patrick.net

Newsflash: email in general is totally not a secure means of communication. If you have something confidential, don't transmit it unencrypted. And if its something really, really really private and you can't risk it ever being discovered, don't put it in digital form at all, let alone transmit it across a public network.

Call it Crazy says

Duhhhh... What did everyone expect from a FREE email service????

The point is that even those with paid email service to send email to a gmail account will have their entire email copied and cataloged.

I created a thread about this report earlier:

"Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”"

The same might be true for most e-mail providers, regardless of payment. Mailvelope offers free encryption for Gmail, but I don't know much about it. Any advice from more knowledgeable people?

curious2 says

Any advice from more knowledgeable people?

In principle, if everyone opened up their wireless routers for ad hock networking, the people could create a peer-to-peer internet independent of the centralized Internet currently in use. By using encryption design to deal with Man in the Middle attacks, a virtual private internet, independent of government intrusion or any regulation, could be created. Such peer-to-peer, adhoc wireless networks could span entire cosmopolitan areas like from Washington, D.C. to Boston.

However, if such a cooperative effort took off, I suspect that Congress would pass a law making adhoc encrypted networks illegal and the people using them assumed terrorists.

The main technical challenge would be connecting area far away regions of high density. Such connections would have to rely either on slow and expensive satellite connections or the existing Internet infrastructure. However, VPN could prevent ease-dropping on the traffic sent between ad hock wireless networks over fiber.

Thanks Dan, but I think you meant "ad hoc" and "eavesdropping". I meant what can individual users do today, not what might conceivably be done if everyone could overcome somehow their deep divisions and cooperate.

curious2 says

Thanks Dan, but I think you meant "ad hoc" and "eavesdropping".

Yeah, it's 2 a.m. here.

curious2 says

what can individual users do today, not what might conceivably be done if everyone could overcome somehow their deep divisions and cooperate.

Teach your friends and family to us asymmetric encryption. It actually isn't that hard. Encrypt every email you send with the recipient's public key. Have the other party do the same with your public key.

Such messages can only be decrypted with the corresponding private key. If everyone did this, not even the NSA would be able to read messages. It would take them way the hell too long to break even a few long keys.

Get app developers to write open source apps that support encryption for all network communication using asymmetric encryption. Use this for video chat, telephony, etc.

Of course, I suspect that our government would make this illegal as well if it became popular. But the technology has been available since the 1970s.

Dan8267 says

Teach your friends and family to us asymmetric encryption.

That's why I posted a link to Mailvelope, and a thread on related topics. But, I don't have your expertise, and I don't know much about specific services. You can say "asymmetric encryption" as if everyone knows what that means and how to do it, but that doesn't really explain how. I assume you mean GPG&PGP, which require downloads etc.

Luckily, you don't have to know how the technology works in order to use the technology. You just have to get familiar with the services offer. The guy behind Mega is trying to offer an encrypted Internet suite.

But if your interested in how it works, How Stuff Works has a good overview.

http://computer.howstuffworks.com/encryption3.htm

Dan8267 says

Luckily, you don't have to know how the technology works in order to use the technology. You just have to get familiar with the services offer.

Which do you recommend, and how does anyone know which of them to trust? Even Tor has been targeted by malware, and there is the question of who exactly is "volunteering" to host Tor exit nodes and why so many happen to be in Romania.

Dan8267 says

The guy behind Mega is trying to offer an encrypted Internet suite.

...but he isn't offering it yet, and he does have a record of - reportedly - fraud and hacking and embezzlement. That doesn't inspire a lot of trust.

The issue of trust is a bit like the position of the USD. We can say Bubbles Ben is printing with abandon, and yet other currencies are trusted even less. Likewise we can say the US government is reportedly breaking its own privacy rules thousands of times annually, but other actors (state and non-state) might be worse. Edward Snowden went from America to Russia, not exactly an improvement in terms of human rights.