Forgot your password?
typodupeerror
Electronic Frontier Foundation Encryption Government Open Source Privacy United States

A Year After Snowden's Disclosures, EFF, FSF Want You To Fight Surveillance 108

Posted by timothy
from the why-make-it-easy-for-'em? dept.
Today, as the EFF notes, marks one year from Edward Snowden's first document leaks, and the group is using that as a good spur to install free software intended to make it harder for anyone (the NSA is certainly not the first, and arguably far from the worst) to spy on your electronic communications. Nowadays, that means nearly everything besides face-to-face communication, or paper shipped through the world's postal systems. Reader gnujoshua (540710) highlights one of the options: 'The FSF has published a (rather beautiful) infographic and guide to encrypting your email using GnuPG. In their blog post announcing the guide they write: "One year ago today, an NSA contractor named Edward Snowden went public with his history-changing revelations about the NSA's massive system of indiscriminate surveillance. Today the FSF is releasing Email Self-Defense, a guide to personal email encryption to help everyone, including beginners, make the NSA's job a little harder.'" Serendipitous timing: a year and a day ago, we mentioned a UN report that made explicit the seemingly obvious truth that undue government surveillance, besides being an affront in itself, chills free speech. (Edward Snowden agrees.)
This discussion has been archived. No new comments can be posted.

A Year After Snowden's Disclosures, EFF, FSF Want You To Fight Surveillance

Comments Filter:
  • by Anonymous Coward
    Some decent tools on their site. [resetthenet.org]
  • So, it's not just the US spying on Americans in America, it's apparently Canadians spying on Canadians in Canada.

    • by Anonymous Coward

      No - check out the "UKUSA Agreement"...
      The Canadians are spying on the Americans, New Zealanders, Australians and Brits.
      The Americans are spying on the Canadians, New Zealanders, Australians and Brits.
      The New Zealanders are spying on the Americans, Canadians, Australians and Brits.
      The Australians are spying on the Americans, Canadians, New Zealanders, and Brits.
      The Brits are spying on the Australians, Americans, Canadians, and New Zealanders.

      All perfectly technically legal.
      All rather unstoppable as long as

  • by nine-times (778537) <nine.times@gmail.com> on Thursday June 05, 2014 @01:49PM (#47173447) Homepage

    There's no point in encrypting your email with something like GPG if you're the only one using it, and most people aren't going to use it until it's easy.

    I know, you'll tell me it's easy. Just download this software, install it, and it'll work for your email client assume you're still using an email client and there's a plugin available for it, which there might not be. Otherwise you need to copy and paste and stuff, and... oh right, then there's also the whole issue of managing keys and keeping a backup copy safe. Most people don't back anything up.

    You have to make it easy. Someone will get angry because I appear to be praising Apple, but take iMessage's encryption for example. Do people using it know that their messages are encrypted? Probably not. Are they given a choice? No. Do they know that they're generating encryption keys? Probably not. Are they asked to manage their own encryption keys? No.

    That's easy. GPG isn't. Email encryption needs to be that easy, or people won't use it.

    • by PRMan (959735) on Thursday June 05, 2014 @01:53PM (#47173475)
      Gmail is working on it. And they're trying to get other e-mail providers onboard.
      • by Anonymous Coward

        Listen, Google does evil. It has done nothing but evil - but it does it with a smile. I wouldn't trust anything Google does because it's always in favor of their business model. The product they sell is intimate details about you, and free software is the currency they use to pay for their product.

        I haven't seen the details on Google's "encryption", but I wouldn't trust it unless the encryption/decryption happens only in the browser/client sending or receiving an email.

        If the encryption is just mail serv

      • The W3C should standardize the way 'End-to-End' communicates with the website. It has a huge potential, not just for mail but also for chat or with WebRTC.

      • by mlts (1038732)

        Maybe this is pure Ludditism, but the best security is gotten by having a MUA that is separate from the e-mail provider, and the MUA handles PGP/gpg or S/MIME keys.

