|
|
| Author |
Message |
wyndowlicker
Member of the Month
|
| Joined: 17 Feb 2005 |
| Posts: 41 |
| Location: honeycomb hideout |
877.82 Points
|
|
|
PGP Link.
Fri Feb 18, 2005 10:35 am |
 |
|
Hey now,
This is a very important thing for people to start using.It may take some time but it cane be very helpful.
http://www.pgpi.org/ |
|
| Back to top |
|
 |
weedar
|
| Joined: 21 Feb 2005 |
| Posts: 11 |
| Location: Norway |
53.60 Points
|
|
|
Mon Feb 21, 2005 4:57 pm |
|
|
Actually, the admins here might want to consider adding a new field to the
user profiles for everyone's public PGP key, eh?  |
|
| Back to top |
|
|
brixtonj
|
| Joined: 29 Mar 2005 |
| Posts: 24 |
| Location: Brixton , London SW9 |
902.26 Points
|
|
|
utility of PGP ????
Wed Mar 30, 2005 5:09 am |
|
|
| weedar wrote: |
Actually, the admins here might want to consider adding a new field to the
user profiles for everyone's public PGP key, eh?
|
Hi , People . I somehow disagree with that . Having a PGP field , or even a synthetikal PGP key-ring would be of no-utility at all (security wise) .
Let me elaborate why.
In our case , the risk of information ecchange , is not that LEA can eavesdrop some emails that members could send beetween them . I am a IT professional , and eavesdropping arbritraty mail (that is .. a mail sent from MemberA in UK to MemberB in -say- US ) ,is close to impossible .
PGP is much more of utility for employees (in which the company may *and do* filter ,and read the emails sent ). Or for military , etc...
Surprisingly , a mail sent from a web-mail service to another webmail server is close to imposible to intercept. (dont let that echelon myths perdure). Thus there's no real need of PGPing messages beetween members.
Also , our biggest (indeed our only ) danger is that LEAs sign-up aswell as members, and up to day , there's no way to tell them from the real decent people !! . They can get all the files/member information / (hopefully the web doesnt keep IP's!! otherwise some people are fuckd ! ) . These LEAs can /will probbably join that online chemistry bachelorship thing , and get into the forums as active members , even post clever threads , etc... and look like our best friends .
Therefore sharing our PGPs would only give members a UNREAL feeling of security , where It isnt any , really. If two people trust each other .. then they can mail (hotmail , etc.. ) without any problem . However if we encourage people to trust each other , just 'cos they got a PGP key , then people could do really stupid mistakes.
Well , that's my view. Oppinions ?
Is it any -hypotethical- case in which having access to other' member's public keys would be of utility ?
Brixton_J |
|
| Back to top |
|
|
|
|
|
Wed Mar 30, 2005 6:26 am |
|
|
Authorities can arbitrarily intercept a person's email. The technology to do this is certainly in place in the UK and likely in the US. This is just the local snoops (MI5, police etc.), the internation security services have been doing this for years with Echelon. They also have the facility to sniff traffic for keywords and patterns. PGP prevents snooping and also provides a means of authenticating the sender. PGP is a vital tool. Everyone should use it and also understand the pitfalls.
There is something strange about your post brixtonj. |
|
| Back to top |
|
|
brixtonj
|
| Joined: 29 Mar 2005 |
| Posts: 24 |
| Location: Brixton , London SW9 |
902.26 Points
|
|
|
Wed Mar 30, 2005 7:10 am |
|
|
| MargaretThatcher wrote: |
Authorities can arbitrarily intercept a person's email. The technology to do this is certainly in place in the UK and likely in the US. This is just the local snoops (MI5, police etc.), the internation security services have been doing this for years with Echelon. They also have the facility to sniff traffic for keywords and patterns. PGP prevents snooping and also provides a means of authenticating the sender. PGP is a vital tool. Everyone should use it and also understand the pitfalls.
There is something strange about your post brixtonj.
|
Hi !! .I agree with that the Authorities can intercept (or try to intercept) arbitray emails. But doing it is much much more difficult than what appears to be .Really .Mail snooping is done nearly 100% at your office , with the consent of your employer. "General purpose" (i.e. from internet cafe to another internet cafe) internet traffic is much much more difficult to eavesdrop . (if one decides to believe in that Echelon legend... then Its done in England) . But definitely chances are that a email from -say = Spain to -say- Australia is never snooped , nor it can be.
Anyway , you didnt got my point. Obviously some mails are screened ,and any drug-related email should be encrypted , ok. What I see pointless ,is publish here a list of pgp keys of the members .The danger is not sending a mail to someone (asking for reagents , say) and that mail be eavesdroped.
The danger (as I see it) is asking someone (via a nicely pgp encrypted mmail ) and that someone be a LEA /Sting/cover oops.. And then , PGP or not PGP doesnt not a bit of a difference.
