Best Online Privacy Email Services & How To Use PGP
DASSfox
services or a nice method for using your own client?
I know all the answers this post is for the noobs...
Now I'm sure that if you really want to have the best privacy and
security then it's best to use your own email client and use like
GnuPG, but when you're out on the road or need a lot of email
accounts, this is where I see having a nice webmail account handy.
Gmail is good...
Careful though it is in beta...
So besides listing any encrypted email services you may know, if
anyone knows of any nice simple methods for using PGP on a client,
like as an example Enigmail for Thunderbird, or any client or app you
might know to use with a client to make it nice and simple, please
share...
Later I will explain PGP to everyone in detail...
THANKS
--
Tech, computer repair specialist (on the side), part time Tech
(employer) cooker, camper, coder, consultant, cuntsman, cool as a
cucumber...Paul Fox www.dasfox.com http://about.me/dasfox Contact:
http://www.dasfox.com/blog/2009/05/~/contact.aspx
nix
> Well the title says it, anyone know any good online encrypted email
> services or a nice method for using your own client?
>
> I know all the answers this post is for the noobs...
>
> Now I'm sure that if you really want to have the best privacy and
> security then it's best to use your own email client and use like
> GnuPG, but when you're out on the road or need a lot of email
> accounts, this is where I see having a nice webmail account handy.
>
> Gmail is good...
>
> Careful though it is in beta...
>
> So besides listing any encrypted email services you may know, if
> anyone knows of any nice simple methods for using PGP on a client,
> like as an example Enigmail for Thunderbird, or any client or app you
> might know to use with a client to make it nice and simple, please
> share...
>
> Later I will explain PGP to everyone in detail...
>
> THANKS
Well, I'm going to say those all have possibilities. But you know, at
the end of the day, I'm probably still going to use the Hushmail addy
with the Java enabled, because, honestly, if it was good enough for
Thomas Drake, it works for me.
I mean he's NSA IT turncoat. I can't think of a better endorsement.
Hushmail should put it on the log-in page.
Cryptoheaven looks about the same.
I say, let's pick one already, and start writing
Oh, just kidding. ;) ;0)
--
Don't FUCK with me. I'm tuff. And stupid but don't dare FUCK with me.
casperian
Countermail has been discussed here and they are in Panama if I
remember correctly. Same place as Cryptohippie and Xerobank and the
Canal.
--
A Billion for a Billion
nix
I love the look of Countermail, casperian. Sooo sexy and black and
green sort of retro Goth and all. ;) Servers in Sweden, I think.
casperian
Ooops. I have them confused with some else. I wonder who? It was a
service that was discussed here. Yahoo!
DASSfox
> Well the title says it, anyone know any good online encrypted email
> services or a nice method for using your own client?
>
> I know all the answers this post is for the noobs...
>
> Now I'm sure that if you really want to have the best privacy and
> security then it's best to use your own email client and use like
> GnuPG, but when you're out on the road or need a lot of email
> accounts, this is where I see having a nice webmail account handy.
>
> Gmail is good...
>
> Careful though it is in beta...
>
> So besides listing any encrypted email services you may know, if
> anyone knows of any nice simple methods for using PGP on a client,
> like as an example Enigmail for Thunderbird, or any client or app you
> might know to use with a client to make it nice and simple, please
> share...
>
> Later I will explain PGP to everyone in detail...
>
> THANKS
I forgot if you use an email client then the person on the other end
is going to have to be able to receive and decrypt...
I think for now what I was looking more for was that I can encrypt and
if I want to sent a private email from my end if the person doesn't
have the ability like with Hushmail they type in a captcha and they
can read...
So at least in route I guess everything is safe and private...
This is what I was more concerned with...
What ya think...?
DASSfox
I think you're being wise towards me, especially with that foolish
wink...
Not valid on Usenet...
So why don't you explain how someone with their own encryption methods
are going to send emails to all their clueless, non-techie friends,
as well as to all email communications you want to do on the internet
for various things one can imagine and then send and receive
encrypted email when no one else is using anything but you?
Speak Tech talk if you want MY respect...
nix
Well, actually, I think you're being foolish, pretending that you
think that's a "wise" remark. So we're halfway there.
> Not valid on Usenet...
Forgot where I is ;0)
> So why don't you explain how someone with their own encryption methods
> are going to send emails to all their clueless, non-techie friends,
> as well as to all email communications you want to do on the internet
> for various things one can imagine and then send and receive
> encrypted email when no one else is using anything but you?
I use Hushmail. Anyone who cares knows that. I think you do, too. :)
> Speak Tech talk if you want MY respect...
011010010 01001110 11010001 ;0)
DASSfox
Fuckoff bitch...
THANKS
Kulin Remailer
DASSfox <dAS...@wildersecurity.com> wrote:
>
> Well the title says it, anyone know any good online encrypted email
> services or a nice method for using your own client?
>
> I know all the answers this post is for the noobs...
>
> Now I'm sure that if you really want to have the best privacy and
> security then it's best to use your own email client and use like
> GnuPG, but when you're out on the road or need a lot of email
> accounts, this is where I see having a nice webmail account handy.
>
> Gmail is good...
>
> Careful though it is in beta...
>
> So besides listing any encrypted email services you may know, if
> anyone knows of any nice simple methods for using PGP on a client,
> like as an example Enigmail for Thunderbird, or any client or app you
> might know to use with a client to make it nice and simple, please
> share...
>
> Later I will explain PGP to everyone in detail...
Why not just set up a server on one machine and all communicate
only through that server using SSL?
DASSfox
I asked for online private email...
Your idea isn't online now...
Understand...?
nix
What we have here again is a failure to communicate, DAASfox. The
point is, we have no way to determine the relationships under Roque
Holdings. Until we do, I'd rather save the innuendo and grand
conspiracy claims for, say, Abraxas. And if I have to pick between xb
and anonymizer, I'm back at the quiz bowl. Now, let's get our lockout
buzzers ready:
Using accepted tenets of complexity theory, a theory that treats
organizations and firms as collections of strategies and structures,
assign xb and Anonymizer to the acronym that best describes the
essence of their form, or in the vernacular, their "gestalt" :
A) CIA
B) MIA
C) TBA
D) WTF
And to make it fun, this can be one of those "tossup" questions. That
means only one person from your team gets to answer.
Aren't I a brilliant bitch you stupid turd? ;) ;))
Anne Onime
Incorrect.
Countermail is in Sweden.
DASSfox
OK...
I apologize...
But you do realize that no one has any idea WTF you are saying...?
http://platanalytics.com/ is your webisite it is totally
unintelligible...
Anyone...? Can translate this crap...?
nix
Surely you can redeem your coupons for a better look? wow DASSfox ;)
<http://platanalytics.com/wp-content/uploads/2010/12/Untitled.jpg>
Problems? Too much less than Taylor Swift for you? My intake-outtake
is you under the understand of Harry Potter or should I receipt Hairy
Potter?
DASSfox
Thanks "nix"...
Obviously...
I'm a Tech you think I'm that dumb...
Think again, "nix"...
DASSfox
Point made...
Your so interested in being the academic bitch from HELL that you
can't communicate...
DASSfox
>> <http://platanalytics.com/wp-content/uploads/2010/12/Untitled.jpg>
hahahahahha...
Missiles hit the Pentagon...
hahhahhaa...
Delusional bitch...
nix
> On Wed, 5 Jan 2011 05:27:32 -0500, DASSfox wrote:
>
>>> <http://platanalytics.com/wp-content/uploads/2010/12/Untitled.jpg>
>
> hahahahahha...
>
> Missiles hit the Pentagon...
>
> hahhahhaa...
>
> Delusional bitch...
Deny as the universe expends. wow DASSfox :)
<http://platanalytics.com/wp-content/uploads/2010/12/show_image_NpAdvSinglePhoto.php_.jpg>
Can't follow? Let's try my reality with yours subdued and integrated
often horizontally.
<http://www.platanalytics.com/wp-content/uploads/2010/11/dominatrix-1.jpeg>
wow DAASfox :)
DASSfox
coo coo bird...
etc. ...
Nomen Nescio
> Gmail is good...
> THANKS
> Oh, just kidding. ;0)
> Countermail has been discussed here and they are in Panama if I
> remember correctly. Same place as Cryptohippie and Xerobank and the
> Canal.
> --
> A Billion for a Billion
And giant black tarantulas!
Mr. B
> Well the title says it, anyone know any good online encrypted email
> services or a nice method for using your own client?
At this point, I can already see that bad advice is going to be given; if
you want encryption, online services are a really bad idea. Does nobody
remember the Hushmail debacle anymore?
Your keys should remain under your control, at all times. They should not
be stored on a third party server. They should not be decrypted by that
server, or by an applet which is sent by that server.