        There is something nice and convenient about Web based E-mail, but it is at a cost of end to end security.

        It isn't as good as end to end, but with Exchange, one can do encrypted TLS connectors with other Exchange sites that one does a lot of E-mail or other messaging with. This will secure the E-mail as it goes from site "A" to site "B". Howeve

        • by AmiMoJo (196126) *

          It's a trade off. Less security for transparent operation and ease of use. Infinitely preferably to the current situation where there is zero security.

        • There is something nice and convenient about Web based E-mail, but it is at a cost of end to end security.

          Not necessarily. We would just need a standard protocol for handling encrypted webmail, and then universal browser implementation for that protocol. Like maybe you wrap the output in <encrypted></encrypted> tags, and then browsers know how to interpret the tags and have access to the private keys. Google already syncs settings and extensions with your chrome profile, so if you trusted Google to do it, they could even sync your private keys. If you didn't trust Google, then we'd just need to

          • by mlts (1038732)

            We sort of have that with OpenPGP encrypted files, and Web add-ons. However, it assumes one is going to load their private keys into the Web browser... and because the Web browser is the first thing that gets its face curb-stomped come a 0-day, this may not be a wise thing unless there is OS support for keeping the keys, decryption module, and decrypted text viewer/attachment manager well out of the browser's OS context.

            The reason I suggest an old fashioned MUA is because they tend to not be as vulnerable

            • ...when configured properly...assuming scripting is turned off by default.

              You know what happens when we assume.

              The problem with expecting people to have mail clients is that it can be very inconvenient when people aren't bringing their own computer with them. Web applications have the benefit of being available cross-platform on any computer with a web browser that can access the internet. Another problem is that mail client development has been somewhat stagnant. What are my options? Outlook or Thunderbird? And how has Thunderbird improved in the past 10 years?

              I mean, re

      • gmail will NEVER have encrypted mail, end to end.\

        why?

        think about it. their whole business model is about looking at your stuff. if you encrypt it, they can't see it.

        also, the other main reason is that you can't do searches if your on-disk data is encrypted.

        so, a web company will NEVER give true end to end (including on-disk) enryption. its againt their whole business model for many reasons.

        • by AmiMoJo (196126) *

          What they are talking about is encrypting email before it leaves Google's servers and goes out onto the wider internet. The NSA/GCHQ intercept email sent that way - it was in the Snowden slides. This would at least make bulk surveillance much harder, if not impossible. Sure, they could force Google to hand over decrypted copies, but at least that would require some kind of legal process instead of just hoovering everything up into a massive database.

          This also has the added benefit of being transparent to th

      • by exomondo (1725132)

        Gmail is working on it. And they're trying to get other e-mail providers onboard.

        I can't seem to find much credible evidence to back that and certainly an end-to-end encryption model would run contrary to their entire profit model for gmail, if implemented correctly it would mean no more targeted advertising and I wouldn't think they would be very keen on doing that.

        • by AHuxley (892839)
          Where your "free" fully encrypted email/chat reverts to plain text for advertizing, that is where 5+++ governments, ex gov staff, former gov staff are waiting.
          You have seen the lists of brands that fully, willingly and over years allowed this to happen on/deep in/to/from their own branded, dedicated networks.
          The backhaul, client, server can have all the fancy, best, open source crypto you like.
    • by Anonymous Coward

      I didn't know that either. Good information! Yeah, I've noticed the same thing with PGP encryption. No one wants to pay much attention to it and few people will go through the small amount of effort to encrypt their emails. I think the issue is people think either 1) it seems suspicious or 2) they don't care if the government (who they think are the only entity who can spy on people) reads their emails.

      I think what should be emphasized is that anyone given a fair amount of technological sophistication can s

    • by mcelrath (8027)

      I've been using GPG for more than a decade, but in recent years I've stopped signing my messages because it often trips up poorly-configured spam filters. That, combined with the fact that you can't be certain that the recipient has received or read a message makes using GPG (and potentially losing your email) risky.

