively.   The computerized console I worked at had 2 screens, and the keyboard had 206 keys, knobs, and buttons (yes, I counted one midshift when I was bored), and a 6 foot rack of mostly high-tech and classified equipment*.  And this was in 1986.

Overkill is what they do.


*Only exception:  A reel-to-reel tape recorder.  But the only use I can ever recall for it was to record rock songs off of Superrock KPOI and then flip the reels to see if there was a backwards message.
 
2014-08-08 10:57:04 AM

MasterAdkins: Will it stop Google from reading your email?


No, but paying them will.  Well at least for ads anyway.

All web based mail services have to read your mail to some extent.  The basic part is the envelope information so it know where to deliver it. More over, how else can you have a searchable index, auto complete email addresses, rules based on message content, spam filtering and other features?

If you are that worried over it, stand up your own mail server.
 
2014-08-08 11:06:54 AM
I guess I don't see the point when all the government has to do is send a letter saying "give us that data".
 
2014-08-08 11:07:23 AM

wingnut396: MasterAdkins: Will it stop Google from reading your email?

No, but paying them will.  Well at least for ads anyway.

All web based mail services have to read your mail to some extent.  The basic part is the envelope information so it know where to deliver it. More over, how else can you have a searchable index, auto complete email addresses, rules based on message content, spam filtering and other features?

If you are that worried over it, stand up your own mail server.


Well first, running your own SMTP server is usually not an option, because vast swaths of IP address space are blacklisted as 'Thar be Users here!', and therefore a server at such addresses is likely to be improperly secured, and considered a probable spam source.  So no outbound mail for you!

Second, the server isn't an endpoint, and that is where encryption security is real important.  Encrypt BEFORE it enters SMTP, in YOUR machine.   Decrypt AFTER it gets to you, in YOUR machine.
 
2014-08-08 11:08:41 AM
It was Superrock KYOI, btw.
 
2014-08-08 11:09:29 AM

HotWingConspiracy: I guess I don't see the point when all the government has to do is send a letter saying "give us that data".


Precisely.
 
2014-08-08 11:09:43 AM

gggoddammitt: skeevy420: bdub77: dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).

Low tech is mostly the way to go nowadays. 

Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.

While keyloggers are very real, I think we somewhat overestimate the capabilities of the NSA.

If you're that paranoid then just do all the confidential stuff on a Kali Live DVD in GEdit, encrypt the resulting text file, followed by hiding it in a kitten pic, save the kitten pic on an external flash drive, boot up Windows, send an email about a funny cat pic you found, call the person and say use X program followed by Y program to get the actual message...Even more paranoid....do it all via the Tor network or with a VPN...Even moar paranoid....embed the altered cat pic in a 2nd cat pic...

With all that, you may as well just deliver it on horseback.


Depending on PC boot up speed, actual knowledge of the process, and a short message, this is maybe a 5-10 minute deal.



wingnut396: Seems like a lot of work just to let the guys know I'm bringing beer to game night.


Obviously this isn't for "I'm bringing beer to game night" (unless you're under the drinking age and trying to hide messages from parents). This is more for sending financial records, drug deals, terror cells, medical information...basically, anything you don't want other people to know about.

Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already (not sure if an all-in-one actually exists or not, but I do know that manually doing all this has been around since I've been on the internet at 6 years old...29 now...and it's all relatively strait forward and easy to do).

I do think they have an Android app to do the same thing for text messages and what not, only they don't embed it in a pic before sending.

Note that I'm not even going into taking the OG encrypted file, splitting it up, embedding each piece into a different pic/video/mp3/whatever...maybe leaving in an easy to find and decrypt dummy message in case someone is on to you.
 
2014-08-08 11:16:43 AM

dittybopper: HotWingConspiracy: I guess I don't see the point when all the government has to do is send a letter saying "give us that data".

Precisely.


Well, If the technology was set up right, the government would end up with a dump of cipher-text, because the service wouldn't have a key.