-- B
Mr. B
> [...]
>
> Well, I'm going to say those all have possibilities. But you know, at
> the end of the day, I'm probably still going to use the Hushmail addy
> with the Java enabled, because, honestly, if it was good enough for
> Thomas Drake, it works for me.
http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
So...remind me, why is Hushmail a good idea? Oh, that's right, it is not,
because your private keys are being stored on their servers, decrypted by an
applet their servers send fresh to you when you want to read your email, and
despite the fact that they are a Canadian company, the American DEA still
managed to pressure them into exploiting these serious vulnerability. It
does not take a crypto expert to see that Hushmail is a bad idea, almost as
bad as the clipper chip.
-- B
Fritz Wuehler
to apas unless you really fucking need to. Especially when you post to
alt.computer.security where they tolerate any fucking idiot we are going to
have to killfile you and your buddies because that shit doesn't go on
apas. Second of all don't respond to dassfox or quote him or any of his homo
buddies from wildasssecurity. They're all fucking morons and perennial
n00bs. If you wanna get good info on apas killfile everybody who doesn't
post through a remailer. If you're too damn stupid to figure out how to use
mix or a nym then we don't wanna talk to you.
Hito Shirezu
> On 5 Jan 2011 07:12:34 -0000, Kulin Remailer wrote:
>
>> In article <ig120h$912$1...@news.mixmin.net> DASSfox
>> <dAS...@wildersecurity.com> wrote:
>>>
>>> Well the title says it, anyone know any good online encrypted email
>>> services or a nice method for using your own client?
>>>
>>> I know all the answers this post is for the noobs...
>>>
>>> Now I'm sure that if you really want to have the best privacy and
>>> security then it's best to use your own email client and use like
>>> GnuPG, but when you're out on the road or need a lot of email
>>> accounts, this is where I see having a nice webmail account handy.
>>>
>>> Gmail is good...
>>>
>>> Careful though it is in beta...
>>>
>>> So besides listing any encrypted email services you may know, if
>>> anyone knows of any nice simple methods for using PGP on a client,
>>> like as an example Enigmail for Thunderbird, or any client or app you
>>> might know to use with a client to make it nice and simple, please
>>> share...
>>>
>>> Later I will explain PGP to everyone in detail...
>>
>> Why not just set up a server on one machine and all communicate only
>> through that server using SSL?
>
> I asked for online private email...
>
> Your idea isn't online now...
>
> Understand...?
Do YOU even begin comprehend the mind numbingly simple principal that
your "online private email" notion belies you as clueless? That the three
words at the epicenter of the thread YOU started, are, amusingly enough,
mutually exclusive?
How to quickly and thoroughly explain it to you in terms even someone
like you can grasp....
<hmmmm>
I know, an example. I'll set up a "private online email" server for you
to use. I double dog promise I won't post any of your "private" emails
here, or God forbid engage in any sort of identity theft using the
encryption keys I hold in escrow.
Concentrate real hard there Mr. "Tech"... it'll just might come to you
eventually.
Nomen Nescio
>
> > Well the title says it, anyone know any good online encrypted email
> > services or a nice method for using your own client?
>
> At this point, I can already see that bad advice is going to be given; if
> you want encryption, online services are a really bad idea. Does nobody
> remember the Hushmail debacle anymore?
Yeah but you're pissing into the wind. ASSfox is too stupid to live. Please
stop quoting him since the rest of us have already killfiled him. To put it
another way he and his asshat fuck-buddies are to apas what JSH and ming
fuk shen are to sci.crypt.
DASSfox
Hm so Hushmail is compromised...
nix uses Hushmail...
Everyone getting this...?
THANKS
nix
Roll out of the sinistra side of the high hanging one? Although, I did
like puppets when I was a little girl. These days, though, it takes
something a little more entertaining than a puppet show to keep me
amused. Some of you guys know what I mean, right? Ok, no. Seriously.
Ladies and gentlemen, Fritz as Dr. Rand Waltzman at DARPA. He’s ready
for the social science insiders. And they are ready for him. ;) ;0)
wow Fritz :)
DASSfox
I understand all this...
I'm not clueless here you know or I guess NO...
This is for noobs...
> I know, an example. I'll set up a "private online email" server for you
> to use. I double dog promise I won't post any of your "private" emails
> here, or God forbid engage in any sort of identity theft using the
> encryption keys I hold in escrow.
In escrow...? You confuse real estate with tech...
> Concentrate real hard there Mr. "Tech"... it'll just might come to you
> eventually.
I not only have it I got it...
Without escrow...LOL
or alt.idiots which I didn't take...NOTICE THAT?
DASSfox
> DASSfox wrote:
>
>> Well the title says it, anyone know any good online encrypted email
>> services or a nice method for using your own client?
>
> At this point, I can already see that bad advice is going to be given; if
> you want encryption, online services are a really bad idea. Does nobody
> remember the Hushmail debacle anymore?
I'm up to speed on Hush...
Anything nix uses I don't want by default...
> Your keys should remain under your control, at all times. They should not
> be stored on a third party server. They should not be decrypted by that
> server, or by an applet which is sent by that server.
>
> -- B
That way I can keep them on my Linux box or W7 box or MAC box...
I should have said the abbreviation 'nix but then noobs might think I
meant nix...
nix
Oh, come now.
You guys are so hard on Hushmail. But it's better than nothing, right?
Besides, are you talking about both the sender and recipient using the
same service? I mean, to a certain extent, email correspondence is
only as secure as least secure user anyway. If your recipients use
encryption and you want to talk to them enough, you'll use whatever
they want. But if they don't use encryption, and they want to, you'll
want to make it easy as possible. Which means that Hushmail and
Countermail both look good. Unless someone's worried about NSA. But if
that's the case, they probably already have a keylogger on their
machine anyway, so...oops ;0) ;)
Well, it wasn't the Hushmail that did Drake in :) ;0)
DASSfox
> Well the title says it, anyone know any good online encrypted email
> services or a nice method for using your own client?
>
> I know all the answers this post is for the noobs...
>
> Now I'm sure that if you really want to have the best privacy and
> security then it's best to use your own email client and use like
> GnuPG, but when you're out on the road or need a lot of email
> accounts, this is where I see having a nice webmail account handy.
>
> Gmail is good...
>
> Careful though it is in beta...
>
> So besides listing any encrypted email services you may know, if
> anyone knows of any nice simple methods for using PGP on a client,
> like as an example Enigmail for Thunderbird, or any client or app you
> might know to use with a client to make it nice and simple, please
> share...
>
> Later I will explain PGP to everyone in detail...
>
> THANKS
I think for now I might just sign up and use Safe-mail
http://safe-mail.net/
Sheesh it has to be better then Gmail, Hotmail, Yahoo, etc...
Ohh CounterMail has an account on Wilders...
To bad they didn't offer a small free account, I'd be there and
promoting it to others too if they did...
I know Safe-mail is from Israel and I forgot about all this, but yeah
I'm not going to bother with them....
Had enough Jew with Xerobank...
Nathan See
I think it might have been:
http://cryptome.org/0001/wikileaks-sec.htm
"Yet when the prying eyes are federal investigators, it turns out that
Hushmail is not quite so secure. The indictment of Drake makes plain
that the feds pierced Hushmail’s encryption either via technological
or legal means, noting, among other things, that “defendant DRAKE
scanned and emailed Reporter A electronic copies of certain classified
and unclassified documents."
Personally I would rule out hushmail and any business registered to or
operating from OR servers located in any jurisdiction of USA.
If a high enough source (like NSA) asks, people will more than likely
hand over the keys in the USA.
Not that I have need for a NSA-proof mail myself - I don't even use
encryption myself.
nix
> On Wed, 05 Jan 2011 09:32:40 -0500, Mr. B wrote:
>
>> DASSfox wrote:
>>
>>> Well the title says it, anyone know any good online encrypted email
>>> services or a nice method for using your own client?
>>
>> At this point, I can already see that bad advice is going to be given; if
>> you want encryption, online services are a really bad idea. Does nobody
>> remember the Hushmail debacle anymore?
>
> I'm up to speed on Hush...
>
> Anything nix uses I don't want by default...
>
>> Your keys should remain under your control, at all times. They should not
>> be stored on a third party server. They should not be decrypted by that
>> server, or by an applet which is sent by that server.
>>
>> -- B
>
> That way I can keep them on my Linux box or W7 box or MAC box...
>
> I should have said the abbreviation 'nix but then noobs might think I
> meant nix...
>
> THANKS
wow DAASfox or DasFox or whom you might twill up to count the day,,,
Expecto Patronum,,,"dear" in headlights?
nix
There is no independent or not on a tether :) indication that "the
feds pierced Hushmail's encryption" by technological or legal means.