      While "read receipts" exist in many proprietary formats, we need it to be standardized and deployed globally. Hey, let's use our GPG keys to do it?

      • by mlts (1038732)

        I've used both PGP and GPG, but I have run into the spam filters. With S/MIME, I've run into people flipping out when they see the ribbon icon in a received E-mail on Outlook, to the point getting their company's legal department and a LEO involved because they thought a validated signature was malware.

        What I'd like to see is a signing system that piggybacks onto GPG, or perhaps S/MIME that would allow for read receipts (provided the receiver chose to allow it to be sent)... but maybe allow for mail to be

    • by McDutchie (151611)
      This argument hasn't changed in twenty years, in spite of massive improvements in ease of use. Apparently, it's impossible to make it "easy enough" for the average user. I think this means ease of use actually has very little to do with the problem. The problem is with the average user's priorities. People value convenience more highly than privacy, and as long as people don't change those values, encryption will never take on. Typically people will only change their priorities under threat of dire and imm
      • Apparently, it's impossible to make it "easy enough" for the average user.

        And yet, as I point out, Apple has done it with iMessage. A lot of sites encrypt their traffic with SSL.

        I think the real problem is one of standards. Email is from a time when everyone wanted open standards. Rather than improve and refine those standards, everyone is moving towards closed systems (Facebook/Apple Messengers, Google Hangouts, etc.). Nobody is even trying to improve email anymore.

        • A lot of sites encrypt their traffic with SSL.

          Yet, SSL handle only the encryption between a server, and the client application. (and can be made totally transparent to the user).
          Whereas the anti-surveillance discussed here are end-to-end (from one user to the other) and will always require some minimal end-user intervention (key handling, although the interaction can be minimized and user interface efforts can make the experient as easy as possible).

          (Facebook/Apple Messengers, Google Hangouts, etc.).

          Note that OTR (Off-the-Record) is standard, and is capable to be used above any of those, just like Open

          • Yet, SSL handle only the encryption between a server, and the client application.

            You can use the same encryption scheme for encrypting anything.

            ...will always require some minimal end-user intervention...

            Not necessarily. You just need to make key management easy. I know people are going to get angry every time I bring up Apple, but OSX can store certificates/keys in the keyring, which can then be backed up to iCloud. Don't trust Apple if you like, but my point is that it's not impossible to make the whole thing much more automatic, safe, and easy for normal users.

            • by TheCarp (96830)

              A guy I know was working on a solution to this a few years back, but it just kind of stagnated and died after the initial specifications. Called it the "Passive privacy system".

              Basically a PPS enabled emailer would transparently generate gpg keys on first use, with no password, and advertise them in headers. If you begin a conversation with someone else who supports it but whose key you don't have, then it uses a header based conversation to exchange keys and starts encrypting all messages within a couple o

              • by DrYak (748999)

                OTR basically works this way above any chat stream.

                It's made entirely transparent, user won't notice that encryption is happening (I mean, unless they log into GMail and notice that the GTalk/Hangout chat logs only contain encrypted garbage).

                The only required action from the user is running through a "socialist millionaire" identity confirmation.

            • Yet, SSL handle only the encryption between a server, and the client application.

              You can use the same encryption scheme for encrypting anything.

              TLS/SSL is not an encryption scheme. It's protocol which defines how a client application and a server negociate an encryption. You can't use it for mush else.

              AES is an encryption scheme, you could encrypt anything with it (an SSL connection, a ZRTP media transmission, password-protect an archive, encrypt a file with OpenPGP)

              of course libraries like openssl will implement both (because what purpose would be SSL without actually being able to encrypt ?!) and other functionnality (S/MIME, similar to openPGP i

              • TLS/SSL is not an encryption scheme.

                And yet you could use the same encryption standards and public key management to encrypt anything. You're just being pedantic. There's no point in arguing here about specific standards.

                I've never said it's impossible to make it better. But the user will always need some level of intervention (like at least caring that encryption happens, and checking that correct keys are used).