But, like they are going that as a best practice.  Sure.

/But the government could serve you with the letter.  But at least then you know they cared.
//at least until they force key-escrow on people
 
2014-08-08 11:19:44 AM

dittybopper: bdub77: I think we somewhat overestimate the capabilities of the NSA.

Back when I was an actual "ditty bopper", we had an unbelievable array of specialized, computerized equipment to intercept communications that only required a couple of shortwave receivers, an antenna, and a typewriter to accomplish effectively.   The computerized console I worked at had 2 screens, and the keyboard had 206 keys, knobs, and buttons (yes, I counted one midshift when I was bored), and a 6 foot rack of mostly high-tech and classified equipment*.  And this was in 1986.

Overkill is what they do.


*Only exception:  A reel-to-reel tape recorder.  But the only use I can ever recall for it was to record rock songs off of Superrock KPOI and then flip the reels to see if there was a backwards message.


If the government is interested in you, you're f*cked. But how is that really any different from any government that currently exists on earth? I'm only saying you might be able to fool them for a bit by avoiding keylogging and other common input methods. But hey maybe not if they are REALLY into you. They probably know what you ate better than you do. There are alternative options to send communications like using other devices, one time pads, and of course low tech stuff. But at that point you are probably doing something you shouldn't be doing. I'm not a conspiracy nut and I don't think the government is after me.

Yes it's Stasi level kind of monitoring but on the other hand, even if we could control what the government can and can't do at the level of US citizen, the Russians could also know what you jerk to at night. It's not like they don't have guys looking for the same details. The Chinese supposedly have top notch hackers.

Government hacker intrusion prevention in Google's case is probably much more aligned with preventing country-sized hackers. Chinese, Russians, Indians, EU, etc. Is it reliably preventative? I wouldn't trust it.

Ironically, Google steals information about you all the time. Your privacy to them is practically non-existent. I'd like to see a much more stronger push to the concept of a human being as existing in a privacy bubble where any personal information is encrypted in the transaction and the software/company touching that information is firewalled from any information about the person and can only use that info to process a transaction. But that doesn't work all so well and the real-world need to communicate between people still exists, so when you call your credit card company to dispute a charge they still have to verify you are who you are.
 
2014-08-08 11:19:58 AM
skeevy420:
Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already

If it came standard, it would already have a counter by the time you installed it. Not saying such a program isn't a good idea, just that making it part of a package deal is counter productive. The best thing to do is to keep it exclusive.

/Not a computer guy myself, but not a complete idiot either
 
2014-08-08 11:27:09 AM

gggoddammitt: skeevy420:
Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already

If it came standard, it would already have a counter by the time you installed it. Not saying such a program isn't a good idea, just that making it part of a package deal is counter productive. The best thing to do is to keep it exclusive.

/Not a computer guy myself, but not a complete idiot either


PGP and GPG as well as secure-MIME integrated email has been around for a while.   But the problem is there isn't really a widely adopted standard,  so its still not very user friendly if you don't know what flavors and keys of encryption to use.
 
2014-08-08 11:30:25 AM

Vlad_the_Inaner: gggoddammitt: skeevy420:
Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already

If it came standard, it would already have a counter by the time you installed it. Not saying such a program isn't a good idea, just that making it part of a package deal is counter productive. The best thing to do is to keep it exclusive.

/Not a computer guy myself, but not a complete idiot either

PGP and GPG as well as secure-MIME integrated email has been around for a while.   But the problem is there isn't really a widely adopted standard,  so its still not very user friendly if you don't know what flavors and keys of encryption to use.


I'm starring you two as Program Nerd and Another Program Nerd. Any preference on color?
 
2014-08-08 11:32:18 AM

Vlad_the_Inaner: wingnut396: MasterAdkins: Will it stop Google from reading your email?

No, but paying them will.  Well at least for ads anyway.