A few years back, Hushmail was shown to have a security flaw which
allows password capture. It was existential. That is entirely an
entirely an entirely different matter than "piercing" encryption. And
it is sloppy seonds to say that serving a warrant, in and of itself,
with or without prejudice, enticing as it may seem, allows a "legal"
piercing. Hushmail is without loops or earrings. :)
John Young posted Schonefeld's drivel to contrast Wikileaks'
blither-blathering communications against a known standard or
redundant technologically rehearsed bottom sided compromise.
DASSfox
LOL stick to law, nix...
That was a stag and had nothing to do with Hermione's otter...
Which is where you thought you were going...
But never got there...
nix
I have talked with Steve, DASSFox, Zfoners Skype untweaked. Which?
https://xerobank.com/company/team/ ,,, or
<http://www.wilderssecurity.com/showpost.php?p=1777324&postcount=203>
Ne'er do well both twiddle my low hanging fruit. :)
Mr. B
> On Wed, 05 Jan 2011 09:39:02 -0500, Mr. B wrote:
>
>> nix wrote:
>>> [...]
>>>
>>> Well, I'm going to say those all have possibilities. But you know, at
>>> the end of the day, I'm probably still going to use the Hushmail addy
>>> with the Java enabled, because, honestly, if it was good enough for
>>> Thomas Drake, it works for me.
>>
>> http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
>>
>> So...remind me, why is Hushmail a good idea? Oh, that's right, it is
>> not, because your private keys are being stored on their servers,
>> decrypted by an applet their servers send fresh to you when you want to
>> read your email, and despite the fact that they are a Canadian company,
>> the American DEA still
>> managed to pressure them into exploiting these serious vulnerability. It
>> does not take a crypto expert to see that Hushmail is a bad idea, almost
>> as bad as the clipper chip.
>>
>> -- B
>
> Oh, come now.
> You guys are so hard on Hushmail.
It is easy to be hard on Hushmail, because it is, simply put, a security
liability. The advantage of Hushmail is convenience, and that is about it;
the disadvantage is that an adversary needs little more than the ability to
manipulate Hushmail's staff to break your crypto. You might as well be
whispering your secrets to someone, and relying on them not to tell anyone
else.
> But it's better than nothing, right?
Only in the sense that being shot in the leg is better than being shot in
the head.
> Besides, are you talking about both the sender and recipient using the
> same service?
No, only one of the parties needs to be a Hushmail user for there to be a
problem.
> I mean, to a certain extent, email correspondence is
> only as secure as least secure user anyway.
Which is why people who want to securely communicate by email should refuse
to communicate with Hushmail users.
> If your recipients use
> encryption and you want to talk to them enough, you'll use whatever
> they want. But if they don't use encryption, and they want to, you'll
> want to make it easy as possible.
No, I will want to make it as secure as possible, under a given threat
model. I would also inform the people I am communicating with just how far
my security measures go -- for example, I would say that I do not have a
tempest secure system. The problem with Hushmail is that it is a lie,
offering strong crypto while leaving open an easy method for breaking that
crypto. The only thing that differentiates Hushmail from snake oil is that
the Hushmail team takes the time to mention that their system can easily be
broken; they play down this vulnerability, of course, but at the end of the
day, it is a serious vulnerability.
> Which means that Hushmail and
> Countermail both look good. Unless someone's worried about NSA. But if
> that's the case, they probably already have a keylogger on their
> machine anyway, so...oops ;0) ;)
Not the NSA, more like...anyone who can get a court order. Not even a
Canadian court order; Hushmail followed a US court order when the DEA came
there to investigate a steroids dealer. Hell, I would even worry about an
employee at Hushmail being bribed by the mafia. The security problems with
Hushmail are more accurately described as "a big gaping hole."
> Well, it wasn't the Hushmail that did Drake in :) ;0)
No, but it was Hushmail that allowed the prosecutor to show up in court with
12CDs of decrypted emails sent and received by "Osoca Laboratories," an
illegal steroids manufacturer. Anyone who spent more than ten seconds
reading about public key cryptography could have told you that Hushmail
represented a serious security liability that completely overshadows its one
advantage prior to the DEA incident. At this point, though, even someone
who has no clue about cryptography should know that.
If you want to use email encryption, then you should use PGP or S/MIME, and
you should do it properly -- private keys stay in your possession at all
times, keys that do not stay in your possession should be revoked. Anything
else, and you are weakening your security, to the point where it would not
require the sort of expertise or signals intelligence capabilities that the
NSA possesses to break your crypto.
-- B
Ari Silverstein
If you want a dildo just ask for it.
--
“If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.” ~Cardinal
Richelieu
Hito Shirezu
> Hm so Hushmail is compromised...
Umm, yeah... we know it to be a verifiable fact.
From Wired:
"Hushmail, the web’s leading provider of encrypted web mail, updated its
explanation of its security model, confirming a THREAT LEVEL report that
the company can and will eavesdrop on its users when presented with a
court order, even if the targets uses the company’s vaunted Java applet
that does all the encryption and decryption in a browser."
If you need a little help in the comprehension department, again, that
paragraph means Hushmail's ORIGINAL claims to being secure are bullshit,
they are 100% aware of the fact they're bullshit, and always HAVE been
aware they're bullshit.
Of course any "tech" worth his salt would already know all about this,
it's common knowledge, but here you are once again holding up your
willful ignorance for everyone to see like you were actually proud
everyone knows you're a retard.
Oh well, at least you're consistent...
Ari Silverstein
No way "nix" is getting it on with Dan Radcliffe
"I only heard Justin Bieber for the first time two weeks ago,"
Radcliffe told MTV News. "I genuinely thought it was a woman singing.
I'd never heard it before. Is it big in England yet?" lol
and *no way* you are ever going to slap your meat up Emma Watson,
Paulie.
http://www.emmawatsonnude.net/
Here you are married and all. tsk.
Hito Shirezu
>> Do YOU even begin comprehend the mind numbingly simple principal that
>> your "online private email" notion belies you as clueless? That the
>> three words at the epicenter of the thread YOU started, are, amusingly
>> enough, mutually exclusive?
>>
>> How to quickly and thoroughly explain it to you in terms even someone
>> like you can grasp....
>>
>> <hmmmm>
>
> I understand all this...
You understand nothing at all. In fact you're so embarrassed about being
so completely clueless (again) you can't even address a challenge with
anything but childishness and denial:
"I know, an example. I'll set up a "private online email" server for you
to use. I double dog promise I won't post any of your "private" emails
here, or God forbid engage in any sort of identity theft using the
encryption keys I hold in escrow."
Comeon Mr. "Tech". Put up or get beat up even more.
> I'm not clueless here you know or I guess NO...
>
> This is for noobs...
>
>> I know, an example. I'll set up a "private online email" server for you
>> to use. I double dog promise I won't post any of your "private" emails
>> here, or God forbid engage in any sort of identity theft using the
>> encryption keys I hold in escrow.
>
> In escrow...? You confuse real estate with tech...
So you're such a congenital moron you're not even aware of common,
TECHnical, security terms?
http://en.wikipedia.org/wiki/Key_escrow
I'm laughing at you again. :)
>> Concentrate real hard there Mr. "Tech"... it'll just might come to you
>> eventually.
>
> I not only have it I got it...
>
> Without escrow...LOL
>
> or alt.idiots which I didn't take...NOTICE THAT?
Yup!
Also noticed I made you jump through my hoop to reply, too. <smirk>
Ari Silverstein
Let us know if Topletz dies *all* his hairs.
THANKS lol
--
ļæ½If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.ļæ½ ~Cardinal
Richelieu
Hito Shirezu
>> So...remind me, why is Hushmail a good idea? Oh, that's right, it is
>> not, because your private keys are being stored on their servers,
>> decrypted by an applet their servers send fresh to you when you want to
>> read your email, and despite the fact that they are a Canadian company,
>> the American DEA still managed to pressure them into exploiting these
>> serious vulnerability. It does not take a crypto expert to see that
>> Hushmail is a bad idea, almost as bad as the clipper chip.
>>
>> -- B
>
> Oh, come now.
> You guys are so hard on Hushmail. But it's better than nothing, right?
NO, actually it's much worse. It's an illusion of security. False
security that does nothing at all but give unwitting users a false sense,
and lure them into handing everything email over to snake oil peddlers,
at the very least.
Nothing wrong with webmail or hosting, as long as the host is up front
about everything and the users understand.
> Besides, are you talking about both the sender and recipient using the
> same service? I mean, to a certain extent, email correspondence is only
> as secure as least secure user anyway. If your recipients use encryption
> and you want to talk to them enough, you'll use whatever they want. But
> if they don't use encryption, and they want to, you'll want to make it
> easy as possible.
