@mathias So when did you receive an encrypted e-mail (for a good reason, not just a joke) the last time? Or in other words, how many did you receive last year?
@mathias My experience too. Between 2000-2003 almost all my work e-mail were encrypted. Since I left that place, only encrypted e-mails I sent/received were passwords sent around. And since we have encrypted channels in Element/Matrix, not even that is a use case for e-mails anymore.
I however use my GPG keys extensively for 1) signing my e-mails - I find that extremely appealing, especially in business context; and 2) ssh
keys (I use GPG key on a Yubikey with ssh-agent
for access). But encrypted e-mails? Not really any more…
@FailForward @mathias
Sorry for interference here, but encrypting private messages makes sense in, how do I put it, politically tense situations. Especially for certain type of messages. I usually dont use it but most of my friends (ones who know how to use the stuff) have my public pgp just in case. You never know these days.
Indeed, you are right. But you shall do a proper threat/risk analysis. For instance, there’s this problem: with PGP/GPG your e-mail is encrypted in transport, but then you read it on a potentially compromised machine. I find the most annoying thing with encrypted e-mail that I cannot search in it (I do search in my mailbox 20 years back quite often). Finally, often the metadata is more damning than the content: “hey, so you communicated with that and that criminal? Ahaa!” - and I am not going to look up that xkcd comic with the wrench, you saw it, I am sure ;-).
It seems to me, for really really politically sensitive comms, I would think deeply about the whole transport chain and I would not let the thing even touch my e-mail - like never even touch 1) my domains (ideally not even country TLD which can be associated with me), 2) certainly not any SMTP/IMAP servers associated with me, 3) not even any direct connection with my own computer. And I would care deeply about whether the message is persistent (bad!) or ephemeral (good!). In this sense, maybe Tor+anonymous Protonmail account - if it must be e-mail, or ideally some ephmeral anonymous snapchat stuff could work better than e-mail. Simply: go the Snowden way.
@FailForward @mathias
:D I think I have seen this at some point, indeed. The point is not necessarily to protect oneself from being taken in. If they caught you there is little to nothing that can be done. But covering your ass up at least from automated search queries is good enough. And I’m not necessarily talking about emails, more like instant messaging.
@academicalnerd @mathias I was thinking today about the fact that encrypted e-mail still leaks metadata. This is an acceptable risk in business where it’s typically public with whom you trade, but you need to exchange trade secrets, i.e., content. Leaking metadata is problematic in 2 contexts: against corporates which build your profile and and against state actors. I find it somewhat amusing that plenty (if not most) people who want to protect their privacy and are fleeing WhatsApp still use gmail accounts all the time π.
Anyway, I am digressing. What I wanted to say is this: it’s probably fair to say that GPG encrypted e-mail is about the same level of privacy as WhatsApp. You don’t leak content, but you leak metadata. Now the questions is “to whom?”. In the case of e-mail potentially to state actors (filtering traffic and illegal access to servers). In the case of WhatsApp, it’s to FB AND US govt et al, i.e., selected state actors (let’s not be naive, we need to assume that FB cooperates). If you use Gmail, the same.
To finish off this rant, I have a feeling that using WhatsApp might not be actually too bad in the end. I rather leak my metadata to US govt than to Chinese.
Of course this is all somewhat incoherent late Friday stuff, anyway, I am in a mood to rant a bid :-).
@FailForward @mathias
That looks dope. I added it to bookmarks, gonna nerd into the thing later…
@academicalnerd @mathias So I tested this and it works really well.
@FailForward @academicalnerd @mathias will check out deltachat when I get some time.
An angle that gets missed with the "don't worry unless it's politically sensitive" approach is that state actors at least, and large corporations at worst, get a free option on reading your data. Or to be more precise, they get a free option on *most* people's data while more privacy concerned folks have a more "hardened" chain of comms; this free option on comms for most people is a social engineers gold mine.
If you can measure it, you can control it. Now I don't believe that much social engineering goes into much more than getting people to spend money *most* of the time and that most of the evils of social media are byproducts of technological amplification of what makes humans tick.
But on balance of probability there are certain hot button political issues that social engineering might be used in earnest. If to 90% of the populations day to day chatter was accessible it would make it simple to measure what was on people's minds and, as I said, if you can measure it you can control it. the infamous "memory hole" might well operate on a similar principle.
Even if this sort of thing isn't done right now it's not a great tool to leave on the table. So while I'm big fan of privacy tech we still leave most of our societies open to this stuff, on the aggregate. Social media isn't going anywhere and people actually *want* to share this stuff, can't stop 'em and it is a big part of our lives now for better or worse.
In any case, a fairly standardised and easy to use decentralised messaging service would be a really strong medium/long term goal. Most people you talk to aren't happy about being listened to in private comms (everyone has a story about getting ads for stuff they spoke about in private) and would use a service if it was simple and easy to use.
TL;DR Using hardened comms for politically sensitive stuff is a good stopgap but we need to be more ambitious and inclusive to deny "soft surveillance" to would-be social engineers
Using hardened comms for politically sensitive stuff is a good stopgap but we need to be more ambitious and inclusive to deny “soft surveillance” to would-be social engineers
Absolutely. As engineers, we however need to understand that there’s a balance between privacy and convenience. Most people fall for convenience first, privacy later. I.e., we need to make privacy convenient.
@FailForward @skells @mathias
Good. Lord. Tried deltachat out today, it’s sooo good. Ridiculously good. Like telegram, but actually, you know, secure. And the client is pretty good, too.
@academicalnerd @mathias BTW, recently there was this chatter about Delta Chat flying around here. Go and check out https://delta.chat/en/. I find it so intriguing. Implemented via existing e-mail channels, i.e., SMTP (and IMAP?). No phone numbers, no central servers, no nothing. You can directly speak anybody via their e-mail, even if they never heard about delta chat, it’s all encrypted (as e-mails in transport), etc. Since I found out about it, I wonder “how come nobody came up with this idea before?!” It’s just so obvious… Hidden in plain sight. I am really intrigued… Need to check out.