All web based mail services have to read your mail to some extent.  The basic part is the envelope information so it know where to deliver it. More over, how else can you have a searchable index, auto complete email addresses, rules based on message content, spam filtering and other features?

If you are that worried over it, stand up your own mail server.

Well first, running your own SMTP server is usually not an option, because vast swaths of IP address space are blacklisted as 'Thar be Users here!', and therefore a server at such addresses is likely to be improperly secured, and considered a probable spam source.  So no outbound mail for you!

Second, the server isn't an endpoint, and that is where encryption security is real important.  Encrypt BEFORE it enters SMTP, in YOUR machine.   Decrypt AFTER it gets to you, in YOUR machine.


If you are encrypting from end point to end point, then the fark would you be worried that Google would be reading your mail?
 
2014-08-08 11:35:47 AM

Vlad_the_Inaner: gggoddammitt: skeevy420:
Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already

If it came standard, it would already have a counter by the time you installed it. Not saying such a program isn't a good idea, just that making it part of a package deal is counter productive. The best thing to do is to keep it exclusive.

/Not a computer guy myself, but not a complete idiot either

PGP and GPG as well as secure-MIME integrated email has been around for a while.   But the problem is there isn't really a widely adopted standard,  so its still not very user friendly if you don't know what flavors and keys of encryption to use.


The problem is not people who are worried about it.  The problem are the people out there that can't figure how to type in an email address, much less exchange keys and then start encrypting mail with other people.
 
2014-08-08 11:43:32 AM

dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).


It does matter. Right now the chief way the scrumbags operate is mass surveillance. Things like this take that away. Making it so they can't scoop people up in bulk is a huge victory. You're still going to be vulnerable to many different things, but they are going to have to actually target you, which means (hopefully) at some point they are going to have to show justification for doing so.
 
2014-08-08 11:43:53 AM

wingnut396: If you are encrypting from end point to end point, then the fark would you be worried that Google would be reading your mail?


You wouldn't.  That's why the criticism that the previous proposal (own your server) was on the wrong track was made.
 
2014-08-08 12:00:42 PM
 

skeevy420: Depending on PC boot up speed, actual knowledge of the process, and a short message, this is maybe a 5-10 minute deal.


If you have the skill to do what you said, you have the skill to roll it all up into a nice tidy script for ease of use I would think.

<keeps reading...>

skeevy420: Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already (not sure if an all-in-one actually exists or not, but I do know that manually doing all this has been around since I've been on the internet at 6 years old...29 now...and it's all relatively strait forward and easy to do).


Oh, there it is.

But why why reinvent the wheel? Use your favorite OpenPGP implementation (GPG is probably included on whatever distro you are using anyway) and an off the shelf email client plugin such as https://emailselfdefense.fsf.org/en/. Viola, public key encrypted emails.

/*
I don't encrypt anything personally.
I also accept that there are lots of organizations spying on my online activities, and I don't think the U.S. government is one of them. Google probably already knows all your dirty secrets by now anyway. Who cares, we are in the post-privacy era already IMO.
*/
 
2014-08-08 12:06:22 PM

bdub77: If the government is interested in you, you're f*cked. But how is that really any different from any government that currently exists on earth? I'm only saying you might be able to fool them for a bit by avoiding keylogging and other common input methods. But hey maybe not if they are REALLY into you.


You know why spies still to this very day get instructions over shortwave radio, using one time pads, despite that method being ancient (70+ year old) technology?

Because it's untraceable and unbreakable.

If you have an opponent that is much more technologically advanced, and there is simply no way any individual or small group of individuals can possibly hope to have better technology than the NSA, BND, GCHQ, etc., then the best way to handle that is to go low-tech.  Don't play to their strengths.
 
2014-08-08 12:08:13 PM
Meh. I ROT13 all my email.

Least encryption is best encryption.

It's like using 12345 on your luggage... nobody will even bother trying that.
 