Absolutely 100% false statement. Faulty logic. You're disregarding the
very reason for securing email, for the sake of comfort.
> Which means that Hushmail and Countermail both look
> good. Unless someone's worried about NSA.
Or a disgruntled employee, or a common script kiddie, or Johnny Law, who
may very well set something like Hushmail up as a honeypot. Complete with
all the hot air, rhetoric, and a catchy sounding name to get the
attention of the unwashed.
Ari Silverstein
I used to get emails from .mil guys and .<insert TLA>.gov guys but for
personal they all chose Hushmail and Juno. The old Juno interface made
it impossible to do a threaded conversation so the Reply was an new
composition with no reference other than the Subject line. A level of
deniability.
But Hushmail, I thought this was about signature verification,
encryption, security...until I asked this one .<insert TLA>.gov back
from looting Iraq.
"At least it's us reading my mail". lol
--
“If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.” ~Cardinal
Richelieu
Ari Silverstein
Regardless of which head it might be.
--
ļæ½If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.ļæ½ ~Cardinal
Richelieu
nix
The problem with that is that just using the PGP is not easy for a
novice. And there is absolutley no credible push to make it easier.
Even NSA, who should be encouraging us to encrypt our data, do not,
and actively subvert movements to promote encryption efforts. Seymour
Hersh writes here:
Quote:
"One solution is mandated encryption: the government would compel both
corporations and individuals to install the most up-to-date protection
tools. This option, in some form, has broad support in the technology
community and among privacy advocates. In contrast, military and
intelligence eavesdroppers have resisted nationwide encryption since
1976, when the Diffie-Hellman key exchange (an encryption tool
co-developed by Whitfield Diffie) was invented, for the most obvious
of reasons: it would hinder their ability to intercept signals. In
this sense, the N.S.A.嚙踝蕭s interests align with those of the hackers."
John Arquilla, who has taught since 1993 at the U.S. Naval
Postgraduate School in Monterey, California, writes in his book 嚙踝蕭Worst
Enemies,嚙踝蕭 嚙踝蕭We would all be far better off if virtually all civil,
commercial, governmental, and military internet and web traffic were
strongly encrypted.嚙踝蕭 Instead, many of those charged with security have
adopted the view that 嚙踝蕭cyberspace can be defended with virtual
fortifications嚙碼basically the 嚙踝蕭firewalls嚙踝蕭 that everyone knows about. .
. . A kind of Maginot Line mentality prevails.嚙踝蕭
I admately concur finding no twilight evidence in which to debrief.
The fact is, PGP is not friendly, and many people have a vested
interest in keeping it like that. That's why encrypted webmail is a
vital concern, despite the disinformation campaigns launched against
those providers as well.
I would add that NSA's interests align with hackers because they are
hackers. Not that's there's anything wrong with that ;)
Brute force is my friend ;0
Hito Shirezu
> It is easy to be hard on Hushmail, because it is, simply put, a security
> liability. The advantage of Hushmail is convenience, and that is about
> it; the disadvantage is that an adversary needs little more than the
> ability to manipulate Hushmail's staff to break your crypto. You might
> as well be whispering your secrets to someone, and relying on them not
> to tell anyone else.
>
>> But it's better than nothing, right?
>
> Only in the sense that being shot in the leg is better than being shot
> in the head.
It's not even that appealing IMHO. The analogy is more like which is
better: being shot in the head because you were ignorant of the
possibility, or being aware and having the chance to avoid being shot at
all.
I'll take door #2 every time, myself. ;)
Ari Silverstein
I'd jump in but your doing fine, carry on...
--
In the days of really long hair, military people of the day would have
been court martialed for having buzz cuts and no facial hair had
they been in Custer's 7th Cavalry.
nix
Ho ho you know this and from what discernment? Tell untold?
Ari Silverstein
> this sense, the N.S.A.’s interests align with those of the hackers."
>
> John Arquilla, who has taught since 1993 at the U.S. Naval
> Postgraduate School in Monterey, California, writes in his book “Worst
> Enemies,” “We would all be far better off if virtually all civil,
> commercial, governmental, and military internet and web traffic were
> strongly encrypted.” Instead, many of those charged with security have
> adopted the view that “cyberspace can be defended with virtual
> fortifications—basically the ‘firewalls’ that everyone knows about. .
> . . A kind of Maginot Line mentality prevails.”
>
> I admately concur finding no twilight evidence in which to debrief.
>
> The fact is, PGP is not friendly, and many people have a vested
> interest in keeping it like that. That's why encrypted webmail is a
> vital concern, despite the disinformation campaigns launched against
> those providers as well.
>
> I would add that NSA's interests align with hackers because they are
> hackers. Not that's there's anything wrong with that ;)
>
> Brute force is my friend ;0
Kewl ever been donkey punched? I'll bang you doggy style and then
moments before I cum, I'll stick my dick in your ass and then punch
you in the back of the neck. The blow to the neck will stun the
muscles in your ass, which will constrict my dick and give me a
tremendous orgasmic experience when I blow my load.
Game on?
--
“If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.” ~Cardinal
Richelieu
nix
Translating your hot air into useaable verbiage keeps me washed ;)
So youdon't like Hushmail maybe something with a fleur de la flaire'?/
I wrote instantcrypt this because I wanted him to understand my issues
with encryption:
"Encryption presents unique communication problems because both
parties must understand it and have compatible agendas BEFORE
communication can begin. Therefore, straightening out the
pre-encryption protocol (anything that happens in the user/recipient
communication pre-key exchange) must happen as kind of a
"proto-communication." This is where people falter. No protonic
protocols."
I mean, you're already communicating with the guy. And chances are
you're using email. And it's not encrypted. If you want it to be, you
actually have to teach him how to do this. His encryption is your
problem. That's why email encryption is hard.
I going to against the grain and say that I think Hushmail is an a
good intro to crypto. It gets users used to the idea of encryption.
It is better than nothing. It's easy to sign for, it's free, and
anyone who needs more than web-based email already knows exactly
when, why, and how Hushmail was compromised in the past. But users
can see that messages are encrypted and get used to the terminology.
Let's remember, we're interested in a societal quasi-shift - first
comes vocab. Then, people can begin to appreciate a user friendly
looking software like InstantCrypt. And then they can encrypt files
apart from email with something friendly like TrueCrypt.
Then, pretty soon, on Wilders /Trout/man will quit mackeraling around
with Mackeral ;0)
Ari Silverstein
I need a 'nix translator" honestly I have no fucking idea WTF you're
saying 8/10ths the time.
I'll take a jab you want to know how I know you are married? I don't,
I wasn't talking to you, you dumb twit.
OK, I lied.
<http://platanalytics.com/wp-content/uploads/2010/08/22286975986_ORIG2.jpeg>
Crossed legs, hiding wedding ring, open toed shoes, no boob job, open
shirt to nowhere, plaid pants...married, lesbian, bisexual, one or
all.
Say Hi! to Jack and the kidz. lol
Ari Silverstein
WTF?
> I mean, you're already communicating with the guy. And chances are
> you're using email. And it's not encrypted. If you want it to be, you
> actually have to teach him how to do this. His encryption is your
> problem. That's why email encryption is hard.
>
> I going to against the grain and say that I think Hushmail is an a
> good intro to crypto. It gets users used to the idea of encryption.
> It is better than nothing. It's easy to sign for, it's free, and
> anyone who needs more than web-based email already knows exactly
> when, why, and how Hushmail was compromised in the past. But users
> can see that messages are encrypted and get used to the terminology.
> Let's remember, we're interested in a societal quasi-shift - first
> comes vocab. Then, people can begin to appreciate a user friendly
> looking software like InstantCrypt. And then they can encrypt files
> apart from email with something friendly like TrueCrypt.
>
> Then, pretty soon, on Wilders /Trout/man will quit mackeraling around
> with Mackeral ;0)
Sounds fishy to me, what is it that I smell around your posts anyway?
For those that haven't rebooted their nix Translator, in her odd sorta
fukktarded way she is referring to Justin Troutman and the *Mackerel*
project he has on with Rijmen.
Troutman refers to:
http://gaudior.net/alma/johnny.pdf
and uses the term "green" crytography"
<http://www.computer.org/portal/web/csdl/doi/10.1109/MSP.2009.120>
Problem is, Troutman promised a November delivery, they have been at
this project since '07 or earlier. Hey, I'm not always on time either.
nix
Am I to be impressed?
Ari Silverstein
Sweetie, I could care less if you are Impressed, Depressed or pressed
flat on your back and fucked until you squeal.
But if Google amazes ya'...squeal. lol
Mr. B
> [...]
