[Bradford] email and encryption

Robert Burrell Donkin robertburrelldonkin at gmail.com
Thu Aug 15 10:07:46 UTC 2013 

On Wed, Aug 14, 2013 at 8:29 PM, Dick Thoms <xpd259 at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> as some of you may know I'm *bit* of a paranoid bunny

:-)

A little big of knowledge goes a long way, IMHO

Read the history of GC&CS and UK->USA cooperation in code-breaking.
The Atlantic powers haven't abandoned Churchill's World War II-winning
strategy: collect, read, turn-in-place and keep operation capacity
ultra secret. The NSA, CGHQ and their sister organisations in Canada
and Australia read all and remain quiet. The worse that will happen to
you is that you'll be turned in place...

Most of the talk seems to be a smokescreen aimed at obfuscating the
real issues: idiotic amateurs in other agencies. Don't fear the NSA -
fear your local council, fear homeland security, fear embarrassed
politicians and so on. RIPA (in the UK) and FISA (in the US) has been
regularly abused by local idiots interested in throwing their weight
around to further their personal grudges.

Fight, yes, but fight smart. Decrypting communications won the
Atlanticists two world wars, saving millions of lives. These weapons
of this information age will not be lightly set aside, and we do so at
our peril. Fighting for unilateral disarmament will only increase the
chances of losing your freedom to a foreign power. Instead, fight to
keep these weapons firmly in the hands of the secret services only.

I prefer to think about information cleanliness: the threat from local
officials and criminal gangs seems to me a more credible threat.
Small, easy, simple measures go a long way against these threats. Use
Linux :-) Use dmcrypt to encrypt /tmp with a random session key.
Encrypt /. Use an encrypted home direction. Dremmel your old hard
discs before throwing them away.

> news stories like [1], [2] don't help and the NSA saying any email
> over xx days is dormant and ripe for reading.
> But sadly for most people GPG and encryption is not easy so here is a
> mail client to keep an eye on mail pile[3]

FWIW...

My best guess is that the NSA, CGHQ and the Chinese have the capacity
to read any email they wish, below SHA512+16k public key but not in
bulk. Since 2010ish MD5+1k public keys are no longer considered safe
enough by the NSA for governmental privacy (as opposed to secret) so
it's likely that these are routinely read in bulk by the first
division powers (US-UK-Can-Aus, China, Russia and Isreal), and any
emails they wish to be may be read by any second division powers and
by big crime.

To evade traffic analysis by US-UK-Can-Aus, a strong key isn't enough
(it will just take longer to crack): you really need to be sending
using Tor and also routinely posting encrypted gibberish.

Robert

More information about the Bradford mailing list