2014-08-08 12:08:55 PM

That Guy Jeff: dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.

Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).

It does matter. Right now the chief way the scrumbags operate is mass surveillance. Things like this take that away. Making it so they can't scoop people up in bulk is a huge victory. You're still going to be vulnerable to many different things, but they are going to have to actually target you, which means (hopefully) at some point they are going to have to show justification for doing so.


You know, even using e-mail at all, encrypted or not, or any other computerized communication, leaves you at their mercy:

http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-fi nd -paul-revere/
 
2014-08-08 12:14:33 PM

dittybopper: Only real way to be sure is to manually encrypt, and just type the ciphertext into the e-mail.  It takes longer, obviously, but if it's something you don't want them to read, provably more secure (depending on the encryption algorithm).


I usually use ROT26, but I'm kind of an advanced hacker type and it's not for everyone.
 
2014-08-08 12:21:24 PM

gggoddammitt: skeevy420:
Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already

If it came standard, it would already have a counter by the time you installed it. Not saying such a program isn't a good idea, just that making it part of a package deal is counter productive. The best thing to do is to keep it exclusive.

/Not a computer guy myself, but not a complete idiot either


Not necessarily.  If the GUI is just a wrapper for a script that uses already available security tools, preferably the open source ones, then you're essentially saying that the available tools are useless (some are) and making it easy to combine and implement them isn't worth doing because it'll be insecure by release.



Vlad_the_Inaner: PGP and GPG as well as secure-MIME integrated email has been around for a while.   But the problem is there isn't really a widely adopted standard,  so its still not very user friendly if you don't know what flavors and keys of encryption to use.


Yes sir. That's why I suggested doing it manually, using whatever protocols you feel are sufficient, and having the person on the other end knowing said protocols. The only problem with mass adopted protocols is the "hackers" (anyone from NSA to Russian/Chinese hackers to the local neighborhood script kiddie) will have a specific platform to target to find an exploit. At least with my GUI wrapper hypothetical method, various encryptions and methods could be selected at random, only known to the sender and receiver, which is much more secure than doing it one way and one way only (a mass adopted solution).

gggoddammitt: I'm starring you two as Program Nerd and Another Program Nerd. Any preference on color?


Green or Blue. I like both colors

wingnut396: The problem is not people who are worried about it.  The problem are the people out there that can't figure how to type in an email address, much less exchange keys and then start encrypting mail with other people.


It really doesn't matter...In the end, most people will highly encrypt their crap and use the password "1234asdf"....warning, this password is insecure, please use a combo of uppercase, lowercase, numbers, and symbols.....umm, ok, "!234Asdf" password accepted...
 
2014-08-08 12:29:44 PM

but whole: skeevy420: Depending on PC boot up speed, actual knowledge of the process, and a short message, this is maybe a 5-10 minute deal.

If you have the skill to do what you said, you have the skill to roll it all up into a nice tidy script for ease of use I would think.

<keeps reading...>

skeevy420: Hell, a good programmer could automate the entire process (encryption and decryption, embedding and removing) so all the end users would have to do is type, click send, receive message, click decrypt...I'm actually surprised some of the hacker-esque Linux Lives don't include such a program, or made such a program, already (not sure if an all-in-one actually exists or not, but I do know that manually doing all this has been around since I've been on the internet at 6 years old...29 now...and it's all relatively strait forward and easy to do).

Oh, there it is.

But why why reinvent the wheel? Use your favorite OpenPGP implementation (GPG is probably included on whatever distro you are using anyway) and an off the shelf email client plugin such as https://emailselfdefense.fsf.org/en/. Viola, public key encrypted emails.

/*
I don't encrypt anything personally.
I also accept that there are lots of organizations spying on my online activities, and I don't think the U.S. government is one of them. Google probably already knows all your dirty secrets by now anyway. Who cares, we are in the post-privacy era already IMO.
*/


I don't encrypt either, doesn't mean I don't know how or that I couldn't wrap it all up in a bash script. A text to GPG script wouldn't be hard to make at all. Now, the splitting of it, embedding it, and all that jazz, I'd have a problem with that, but mainly because it's been about 10 years since I've bothered looking into it.

