-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, David. The discussions I have had so far with FSFE people, Ben Webb and a few others have lead me to believe that
- - GPG is bulletproof unless you "cheat" by stealing keys - - OTR is also bulletproof right now - - and that wile using these tech's is a flag to the spooks, the more flags there are, the safer are the people who seriously need to encrypt. A woods-trees analogy. - - lastly, the encryption that has been "broken" is predominantly things like skype, etc etc.
The crypto party manual, and the manuals the mick uses are about GPG, OTR (and Tor, about which I know little so far), so I don't really see the need for a version two of crypto party. Verion one still seems to cover things which are working.
Realistically, I am not technically skilled enough to debate most of these things with you. My method has been to briefly check that, on the whole, GPG/OTR/TOR are still working, and then dive into fighting back en masse.
I refuse to accept that there is nothing I can do ;)
A X
On 07/09/13 16:38, David Bolton wrote:
Hi Anna (& list)
Unfortunately, I'm not sure that a cryptoparty quite cuts it any more, in this post-Snowden world. It all feels a little too "last year".
Besides, what would we teach people?
As the various articles have revealed, actually using PGP/GPG is simply a flag to the spooks to monitor you even more closely. Personally, I don't really trust any of the PGP versions released this century (I used DOS PGP in the 90s - as part of my job - but v3.6.3i is the last one I ever published a key for). Even Phil Zimmerman no longer uses PGP - as he stated in this interview last month: http://www.forbes.com/sites/parmyolson/2013/08/09/e-mails-big-privacy-proble...
GPG might be more secure, but I've not messed with it since last year,
when I found that the key generation module in GPG4Win wasn't working properly.
We've known for a while that SSL can't be trusted on mobile browsers - as the telecoms providers perform a man-in-the-middle decrypt/re-encrypt on the stream (ostensibly so they can squeeze graphics to speed up page loading - but we now know who else gets to see the "temporary" plaintext). And the latest revelations show that VPNs can be cracked, if the spooks really want to look inside.
I could even see TOR being rendered useless soon - as fewer exit nodes can be trusted (many will already be run by government agencies - the others are going to be raided one-by-one using whatever bogey-man excuse works best under the laws of the resident's country). The recent botnet surge on TOR is probably a sign of the end-times: http://arstechnica.com/security/2013/09/sudden-spike-of-tor-users-likely-cau...
Online privacy/security is a massively complex topic - and (IMO) quite a fascinating one. There are many more techniques left in the armoury - OTR could be a useful one (maybe) - but many are not developed enough yet for use by "the masses", and are more like curiosities for academic study than practical tools.
If you've not seen it, read this piece by Bruce Schneier: http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-survei...
But you are right, Anna, in that this is now a very hot topic. The Mailpile project, on IndieGoGo, is currently at 147% of its $100K funding target, with 4 days to go - and the comments show that donors are mostly concerned about email privacy: http://www.indiegogo.com/projects/mailpile-taking-e-mail-back
A cryptoparty may still be a good idea - but it might just have to be Cryptoparty Ver2 (post Snowden).
Regards
David
On 06/09/13 12:21, Anna Morris wrote:
I am wondering if, following the news today about GCHQ trying to break bank and email encryption etc, we could run a massive crypto-party in Manchester - perhaps with the peoples assembly against austerity? (they have an email list with about 800 names on, all of which could potentially be intrested)
http://www.cryptoparty.in http://thepeoplesassembly.org.uk/
Any Thoughts?
(I know very little about this stuff!)
Best
Anna
_______________________________________________ Manchester mailing list Manchester@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/manchester