                It depends on what you mean by "some level of intervention". Lots of people go to their bank's website without knowing that encryption is happening or that they keys are correct. Their browsers check the keys for them, providing some level of security even if they're totally unaware. No doubt things are *more* secure if

        • by McDutchie (151611)

          And yet, as I point out, Apple has done it with iMessage. A lot of sites encrypt their traffic with SSL.

          Both of these are surely compromised by the NSA by now. Certainly SSL is.

          I think the real problem is one of standards.

          That is a really good point. The move to closed systems is a disease that is killing the internet.

      • Really? It's easy enough? Let's talk market share then. How many easy to use GPG FOSS plugins are there for Outlook 2013? 2010? How about the light email clients which comes with Windows 7 or 8? What about the Android basic email client? of the Android Gmail client? In the Windows environment all of the recent Outlook versions have hooks for plugins. There's even what's effectively an MS Office App store for addons. That sounds like a dead easy way for people to get a GPG plugin for the industry s
        • by MTobix (3684323)

          That sounds like a dead easy way for people to get a GPG plugin for the industry standard client... but where is it?

          Hi, I am the development lead of gpg4o - a GnuPG integration for Outlook
          I can tell you that there is no dead easy way for getting GnuPG into Outlook. You are facing three major problems
          - Outlook hooks are very tricky especially if your manipulating mails
          - There are many dialects of OpenPGP message formats
          - Hiding the complexity of GnuPG for the avarege end-user, so that a non-nerd can use it.


          We spend several man-years with research and development for polishing our product.

          These are the reasons th

          • Thanks for the update and comment Tobias. I'm sorry it's not as easy on the development side as I had been given to understand and I apologize for being wrong and spreading that misconception. I do still think that until encryption is adopted as an industry standard (which means Outlook) people won't be taking it home for personal mail (which means there will also need to be simple gmail/hotmail/etc... web plugins - those however seem at least slightly more accessible to the general public).

            It is also my

    • by bigpat (158134) on Thursday June 05, 2014 @02:10PM (#47173585)

      Encryption misses the point. Encryption isn't privacy. The major threat to privacy from the US government is not from the content of your communications being read without a warrant it is that your communications are going to be monitored without a warrant so they will be able to monitor all your associations, purchases, communications and movement and locations. Basically it is like having a tail on 24x7 with someone looking over your shoulder... they don't need to know what you are saying until they want to and if they want to then you are past the point where encryption will mean much since they can put a keylogger on your system or maybe even break your 256 bit encryption.

      The only protection from the surveillance state is either to eliminate communications technology altogether or to return to the rule of law.

      • I think you missed my point. I'm not saying there's no point in encrypting your email. I'm saying there's no point if the recipient doesn't have their own software and keys to decrypt the encrypted message.
        • by bigpat (158134)

          Sorry. I was hijacking your statement to make another. Of course you are correct that for encryption to be effective it has to be the default for everyone rather than some special thing only criminals, national security types and paranoid people use. Basically using encryption now is like raising a big red flag saying 'look at me look at me I am using encryption!!'

          But my point is that even with encryption it does not thwart 95% of the threat from unconstitutional government surveillance or criminal hacke

      • by DrYak (748999)

        Encryption isn't privacy.

        Encryption isn't everything and all privacy.
        But encryption is part of the solution, as much as Tor, etc.

        your communications are going to be monitored without a warrant so they will be able to monitor all your associations, purchases, communications and movement and locations. Basically it is like having a tail on 24x7 with someone looking over your shoulder...

        Perfect privacy will require several component. Encryption is one of the them. Connection obfuscation like Tor is another. Relying on pseudonymous identities (Do Not Track Me single-use email addresses, for example) is yet another.

        then you are past the point where encryption will mean much since they can put a keylogger on your system or maybe even break your 256 bit encryption.

        the 256 bits encryption is safe. the actual maths behind it have been repeatedly proven to be sound and secure.
        getting the password stolen (keylogger, side channel, implementati

        • by bigpat (158134)
          I don't disagree with the idea that some of these things might be worth doing, especially if you have intellectual property or activities that are worth protecting. Just disagree with the notion that it would be easier to get a few billion people talking with encryption than it would be to just get some politicians elected who might actually put some constitutional restraints back on the NSA and other US government agencies. Encryption is better than not having encryption, but relying on encryption when y
          • It boils down to different trust models.