But why reinvent the wheel....you basically said use what comes prepacked with everything and is a basic standard where I suggest a method that wraps up all sorts of methods giving the user the choice as to what method(s) to use. There's a bit of a difference there....

FWIW. I suspect that all the high level surveillance agencies can already counter most, if not all, of the known methods to encrypt a file, file system, or anything for that matter. Encryption only possibly stops the low level agencies and foreign hackers.
 
2014-08-08 12:34:16 PM

but whole: I don't encrypt anything personally.


Truthfully, neither do I.

But I know how to, just in case I need to.
 
2014-08-08 12:34:31 PM
Somebody needs to make it work, because every other attempt has failed. Tormail got shut down. I thought Bitmessage went down also but apparently not, nonetheless they're obscure. Anon remailers are obscure as hell and a constant abuse problem. Bote is still working but I2P is even more unknown than TOR.

It's hard to keep services running without some kind of money coming in to keep things going. Anybody who wants to be anonymous themselves has every reason to anonymize others (because of how anonymity works) but good luck making it work as a hobby.
 
2014-08-08 12:35:03 PM

j  f  y  e  l  t  t  p  t  o  a  a  m  a  e  w
 u  o  o  m  i  h  o  i  h  f  l  a  u  s  n  o
  s  r  u  a  k  i     s  e  f  m     c     c  u
   t  m  r  i  e  s     s  m     o     h     r  l
       a     l                    t           y  d
        t                                      t
                                                i
                                                 n
                                                  g

/Mass grep this, suckers

 
2014-08-08 12:40:19 PM

dittybopper: Won't matter.  If they want to find out what you are saying, they'll just use a keylogger or other software to get the plaintext.


Sure. If the NSA is  that interested in you, they can expend the effort to spy on you in any number of myriad ways. Hell, they can just plant good old-fashioned bugs if they're that interested.

The purpose of things like this is to avoid casual surveillance. You know, the sort where the NSA just hoovers up your data and then performs data mining operations against it.
 
2014-08-08 12:40:58 PM

Vlad_the_Inaner: /Mass grep this, suckers


You know,  I'd like to trademark that as "quizzical dog cryptography"

/comes in clockwise and counter-clockwise flavors
 
2014-08-08 12:47:57 PM
"Oh, you won't let us read your emails? Those are some nice tax breaks we give you, shame if something were to happen to them."
 
2014-08-08 01:04:48 PM

Eddie Adams from Torrance: Meh. I ROT13 all my email.

Least encryption is best encryption.

It's like using 12345 on your luggage... nobody will even bother trying that.


That can be true more than you think.

We had an old UNIX system at work that was no longer used in production, but that I needed to extract some data from.   Unfortunately the root password that we had recorded for it did not work.   I spend several days trying every trick I knew to get into that box without success.

Finally in frustration I simply swatted the return key when it asked me for the password.... and I was in!

I still don't know how the password got set to null, it's a good thing it was in a locked room with no network access  :)
 
2014-08-08 01:39:29 PM

Vlad_the_Inaner: j  f  y  e  l  t  t  p  t  o  a  a  m  a  e  w
 u  o  o  m  i  h  o  i  h  f  l  a  u  s  n  o
  s  r  u  a  k  i     s  e  f  m     c     c  u
   t  m  r  i  e  s     s  m     o     h     r  l
       a     l                    t           y  d
        t                                      t
                                                i
                                                 n
                                                  g