Having said that .. Id must admit that I didnt think about the digital signature aspect of pgp. That would indeed a really good idea ... but I oubt people would use it much , really. As we say (and I work on IT security) People which does PGP doenst need to , and people which indeed needs it , doesnt use/know how to use it.
Anyway ,, HAva nice day.
bj. |
|
| Back to top |
|
|
Spacemonkey
|
| Joined: 14 Feb 2005 |
| Posts: 29 |
|
759.14 Points
|
|
|
Wed Mar 30, 2005 8:32 am |
|
|
| Quote: |
Hi !! .I agree with that the Authorities can intercept (or try to intercept) arbitray emails. But doing it is much much more difficult than what appears to be .Really
"General purpose" (i.e. from internet cafe to another internet cafe) internet traffic is much much more difficult to eavesdrop
|
You are sadly misinformed on this, It really isn't as hard as you seem to think. Really. And working in "IT Security" You should realize why this is so.
| Quote: |
(if one decides to believe in that Echelon legend... then Its done in England)
|
Bah. Echelon is not a legend. See the collection of documents here for example:
http://www.fas.org/irp/program/process/echelon.htm
| Quote: |
But efinitely chances are that a email from -say = Spain to -say- Australia is never snooped nor it can be.
|
Why can it not be?
| Quote: |
|
Anyway , you didnt got my point. Obviously some mails are screened ,and any drug-related email should be encrypted , ok. What I see pointless ,is publish here a list of pgp keys of the members .The danger is not sending a mail to someone (asking for reagents , say) and that mail be eavesdroped.
|
I'm not sure what you're saying here. Do they not speak the Queens English in the UK anymore? Or is it not your native language; which is cool, but still.
| Quote: |
|
The danger (as I see it) is asking someone (via a nicely pgp encrypted mmail ) and that someone be a LEA /Sting/cover oops.. And then , PGP or not PGP doesnt not a bit of a difference.
|
True. Encryption is not a panacea to all problems with the law. Which is why you shouldn't go around asking strangers to help you commit physical crimes or suspicious acts (like buying, selling, trading sources for "reagents").
| Quote: |
|
Having said that .. Id must admit that I didnt think about the digital signature aspect of pgp. That would indeed a really good idea ... but I oubt people would use it much , really. As we say (and I work on IT security) People which does PGP doenst need to , and people which indeed needs it , doesnt use/know how to use it.
|
Generalizations are usually false.....
And then wouldn't you say then, that it's a good idea to show those who need it why and how to use encryption? At least as it applies to our interests on these boards?
| Quote: |
Anyway ,, HAva nice day.
|
Every day we're still here is a good day. |
|
| Back to top |
|
|
brixtonj
|
| Joined: 29 Mar 2005 |
| Posts: 24 |
| Location: Brixton , London SW9 |
902.26 Points
|
|
|
Wed Mar 30, 2005 4:39 pm |
|
|
Hi !!!
<Not Speaking English at 100% as Its not my mother language at all.Indeed not in UK (just the nick I used to have from long t ago) , Indeed I am based much much more South  and indeed not working in "Internet Security" , but some kind of consumers-good algorithmic security that you breach much more often ... but that's not the point>
-Still make it to Brixton from time to time.though
back to email encryption.
If you understand how internet works... , gennerally speaking , ITs nearly impossible trap / screen all TCP packets , and screening them to search for something suspcicious. It may be done at one end (a company's mail server) or at a obvious link (such as UK->US T3 link). But -in general- when you send a mail .. that mail is decompossed of 512 bytes chunks .. and these chunks travel (with not particular order ) by any of the several possible routes , forwarded and forwarded by servers to be just recomposed at the en POP server.
Just for fun .. there are some mail tracking utilities in which you see the path of your particular email over a world-map .. and its awesome. Its following a different route every time. And It uses -sometimes- goverment servers ,! ,or university servers , or company servers , etc.. and ALL of these (and the thousands more out there) should be cooperating with LEAs to consistently being able to screen emails.
To really trap /screen every mail .. echelon , or -you name it- should log every possible traffic server in the world , and I am sure It doesnt.
OK , PGP use in our Hobbies is of great utility. I do .. You probbably do and most people do PGP whenever they send/talk about something hot. Its probbably overkills ,but Its better safe than sorry.
BUT publising here the set of public PGP keys for everyone perhaps would mislead people (as it often do ) to trust someone just'cos they know their PGPkey !. If you send a wrong-doingg mail l to the wrong person (and THAT's the security problem I see) , It doesnt matter if it is 2048 bit PGP encrypted or not .. tha then .. you are fuckd.
In other words ... sending mails (related to our hobbies ) to unknowns (and that's the use of publishing our PGP keys) is much much more dangerous than sending then unencrypted .
Anyway ..-I didnt really thought about the digital signature .. that would be a really usefull tool over here-. Really.