>
>> If you want to use email encryption, then you should use PGP or S/MIME,
>> and you should do it properly -- private keys stay in your possession at
>> all
>> times, keys that do not stay in your possession should be revoked.
>> Anything else, and you are weakening your security, to the point where it
>> would not require the sort of expertise or signals intelligence
>> capabilities that the NSA possesses to break your crypto.
>>
>> -- B
>
> The problem with that is that just using the PGP is not easy for a
> novice. And there is absolutley no credible push to make it easier.
It is not terribly hard, I have set up PGP for use by people who literally
know nothing about cryptography or computing in general.
> [...]
>
> The fact is, PGP is not friendly, and many people have a vested
> interest in keeping it like that.
No, PGP is not *convenient*, because you cannot just go around logging on to
random computers to read your email without at least carrying your keys and
some software around with you.
> That's why encrypted webmail is a
> vital concern, despite the disinformation campaigns launched against
> those providers as well.
What disinformation campaign? There is nothing false or misleading about
saying that having a third party store your private keys is a big gaping
hole in your security. These "encrypted webmail" services only provide
security against an adversary who can only read emails after they have been
sent out of the service provider's server room, which is a pretty weak
adversary; this is also neither false nor misleading.
When you get right down to it, the only advantage these services have is
convenience. The disadvantage is that they can only protect you against a
weak or incompetent adversary. If I were worried about corporate espionage,
you can bet that I will want to be protected against a stronger adversary
than that. If I were involved in a contentious lawsuit, or trying to
perform human rights work, or on the run from the mafia, or just about any
serious use case for strong crypto, I will want to be protected against
strong adversaries.
If people want convenience, fine, that is their choice; but they should not
be given something that claims to be as secure as PGP. Anything else is,
for lack of a better term, false advertising. The very nature of these
services is the problem, and the solution is simple: those services should
not be used.
-- B
nix
Let's say I am a U.S. small business owner trying to import dildos,
from China and India. I'm coordinating shipments through two
countries, just to start, and I'm going to be dealing with at least
two, and probably as many as four, language barriers. Plus, I'd like
to exercise reasonable control of my information, right down to the
factory. Sure, it's probably an exercise in futility to assume any of
it's going to stay private anyway, but I have to take into account
due diligence (into what constitutes a reasonable standard of care
and possible litigation concerns re: using "reasonable" information
security, uh-oh,) at a bare minimum. I understand networks, because
I'm a small operator in one myself. But the problem is, our network
is a complicated technological mashup, and even though we all owe
this reasonable standard of care, (coming soon, I promise) we're
pretty busy with trying to turn a slim profit. Plus, the "IT" people
for the whole operation are me and the Chinese factory owner's son,
when he has a free minute off the floor.
Tweak the details and multiply that scenario by 5 billion.
Mr. B, those instructions look like crap in that case. Seriously. Look
at them. And gnu is worse. We're opening (insert your favorite
encrypted webmail) accounts in the next ten minutes instead, thanks.
nix
> When you get right down to it, the only advantage these services have is
> convenience. The disadvantage is that they can only protect you against a
> weak or incompetent adversary. If I were worried about corporate espionage,
> you can bet that I will want to be protected against a stronger adversary
> than that. If I were involved in a contentious lawsuit, or trying to
> perform human rights work, or on the run from the mafia, or just about any
> serious use case for strong crypto, I will want to be protected against
> strong adversaries.
Careful, I'm an attorney and you are crossing into territory you know
noting about.
nix
> When you get right down to it, the only advantage these services have is
> convenience.
Well, I'll make a deal with you. You go over there to Hushmail and
open a free account. It takes about one minute. When you email me,
I'll give you a really nice answer to your question. I think you'll
be happy with it.
If I don't hear from you, I'll assume you didn't really want to know
;)
DASSfox
> On Wed, 05 Jan 2011 18:34:07 -0500, Mr. B wrote:
>
>> When you get right down to it, the only advantage these services have is
>> convenience.
>
> Well, I'll make a deal with you. You go over there to Hushmail and
> open a free account. It takes about one minute. When you email me,
> I'll give you a really nice answer to your question. I think you'll
> be happy with it.
>
> If I don't hear from you, I'll assume you didn't really want to know
> ;)
It wasn't mentioned above, by merely using Hushmail, it was suggested
to just be done with it and use PGP/GPG...
That means using a client to send and receive encrypted email...
That means the party on the other end if we want true encryption going
and coming needs to be setup on their end...
That means using Hushmail, you can send encrypted email and the party
on the other end, not using anything can read the encrypted email...
BUT they are not going to send back to you encrypted email, it's
basically going to be a one way conversation of encryption...
Are we clear now...?
Because this is what I was pointing out...
The fact that you are not going to just be done with setting up
PGP/GPG and have all problems solved as they seem to think for any and
all email communication to the entire world...
Am I getting through to you...?
nix
All the way.
DASSfox
So now what...?
Hito Shirezu
> The fact is, PGP is not friendly,
Therein lies the problem with designing "intuitive" applications that
implement PGP. Same with Mixmaster. Yes it's common practice to design
interfaces using standard libraries and techniques which give users
common ground and a sense of familiarity, but when a task is sufficiently
foreign, so follows the UI. Simple mathematics.
> and many people have a vested interest
> in keeping it like that.
??
Care to clarify?
> That's why encrypted webmail is a vital
> concern, despite the disinformation campaigns launched against those
> providers as well.
I've seen no disinformation. It's common sense that things like key
escrow and secret or proprietary processes are security's bane. Key
escrow with absolute certainty, at the very least.
Ari Silverstein
Um, I tried to talk her into a donkey punch, why don't you try
*The Flying Camel*
A personal favorite. As she is lying on her back and you are hammering
her on your knees, you very carefully move forward and prop yourself
(without using your arms) on your dick while it is still inserted in
her vertical seafood taco. You then proceed to flap your arms and let
out a long shrieking howl, much like a flying camel.
Strictly a classy move. lol
Ari Silverstein
> nix wrote:
>
>> The fact is, PGP is not friendly,
>
> Therein lies the problem with designing "intuitive" applications that
> implement PGP. Same with Mixmaster. Yes it's common practice to design
> interfaces using standard libraries and techniques which give users
> common ground and a sense of familiarity, but when a task is sufficiently
> foreign, so follows the UI. Simple mathematics.
Well, yes and no. :)
nix
> nix wrote:
>
>> The fact is, PGP is not friendly,
>
> Therein lies the problem with designing "intuitive" applications that
> implement PGP. Same with Mixmaster. Yes it's common practice to design
> interfaces using standard libraries and techniques which give users
> common ground and a sense of familiarity, but when a task is sufficiently
> foreign, so follows the UI. Simple mathematics.
>
>> and many people have a vested interest
>> in keeping it like that.
>
> ??
>
> Care to clarify?
Less encryption, less indormancy for TLA/LEA.
NSA is a lawbreaker. USCYBERCOM will operate as a domestic military
monitor. These organizations are a bigger threat to democracy than any
other entity on the planet. The billions of $'s flowing into the
private security sector are tainted. If you don't have a problem with
your government having unfettered access to all you do, how about Booz
Allen? Do you care if they do? The problem is too monumental to be
detailed here in a small space. Let's just say that anonymity and
encryption are communications applications and stem from natural
communication rights. Don't be so quick to hand them over to LE. And
don't forget that Norbert Weiner, Robert Taylor and Warren Weaver, et
al, some of the major figures in information theory and the internet
itself, could see the the problem taking shape way back when. That why
cybernetics is called an issue of communication and control.
HS, forgive me for being glib. It's the female in me. And the lawyer,
too. But really? I wouldn't have security without LE breaking a few
laws?
Well, the corollary to that is that you're not going to have privacy
without me breaking a few laws, either.
How's that sound?
>> That's why encrypted webmail is a vital
>> concern, despite the disinformation campaigns launched against those
>> providers as well.
>
> I've seen no disinformation. It's common sense that things like key
> escrow and secret or proprietary processes are security's bane. Key
> escrow with absolute certainty, at the very least.
The disinformation is rampant, abundant, clear as a Florida spring
rain.
A common infosec subterfuge is to use every notable occasion to claim
a system is invulnerable in order to promote continued use of the
system. NSA has run a number of these disinformation campaigns about
"unbreakable" encryption, secret (German, Japanese, Soviet, et al)
and public -- the most famous public system involved Crypto AG,
within whose cryptosystem NSA installed a backdoor to gain access to
communications of worldwide users who believed the system was
invulnerable.