/Mass grep this, suckers


IANOY HEXOF RGXOT LTSXE XTUXL  RIYXT HXAXA TOGOA MSUNI
UOXTI XSSOX IDXGW EPN


Read this thread if you need a hint:

http://www.fark.com/comments/7928839/If-you-can-crack-this-code-you- co uld-be-next-James-Bond-AWVLI-QIQVT-QOSQO-ELGCV-IIQWD-LCUQE-EOENN-WWOAO -LTDNU-QTGAW-TSMDO-QTLAO-QSDCH-PQQIQ-DQQTQ-OOTUD-BNIQH-BHHTD-UTEET-FDU EA-UMORE-SQEQE-MLTME-TIREC-LICAI-QATUN-QRALT-ENEIN-RKG?startid=8641641 7&from_page=geek#new
 
2014-08-08 02:00:55 PM

dittybopper: IANOY HEXOF RGXOT LTSXE XTUXL RIYXT HXAXA TOGOA MSUNI
UOXTI XSSOX IDXGW EPN

Read this thread if you need a hint:


But I don't even LIKE Ovaltine!
 
2014-08-08 02:04:44 PM

skeevy420: FWIW. I suspect that all the high level surveillance agencies can already counter most, if not all, of the known methods to encrypt a file, file system, or anything for that matter. Encryption only possibly stops the low level agencies and foreign hackers.


It depends on a number of things, including the size of the key, the amount of data that is encrypted, and how predictable the data itself is.
 
2014-08-08 02:06:58 PM

bdub77: Use a microphone with something like Dragon naturally speaking, that avoids the keylogger. And hide the contents of the message on the screen. That would force the NSA to use some kind of really wicked software that logs audio transmissions made into the computer, which while not absurd would certainly be harder for them.


Just to pick nits; software keyloggers would still see the text.  Most text to speech products emulate keyboards as a HID.  You would only be safe from an in-line hardware keylogger.
 
2014-08-08 02:11:33 PM

dittybopper: Don't mistake "capacity" with "capability".

They may not have the actual capacity to pull the plaintext or audio or whatever they want off of every computer/tablet/phone, but they certainly have the capability to do it nearly any individual device that is connected to the intarwebs.


The one capability that *I* wonder about, does the government have a back door into RSA encryption?
 
2014-08-08 02:23:35 PM
countermail.com
lockbin.com

they already exist, goodle people.
 
2014-08-08 02:25:06 PM

SteakMan: dittybopper: Don't mistake "capacity" with "capability".

They may not have the actual capacity to pull the plaintext or audio or whatever they want off of every computer/tablet/phone, but they certainly have the capability to do it nearly any individual device that is connected to the intarwebs.

The one capability that *I* wonder about, does the government have a back door into RSA encryption?


Factoring numbers is easier to understand, so it's probably harder to come up with a phenominally easier way to do it.  Elliptic Curves are a lot fuzzier (well it is to me).

/But there was that prime numbers clustering on a spiral thing.   I forget who came up with that and where its gone from last time I saw it.  But something like that.

/And if they break the factoring thing, they'll likely mess up a bunch of Diffie-Hellman standards too
 
2014-08-08 02:36:12 PM
Unbreakable encryption has been around for a very, very long time.  Hand your co-conspirator a 32GB thumb drive full of truly random bits the next time you meet, and it should be enough to one-time pad encrypt all the text communications you will ever send, even with still images included from time to time.  Videos, not so much.  No amount of computing power can defeat a one-time pad, nor can "quantum computing".

Of course, if the government really wants to know what you've been sending they can just torture you until you tell them.
 
2014-08-08 02:41:32 PM

SteakMan: dittybopper: Don't mistake "capacity" with "capability".

They may not have the actual capacity to pull the plaintext or audio or whatever they want off of every computer/tablet/phone, but they certainly have the capability to do it nearly any individual device that is connected to the intarwebs.

The one capability that *I* wonder about, does the government have a back door into RSA encryption?


If it did, and it was commonly doing that, I'd assume it would be in one of the things Snowden stole, and that we'd probably know about it by now.
 
Displayed 50 of 66 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report