A real pleasure to talk to you .
Hava good day. |
|
| Back to top |
|
|
Spacemonkey
|
| Joined: 14 Feb 2005 |
| Posts: 29 |
|
759.14 Points
|
|
|
Thu Mar 31, 2005 5:39 am |
|
|
Brixtonj, apologies if I came off hostile, you do seem to know what you're talking about.
Your last post clarifies quite a bit that I apparently misunderstood.
Though I still say you underestimate the capabillites of those who would wish to monitor the internet, it was born of a US DOD project after all...
Cheers |
|
| Back to top |
|
|
|
|
|
Thu Mar 31, 2005 6:20 am |
|
|
Echelon is certainly considered capable of sniffing most internet data. It may not get it all, but it gets most. Echelon is an Anglo Saxon thing. It is also controlled by the international snoops, not internal. Hence, in UK and likely other countries, the ISP black boxes for internal snoopers.
It is certainly possible to snoop a particular IP address. It is also possible to sniff all data and look for suspicious data. Both are done.
Remember the Cold War? Well since then, security budgets have increased hugely. Back then, they could do anything they want, and they still can. You won't get your door kicked in for coming here, but you might end up on a list. Who knows what will happen in the future. Don't get on a list: be sensible and use a good proxy. TOR. |
|
| Back to top |
|
|
Polverone
|
| Joined: 12 Feb 2005 |
| Posts: 28 |
|
846.64 Points
|
|
|
Thu Mar 31, 2005 9:12 am |
|
|
Even better would be to make "the list" (if we suppose that lists are made at all) for this site unmanageably long. There should be some extremely popular forums to draw traffic to mask the interest in the chemistry forums. I suggest this site add forums dedicated to automobiles, the club scene, popular videogames, and personal ads  . Force all traffic over https. You may have to upgrade hosting packages several times to handle all the visitors, though.
I applaud the widespread use of encryption, no matter what the situation, as it makes opportunistic signal intelligence much harder. The US has been suspected of using signal intelligence to aid domestic companies against foreign competitors in high-value commercial deals. It's not just the paranoid and the law-skirting individuals who should try to work encryption into their communications channels. Unfortunately, it can be very hard to use encryption or persuade others to use it since most people currently do not. It's a long, slow slog toward ubiquitous encryption, and applications like PGP don't (or didn't) make it easy for new users to get started, what with their confusing talk of webs of trust, digital signatures, public and symmetric keys, and all the other stuff someone doesn't want to learn about just to send email. For preventing opportunistic signal intelligence, if for no other reason, it would be good to have an email client with dead-simple "dummy" options that will encrypt and verify signatures of mail between two parties with their keys, so that users can start reaping some benefits of encryption without first understanding the whole ball of wax. |
|
| Back to top |
|
|
brixtonj
|
| Joined: 29 Mar 2005 |
| Posts: 24 |
| Location: Brixton , London SW9 |
902.26 Points
|
|
|
Thu Mar 31, 2005 12:34 pm |
|
|
| MargaretThatcher wrote: |
|
EYou won't get your door kicked in for coming here, but you might end up on a list. Who knows what will happen in the future. Don't get on a list: be sensible and use a good proxy. TOR.
|
Yep! . thanks a lot for the Tor advice. Really . Now I feel a bit stupid , having spent -for not reading your post about tor before- 45 US$ on a useless yearly anonymizer connection fee !!!! I find it -as you said- much more trustable ,let alone the open-source thing which is reassuring !!
Well , the good thing is that I use Tor now in every possible computer I have !!! Thanks again .
HAving said that.. I dont think that echelon' has infiltrated every one of the nearly hundred thousand T1/T3 servers. Maybe those in USA , or even those in UK. But I seriously doubt it that every server from -again- Spain to Australia is cooperating with echelon.
There's not definitely any algorithmic way to known which route a TCP packet is gonna follow -beforehand- . so to get /trap all
traffic originated by -say= my ip to your mailer POP server ... they should log all the servers in the fu**inkg world for a while (companys , universities , etc) , and then filter out my ip , which is obviously impossiible. I doubt it they could do it even for Bin ladens' mails. Definitely not for mine/.
Remember that In the rest of the world , Internet is much much less goverment controlled than in the US or UK (where It began as a military network thing ) , with all these military servers , dedicated connections , etc.. In Germany , France ,Spain , etc.. Its backbone servers are often from Educational/Universities/ broadcasting/freelancing entities , really dificult to control by the goverment.
But again .. better being safe than sorry . Thanks for the TOR advice !!![/u] |
|
| Back to top |
|
|
|
|
|
Powered by phpBB 2.0.11 © 2001, 2002 phpBB Group
Igloo Theme Version 1.0 :: Created By: Andrew Charron
|
Forums
Rhodium
The Hive
Shop
Profile
Log in
Register
Log in to check your private messages
725