Doubts about the invulnerability of AES have persisted since NSA
selected an algorithm from an AES competition that was considered by
cryptographers not to be the strongest. And that it is likely for
strongest protection NSA uses a top secret cryptosystem while
promoting AES for public and official use. It is argued that NSA,
like all official comsec agencies, would never endorse a system it
could not secretly access. And these agencies never reveal that
capability -- NSA's backdoor access to Crypto AG was revealed by an
employee of the company.
Bet that NSA has cracked the insurance file and is keeping quiet. NSA
may have replaced the file with its own when it first appeared --
Wikileaks long on instant crypto radar -- the hash forged, covertly
marked for tracking. Bluff becomes bait for entrapment, SOP.
Could Wikileaks have intended to entrap NSA and allies with a
crackable file, covertly marked for tracking? Some of Wikileaks
infosec-comsec advisors do top-classified work for the US and other
governments. A very handsome sum would be quietly paid for that
service. Cyberwarfare secrets are yet to be spilled, never to be
revealed in courts. Fierce dirty combat could do that, unless the
combatants reach a secret deal to share the benefits of dual use
technology while pretending to be at odds, SOP.
Mr. B
So your point is that people who are not competent enough to set up PGP or
S/MIME will have trouble using strong crypto, and therefore we should
encourage them to use snake oil? None of what you say has any bearing on
the fact that, in terms of security, Hushmail and similar services represent
a giant, gaping hole, one which a serious and determined adversary can and
will exploit.
At some point, you will have to meet your contacts in person -- even if you
use Hushmail, to verify their identities and public keys -- at which point
you can take the time to set up PGP or S/MIME for them. If neither you nor
your contacts are competent enough to do that much, then you should be
hiring someone who is. It may be a little less convenient, but if the
security of your communications is important to you, that is what you will
have to do. At the end of the day, that is what it boils down to: how
important security is to you, versus how important convenience is.
-- B
Mr. B
> [...]
>
> The disinformation is rampant, abundant, clear as a Florida spring
> rain.
Cite?
> A common infosec subterfuge is to use every notable occasion to claim
> a system is invulnerable in order to promote continued use of the
> system. NSA has run a number of these disinformation campaigns about
> "unbreakable" encryption, secret (German, Japanese, Soviet, et al)
> and public -- the most famous public system involved Crypto AG,
> within whose cryptosystem NSA installed a backdoor to gain access to
> communications of worldwide users who believed the system was
> invulnerable.
A conspiracy theory for which there is still no evidence.
> Doubts about the invulnerability of AES
...were pointed out in the NIST final report that endorsed the use of
Rijndael despite these potential future attacks.
> have persisted since NSA
> selected an algorithm from an AES competition that was considered by
> cryptographers not to be the strongest.
Nobody ever said the Rijndael was a weak cipher or that it was insecure,
only that some of the other candidates were stronger. Rijndael won on its
other merits.
> And that it is likely for
> strongest protection NSA uses a top secret cryptosystem while
> promoting AES for public and official use. It is argued that NSA,
> like all official comsec agencies, would never endorse a system it
> could not secretly access.
That explains why the NSA recommended changes to DES which made the
algorithm more resilient to differential cryptanalysis.
> And these agencies never reveal that
> capability -- NSA's backdoor access to Crypto AG was revealed by an
> employee of the company.
An employee who could not actually provide evidence of any tampering, which
had nothing to do with AES.
> Bet that NSA has cracked the insurance file and is keeping quiet.
More likely Wikileaks gave the key to the US government, so that the
government would definitely know what is actually in the insurance file.
> NSA
> may have replaced the file with its own when it first appeared --
> Wikileaks long on instant crypto radar -- the hash forged, covertly
> marked for tracking. Bluff becomes bait for entrapment, SOP.
Another conspiracy theory for which you have no evidence.
The really hilarious thing is that, on the one hand, you are a big fan of
Hushmail, which advertises that they use AES, and on the other hand, you are
convinced that the NSA has a feasible attack on AES.
-- B
Hito Shirezu
> On Thu, 6 Jan 2011 01:15:37 +0000 (UTC), Hito Shirezu wrote:
>
>> nix wrote:
>>
>>> The fact is, PGP is not friendly,
>>
>> Therein lies the problem with designing "intuitive" applications that
>> implement PGP. Same with Mixmaster. Yes it's common practice to design
>> interfaces using standard libraries and techniques which give users
>> common ground and a sense of familiarity, but when a task is
>> sufficiently foreign, so follows the UI. Simple mathematics.
>>
>>> and many people have a vested interest in keeping it like that.
>>
>> ??
>>
>> Care to clarify?
>
> Less encryption, less indormancy for TLA/LEA.
What do you mean when you say "indormancy"? That's not a word as far as I
can tell.
<snip>
>>> That's why encrypted webmail is a vital concern, despite the
>>> disinformation campaigns launched against those providers as well.
>>
>> I've seen no disinformation. It's common sense that things like key
>> escrow and secret or proprietary processes are security's bane. Key
>> escrow with absolute certainty, at the very least.
>
> The disinformation is rampant, abundant, clear as a Florida spring rain.
>
> A common infosec subterfuge is to use every notable occasion to claim a
<snip>
Seriously, you're not making any sense. All I see is a lot of rhetoric
and conspiracy theory nonsense. In any case, regardless of your political
persuasion, absolutely none of it has anything to do with the efficacy of
key escrow and such within the context of personal security. The
consensus is those are BadThings(tm) and nothing you replied with even
addresses said issue, let alone refutes it.
Hito Shirezu
> In article <ig1vq4$1n4$1...@speranza.aioe.org> "Mr. B" <n...@supplied.com>
> wrote:
>>
>> So...remind me, why is Hushmail a good idea? Oh, that's right, it is
>> not, because your private keys are being stored on their servers,
>> decrypted by an applet their servers send fresh to you when you want to
>> read your email, and despite the fact that they are a Canadian company,
>> the American DEA still managed to pressure them into exploiting these
>> serious vulnerability. It does not take a crypto expert to see that
>> Hushmail is a bad idea, almost as bad as the clipper chip.
>
>
> hushmail can serve a useful purpose if you only want to send email
> anonymously without concern for encryption through its service. you can
Wrong. Hushmail does nothing of the sort because Hushmail doesn't, and
never will, make you anonymous. Simple as that.
> create an account anonymously at hushmail, of various service levels,
> and you can connect anonymously over the Tor network to send the email.
Listen to your own words... and tell us why, if you have to be anonymous
to contact and use services like Hushmail, you need Hushmail at all?
You're already anonymous so you can use Gmail or GMX or Zoho, or
whatever. In all honesty, it would seem considerably safer to do it that
way than to add a service like Hushmail to the mix, which is KNOWN to lie
about their capabilities and hand over information.
> its true that it does not provide for complete solution, but sometimes
> it serves a partial solution. alyways relying on only one means is not
> the best way to go.
Wrong. If the means is a good secure one it makes no sense at all to do
it any other way. You're considerably weakening your security by salting
in periods of really poor, or completely nonexistent, "security". Or to
put it in simpler terms you're a lot safer using Mixmaster and the
remailer network exclusively and properly, than you are mixing it up with
snake oil.
nix
There's no winning with you, it was you who said that
> But it's better than nothing, right?
Only in the sense that being shot in the leg is better than being shot
in the head.
> None of what you say has any bearing on the fact that, in terms of
> security, Hushmail and similar services represent a giant, gaping
> hole, one which a serious and determined adversary can and will
> exploit.
See leg and head argument.
> At some point, you will have to meet your contacts in person -- even if you
> use Hushmail, to verify their identities and public keys -- at which point
> you can take the time to set up PGP or S/MIME for them.
I don't meet everyone I communicate securely with in person by
definition it may be the usurpios thing to do.
> If neither you nor your contacts are competent enough to do that
> much, then you should be hiring someone who is.
Yes, of course, everyone who wants to communicate with me especially
if I /need/ them should pay for the privilege, you've become
agnostically absurd.
> It may be a little
> less convenient, but if the security of your communications is
> important to you, that is what you will have to do. At the end of
> the day, that is what it boils down to: how important security is
> to you, versus how important convenience is.
>
> -- B
And whether the leg or head, yes?
Hito Shirezu
> In article <4d24bbe1$1...@news.x-privat.org> nix <ms...@hushmail.com> wrote:
>
>> Unless someone's worried about NSA. But if that's the case, they
>> probably already have a keylogger on their machine anyway, so...oops
>> ;0) ;)
>>
>>
> is there a way to check one's machine for presence of keylogger devices?
Of course. How you check, and more importantly whether you're successful
in finding one of it exists or not, depends on what sort of key logging
device you're dealing with.
DASSfox
> In article <ig13br$ahn$1...@news.mixmin.net>
> DASSfox <dAS...@wildersecurity.com> wrote:
>
>> I think for now what I was looking more for was that I can encrypt and
>> if I want to sent a private email from my end if the person doesn't
>> have the ability like with Hushmail they type in a captcha and they
>> can read...
