[liberationtech] the 14th reason not to start using PGP is out!

[Moon Jones]

carlo von lynX:
>    These days mail tools are too complicated. Here come enigmail
>    that is in charge of encrypting mails before they leave Thunderbird.
>    But wait, didn't Thunderbird just store a draft?

That's silly!

You are mistaken people who like to play with signatures with the rest
of the world. Why rely on a crap extension with its own vulnerabilities
when you can think portable?!? A simple text editor. Keep text encrypted
all the time. You can inject it in webmail, over an unsecured line, at
some party on host's computer. Yea, the one with lots and lots of
viruses. You reveal location. But OTP can make that the only problem.

> I also recently had noticed that keyserver lookups are in cleartext by
> default, which is utter madness, but that at least is being fixed and
> there is good info on how to do so in [65].

You're a bit nearsighted. But that is good. You are starting to notice
things. We need more voices rising. Only don't hope to get to touch the
higher plane in less than few years.

For that Tor gives people the dot onion! A keyserver as a hidden service
just gets personal protection from Tor. It's good. It's less than
perfect. If there can be such a thing as perfect security.


> Still, I wasn't expecting
> that behaviour and thus exposed one of my social contacts when I did
> this.

In theory bad. In practice that is only the first step. You should move
on. And they should too. If you are arma at tor project that could be an
issue. If not, no bad.