[liberationtech] the 14th reason not to start using PGP is out!

Tempest tempest at tushmail.com
Fri Nov 22 13:03:14 PST 2013 

carlo von lynX:
> You are talking of the tech as if it was a person and I was insulting
> it. 

no. i was pointing out that you expect the tech to provide a function
for which it was never intended. if you want anonymity, encrypt your
hard drive and install one of the many flavors of operating systems that
are powered by tor. then, create your pgp keys after that and host it on
a .onion.

> No, all they need is to start using a software that does all of that
> BY DEFAULT and there is no way to do it wrong BY DESIGN.

lol! and what is such a tool? you seem to think pond is the current
answer. tell us what pond servers are reachable by anyone using the
standard old e-mail system. you ignore that obvious problem that users
are going to have with somehting like pond. since you've ignored it
multiple times now, you can create anonymous e-mail accounts over tor.
you can encrypt those e-mails with pgp. it's a good secure design which
still allows people who don't use pond to be able to reach you.
additionally, perhaps you missed this from the pond developer?

"So Pond is not email. [...] Dear God, please don't use Pond for
anything real yet. I've hammered out nearly 20K lines of code that have
never been reviewed. Unless you're looking to experiment you should go
use something that actually works."

https://pond.imperialviolet.org/

the ending of the last sentence with "actuallly works" is a hyperlink.
care to guess where it goes? i'll spare you the pain. "gunpg.org."

> This is all too complicated for people to even grasp let alone follow
> and I bet half of the points in the 14 reasons still apply also to this set-up.
> I leave it as an exercise to an interested reader to check.

no, it really isn't. you use tor for your network connectivity and you
use gnupg for e-mail encryption.

> That's why neither Pond nor Susimail nor RetroShare nor TorChat nor Bitmessage
> store any clear text data on any servers! (How many more tools do I have to list
> to make you see that there is plenty of ferment in the scene of future
> communication tools?)

list as many as you want. you fail to understand that a compromised
system renders any protections they may provide moot. use of gpg,
however, still provides security if you are communicating across
compromised systems. your ranting has gotten incredibly childish. nobody
has ever pretended that encryption and anonymity technology couldn't be
made more user friendly. but, that's not the position you've been
pushing. rather, you've been writing rather ignorant nonsense uner the
guise of why people shouldn't use something that is proven to work.

> Actually it's not. It took them quite some effort to find silkroad and it
> probably didn't even involve tracing Tor - at least there is no proof of
> that. I think any federated social web software is a better example of
> how servers get you compromised because of http://my.pages.de/dsn-vn/

you don't even understand what i was talking about. everyperson on that
site who uses gpg to encrypt their communications between each other
didn't have to worry about a knock on their door from the authorities as
a direct result of providing a buyer or seller with their address. the
site was compromised and, as a direct result, people who did not encrypt
their communications were located. how the site was compromised is
unimportant. the fact is that those who uses something like pgp were not
immediately compromised, if compromised at all.

> Unless they get at your private key. 

duh.

> Why are we talking of servers that have all the messages in cleartext?

because you and another user signed on to the silly notion that one
didn't need to use encryption on a server within the tor network. i
provided a very real world example on why you should.

anyways, when you actually have something more mature or knowledgeable
to add to this discussion, i'm sure you'll receive more welcome from
other users. but, so far, all you've done is complain about a technology
while telling people they shouldn't start using it.

-------------------------------------------------

VFEmail.net - http://www.vfemail.net
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!

More information about the liberationtech mailing list