>>
>> So at least in route I guess everything is safe and private...
>>
>> This is what I was more concerned with...
>>
>> What ya think...?
>
> DASSfox, hello. have you seen this: http://www.freenigma.com/. it
> may not be exactly what you want, but may come close.
>
> also, although not strictly online, it is useful, effective and not
> difficult. it will integrate with clients easily enough.
Good stuff...
Are you with http://www.hackers-with-attitude.com/...?
Does it only run on DSL...?
Ari Silverstein
> nix wrote:
>
>> On Thu, 6 Jan 2011 01:15:37 +0000 (UTC), Hito Shirezu wrote:
>>
>>> nix wrote:
>>>
>>>> The fact is, PGP is not friendly,
>>>
>>> Therein lies the problem with designing "intuitive" applications that
>>> implement PGP. Same with Mixmaster. Yes it's common practice to design
>>> interfaces using standard libraries and techniques which give users
>>> common ground and a sense of familiarity, but when a task is
>>> sufficiently foreign, so follows the UI. Simple mathematics.
>>>
>>>> and many people have a vested interest in keeping it like that.
>>>
>>> ??
>>>
>>> Care to clarify?
>>
>> Less encryption, less indormancy for TLA/LEA.
>
> What do you mean when you say "indormancy"? That's not a word as far as I
> can tell.
>
> <snip>
You have to invoke your nix Translator, let me, ...okay indormancy
=barren in the womb.
nix
HS, my job is to analyze privacy concerns from a legal perspective.
I'm well aware of the myriad of players involved, both public and
private.
My point is a mirror of yours. If we are to tolerate illegal
activities in pursuit of "security", then we had better be prepared
to tolerate illegal activity in the protection of individual liberty.
Because for many people, it will come to that.
DASSfox
> In article <4d24bbe1$1...@news.x-privat.org>
> nix <ms...@hushmail.com> wrote:
>
>> Unless someone's worried about NSA. But if
>> that's the case, they probably already have a keylogger on their
>> machine anyway, so...oops ;0) ;)
>>
>
> is there a way to check one's machine for presence of keylogger
> devices?
Yes...one way is to look at your mouse cord.
PEACE
nix
So your arguments are that I am a conspiracy nut although I work in
the legal side of the profession meeting with clients and TLAs all the
live long day? I am a known with a real name and your credentials
are,,,?
Dissipate your static.
I suppose you believe that U.S. citizens will stand by when laws are
passed to "outlaw" encryption and anonymity? The impassioned rhetoric
is warranted. How will such a thing possibly work? Will private
enterprise be willing to let gov't have free theoretical access to all
their data? How will businesses secure their own networks? In fact,
what about legitimate LE activity? Will we outlaw encryption for them,
too? Maybe we'll have encryption and anonymity "licenses" for the good
guys only.
Let's not forget that the internet is first and foremost a
communication system. The old saying that data wants to be free
doesn't even begin to cover it any more. The fact is, communication
needs to be free. Communication theory is complicated. Information
theory is just the beginning. Forget about the information age. This
is the communication age.
Here's a quote from another current thread on Wilders, by poster
Justin Troutman:
"Green cryptography reflects on the real-world notion that
cryptographic failure almost always occurs at the implementation level
and exploits the gap of understanding between cryptographers,
developers, and users. We're working on another project now, dubbed
Mackerel, which not only looks at the relationship between
cryptographic implementation and its stewards -- cryptographers,
developers, and users -- but also cryptography's relationship with
communication, and how the two diverge, much to security's dismay."
<http://www.wilderssecurity.com/showthread.php?t=282596&highlight=microsoft>
Now that's smart. That's the kind of thinking that will lead us toward
the future. That is the nexus between information theory and
communication theory.
Ari Silverstein
> In article <ig1vq4$1n4$1...@speranza.aioe.org>
> "Mr. B" <n...@supplied.com> wrote:
>>
>> So...remind me, why is Hushmail a good idea? Oh, that's right, it is not,
>> because your private keys are being stored on their servers, decrypted by an
>> applet their servers send fresh to you when you want to read your email, and
>> despite the fact that they are a Canadian company, the American DEA still
>> managed to pressure them into exploiting these serious vulnerability. It
>> does not take a crypto expert to see that Hushmail is a bad idea, almost as
>> bad as the clipper chip.
>
> hushmail can serve a useful purpose if you only want to send email
> anonymously without concern for encryption through its service.
> you can create an account anonymously at hushmail, of various
> service levels, and you can connect anonymously over the Tor
> network to send the email. its true that it does not provide for
> complete solution, but sometimes it serves a partial solution.
> alyways relying on only one means is not the best way to go.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
What a load of shit that was.
Ari Silverstein
> So your arguments are that I am a conspiracy nut although I work in
> the legal side of the profession meeting with clients and TLAs all the
> live long day? I am a known with a real name and your credentials
> are,,,?
Congratulations gentlemen, welcome to the inevitable, "I'm Nancy
Norelli and you're not" dismissal.
I'd like to say 'thank you' on behalf of the group and ourselves, and
now you have flunked the audition!
DasFox
impersonating me, is there any reason for this?
And for your sake you better not be Paul Fox under dasfox.com because if
you are then TROUBLE is coming your way by trying to defame my character!
So you better have a VERY GOOD REASON!
On Wed, 05 Jan 2011 13:32:25 -0500, DASSfox wrote:
> On Wed, 05 Jan 2011 09:32:40 -0500, Mr. B wrote:
>
>> DASSfox wrote:
>>
>>> Well the title says it, anyone know any good online encrypted email
>>> services or a nice method for using your own client?
>>
>> At this point, I can already see that bad advice is going to be given;
>> if you want encryption, online services are a really bad idea. Does
>> nobody remember the Hushmail debacle anymore?
>
> I'm up to speed on Hush...
>
> Anything nix uses I don't want by default...
>
>> Your keys should remain under your control, at all times. They should
>> not be stored on a third party server. They should not be decrypted by
>> that server, or by an applet which is sent by that server.
>>
>> -- B
>
> That way I can keep them on my Linux box or W7 box or MAC box...
>
> I should have said the abbreviation 'nix but then noobs might think I
> meant nix...
>
> THANKS
Anonymous
> On Wed, 5 Jan 2011 17:06:43 -0500, Ari Silverstein wrote:
>
>> On Wed, 5 Jan 2011 16:12:57 -0500, nix wrote:
>>
>>> On Wed, 5 Jan 2011 15:26:22 -0500, Ari Silverstein wrote:
>>>
>>>> On Wed, 5 Jan 2011 14:15:31 -0500, DASSfox wrote:
>>>>
>>>>> On Wed, 5 Jan 2011 14:02:54 -0500, nix wrote:
>>>>>
>>>>>> On Wed, 5 Jan 2011 13:32:25 -0500, DASSfox wrote:
>>>>>>
>>>>>>> On Wed, 05 Jan 2011 09:32:40 -0500, Mr. B wrote:
>>>>>>>
>>>>>>>> DASSfox wrote:
>>>>>>>>
>>>>>>>>> Well the title says it, anyone know any good online encrypted email
>>>>>>>>> services or a nice method for using your own client?
>>>>>>>>
>>>>>>>> At this point, I can already see that bad advice is going to be given; if
>>>>>>>> you want encryption, online services are a really bad idea. Does nobody
>>>>>>>> remember the Hushmail debacle anymore?
>>>>>>>
>>>>>>> I'm up to speed on Hush...
>>>>>>>
>>>>>>> Anything nix uses I don't want by default...
>>>>>>>
>>>>>>>> Your keys should remain under your control, at all times. They should not
>>>>>>>> be stored on a third party server. They should not be decrypted by that
>>>>>>>> server, or by an applet which is sent by that server.
>>>>>>>>
>>>>>>>> -- B
>>>>>>>
>>>>>>> That way I can keep them on my Linux box or W7 box or MAC box...
>>>>>>>
>>>>>>> I should have said the abbreviation 'nix but then noobs might think I
>>>>>>> meant nix...
>>>>>>>
>>>>>>> THANKS
>>>>>>
>>>>>>
>>>>>> Expecto Patronum,,,"dear" in headlights?
>>>>>
>>>>> LOL stick to law, nix...
>>>>>
>>>>> That was a stag and had nothing to do with Hermione's otter...
>>>>>
>>>>> Which is where you thought you were going...
>>>>>
>>>>> But never got there...
>>>>>
>>>>> THANKS
>>>>
>>>> No way "nix" is getting it on with Dan Radcliffe
>>>>
>>>> "I only heard Justin Bieber for the first time two weeks ago,"
>>>> Radcliffe told MTV News. "I genuinely thought it was a woman singing.
>>>> I'd never heard it before. Is it big in England yet?" lol
>>>>
>>>> and *no way* you are ever going to slap your meat up Emma Watson,
>>>> Paulie.
>>>>
>>>> http://www.emmawatsonnude.net/
>>>>
>>>> Here you are married and all. tsk.
>>>
>>> Ho ho you know this and from what discernment? Tell untold?
>>
>> I need a 'nix translator" honestly I have no fucking idea WTF you're
>> saying 8/10ths the time.
>>
>> I'll take a jab you want to know how I know you are married? I don't,
>> I wasn't talking to you, you dumb twit.
>>
>> OK, I lied.
>>
>> <http://platanalytics.com/wp-content/uploads/2010/08/22286975986_ORIG2.jpeg>
>>
>> Crossed legs, hiding wedding ring, open toed shoes, no boob job, open
>> shirt to nowhere, plaid pants...married, lesbian, bisexual, one or
>> all.
>>
>> Say Hi! to Jack and the kidz. lol
>>
>> <https://webcache.googleusercontent.com/search?q=cache:zKn_gyQmq7MJ:www.platanalytics.com/+&cd=1&hl=en&ct=clnk&gl=us>
>
> Am I to be impressed?
You see nixie?
Ain't Usenet just a whole shitload more fun
than the neutered Wilders?
Mr. B
On Usenet, you are judged by what you say, not by who you claim to be or
what you claim your name is. Judging you by what you have said, the only
conclusion is that you are, in fact, a conspiracy nut. Lawyers can be
conspiracy nuts, even very good lawyers.
> I suppose you believe that U.S. citizens will stand by when laws are
> passed to "outlaw" encryption and anonymity?
Where did I say that?
> [snipped irrelevant rant]
-- B
Mr. B
No, I said that PGP and S/MIME should be used, that we should not sacrifice
security, and that even people who know little about computers can be shown
how to use PGP. You said that PGP is too hard, that GNU is too hard, and
that people who do not know enough to set up PGP should just use Hushmail or
similar similar services.
>
>> But it's better than nothing, right?
>
> Only in the sense that being shot in the leg is better than being shot
> in the head.
>
>> None of what you say has any bearing on the fact that, in terms of
>> security, Hushmail and similar services represent a giant, gaping
>> hole, one which a serious and determined adversary can and will
>> exploit.
>
> See leg and head argument.
What about it?
>> At some point, you will have to meet your contacts in person -- even if
>> you use Hushmail, to verify their identities and public keys -- at which
>> point you can take the time to set up PGP or S/MIME for them.
>
> I don't meet everyone I communicate securely with in person by
> definition it may be the usurpios thing to do.
Well, then, how do you verify that the person you are emailing is actually
who they claim to be? How do you know there is no man in the middle? With
PGP, you would use the web of trust, which implies meeting at least some of
your contacts; with S/MIME, you would use a CA. What do you use with
Hushmail? If it is a web of trust, then you actually have no advantage in
terms of usability over PGP, since maintaining a web of trust is basically
the hardest part of using PGP.
>> If neither you nor your contacts are competent enough to do that
>> much, then you should be hiring someone who is.
>
> Yes, of course, everyone who wants to communicate with me especially
> if I /need/ them should pay for the privilege, you've become
> agnostically absurd.
No, that is not what I said. I said that if you need secure communications,
and neither you nor your contacts is able to set it up, then you should hire
someone else to do it. You should not use snake oil solutions that have
been broken in the past.
>> It may be a little
>> less convenient, but if the security of your communications is
>> important to you, that is what you will have to do. At the end of
>> the day, that is what it boils down to: how important security is
>> to you, versus how important convenience is.
>>
>> -- B
>
> And whether the leg or head, yes?
No, more like, being shot versus wearing Kevlar.
-- B
Mr. B
> [...]
>
>> Seriously, you're not making any sense. All I see is a lot of rhetoric
>> and conspiracy theory nonsense. In any case, regardless of your political
>> persuasion, absolutely none of it has anything to do with the efficacy of
>> key escrow and such within the context of personal security. The
>> consensus is those are BadThings(tm) and nothing you replied with even
>> addresses said issue, let alone refutes it.
>
> HS, my job is to analyze privacy concerns from a legal perspective.
> I'm well aware of the myriad of players involved, both public and
> private.
>
> My point is a mirror of yours. If we are to tolerate illegal
> activities in pursuit of "security", then we had better be prepared
> to tolerate illegal activity in the protection of individual liberty.
> Because for many people, it will come to that.
What does that have to do with anything in this thread?
-- B
nix
> On Usenet, you are judged by what you say, not by who you claim to be or
> what you claim your name is.
You're through, no more time for know-nothing, circular argumentative
anonymous, credentialess copy and paste freaks.
*plonk*
Ari Silverstein
> On Thu, 06 Jan 2011 08:25:37 -0500, Mr. B wrote:
>
>> On Usenet, you are judged by what you say, not by who you claim to be or
>> what you claim your name is.
>
> You're through, no more time for know-nothing, circular argumentative
> anonymous, credentialess copy and paste freaks.
>
> *plonk*
Gee, never saw that coming. /lol/
Mr. B
> On Thu, 06 Jan 2011 08:25:37 -0500, Mr. B wrote:
>
>> On Usenet, you are judged by what you say, not by who you claim to be or
>> what you claim your name is.
>
> You're through, no more time for know-nothing, circular argumentative
> anonymous, credentialess copy and paste freaks.
There was nothing circular about my argument, which you have provided
absolutely no refutation of. I pointed out a serious vulnerability in
Hushmail, cited an example of that vulnerability being exploited, and noted
that there are much better alternatives that require minimal additional
effort to use. If you think that I just copy and pasted anything I posted,
please prove it by providing a link or citation.
-- B
Ari Silverstein
Uh, Hey, "B" best read up on what "PLONK" means. lol
<https://secure.wikimedia.org/wikipedia/en/wiki/Plonk_%28Usenet%29>
Ari Silverstein
> In article <8okjsb...@mid.individual.net>
> Ari Silverstein <AriSilv...@yahoo.com> wrote:
>
>> A personal favorite. As she is lying on her back and you are hammering
>> her on your knees, you very carefully move forward and prop yourself
>> (without using your arms) on your dick while it is still inserted in
>> her vertical seafood taco. You then proceed to flap your arms and let
>> out a long shrieking howl, much like a flying camel.
>
> seafood taco? sounds like you prefer some foul women, grunge
> monkey. was that how your sister smelled, because i know you have a
> fetish for kin? you are one disgusting piece of camel dung. fly
> on that.
Guess you've never had a good sniff of most pussies there Mr.
Anonymousie. Fly on that. lol
Ari Silverstein
> And for your sake you better not be Paul Fox under dasfox.com because if
> you are then TROUBLE is coming your way by trying to defame my character!
*Uh, come again?*
> So you better have a VERY GOOD REASON!
>
> On Wed, 05 Jan 2011 13:32:25 -0500, DASSfox wrote:
>
>> On Wed, 05 Jan 2011 09:32:40 -0500, Mr. B wrote:
>>
>>> DASSfox wrote:
>>>
>>>> Well the title says it, anyone know any good online encrypted email
>>>> services or a nice method for using your own client?
>>>
>>> At this point, I can already see that bad advice is going to be given;
>>> if you want encryption, online services are a really bad idea. Does
>>> nobody remember the Hushmail debacle anymore?
>>
>> I'm up to speed on Hush...
>>
>> Anything nix uses I don't want by default...
>>
>>> Your keys should remain under your control, at all times. They should
>>> not be stored on a third party server. They should not be decrypted by
>>> that server, or by an applet which is sent by that server.
>>>
>>> -- B
>>
>> That way I can keep them on my Linux box or W7 box or MAC box...
>>
>> I should have said the abbreviation 'nix but then noobs might think I
>> meant nix...
>>
>> THANKS
DASSfox
> On Thu, 06 Jan 2011 04:19:38 -0600, DASSfox as DasFox wrote:
>
>> And for your sake you better not be Paul Fox under dasfox.com because if
>> you are then TROUBLE is coming your way by trying to defame my character!
>
> *Uh, come again?*
Having trouble reading, Goblin...?
Nomen Nescio
Mr. B, I have tried to tell you. Don't feed the trolls. Nix and assfox and
the rest of the faggots from wildasssecurity are a bunch of lamo asshots
from alt.perennial.fucking.n00b. Just killfile them so the rest of us don't
have to read your replies. Have a little consideration.
You're a good man, Mr. B. I like what you have to say. But don't make me
killfile you just so I don't have to see you replying to these jerkoffs.
Cause I'll do it if I have to...