            Trusting every involved government to stop indiscriminately spying on all its citizens require quite a leap of faith.
            Encrypting between your correspondent and you doesn't require trust in 3rd parties like government or secret agencies.

            Under this situation, having encryption anyway is always good in case that the gov decides to deceive you.

            But yeah, I agree with you that achieving *proper* encryption isn't easy.

            Now there's another effect: increasing usage of encryption

      • That is exactly right. The push to encourage encryption does not solve the issue. De-funding and dismantling the NSA and taking back our freedoms through clear legislation is the only way to get what we deserve as a nation. Encrypting ordinary communication beyond simply using SSL/TLS is like bowing down and saying you don't expect the first amendment to protect you. When the teeth are gone from the fourth amendment the first amendment losses it strength as well. The moment we start editing our communicatio
    • People in the United States may find this useless, but in countries whose economies and government are easily manipulated by outside interests, this would be more popular, I think.
    • by Capslock118 (936446) on Thursday June 05, 2014 @02:19PM (#47173653)
      I agree 100%. I'd say 50% of my communication is with my family, and there is not a single person in that group that would be able to handle GPG. And anyway, we are at the point of "every message on every device", and again most of my family communicates on their smartphones, not on a desktop or laptop. Even if they did use a desktop/laptop the message would still have to be easily read on all of their devices (including default apps). There is just no point in wasting my time with email encryption since I am not any kind of political advocate and no one I communicate with would be able to use encryption. Heck, I have S/MIME on all of my devices for email and that works great and it's automatic......but I am the only person in my circle who uses that even though it's arguable easier to use than GPG (because it's supported by most of the default email applications out there). Why even bother with trying to ram encryption into email when there are other secure communication protocols out there?
    • Agreed (Score:2, Insightful)

      by Anonymous Coward

      The essence of this demand is "You have a responsibility to smarten-up."

      That has never, and will never, work. Humans simply do not work that way.

      My optimistic side says the major players will make it easy, like your example from Apple, and then all will be good.

      My cynical side says the government will simply slap some gag orders on the industry players, and impose backdoors, and roll merrily along with the surveillance.

      The *only* people who can be protected from this are those smart enough, and motivated e

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Do people using it know that their messages are encrypted? Probably not.

      Are their messages encrypted? Probably not. [cnet.com]

      Easy enough your grandma can't do it.

      • by anethema (99553)

        Pretty much no one expects email attachments to be encrypted.

        iMessage was the example and they are certainly encrypted.

        Now whether the NSA can't just backdoor in who knows, but on the face of it, they are.

    • The problem with imessage is there is no way to VERIFY its actually encrypted. There is no EASY encryption, all of it requires diligence.
    • by Bob9113 (14996)

      Just download this software, install it, and it'll work for your email client assume you're still using an email client and there's a plugin available for it, which there might not be. Otherwise you need to copy and paste and stuff, and... oh right, then there's also the whole issue of managing keys and keeping a backup copy safe. Most people don't back anything up.

      The first automobiles didn't have keys, but people have learned to use and manage them. And for those keys you can't even download the managem

      • The first automobiles didn't have keys, but people have learned to use and manage them. And for those keys you can't even download the management equipment, you have to go to a hardware store to get copies.

        People understand what cars do better than they understand computers, and when you lose your car keys, you don't lose the whole car.

        Is iMessage secure? No.

        Explanation needed.

    • by vux984 (928602)

      Someone will get angry because I appear to be praising Apple, but take iMessage's encryption for example. Do people using it know that their messages are encrypted? Probably not. Are they given a choice? No. Do they know that they're generating encryption keys? Probably not. Are they asked to manage their own encryption keys? No.

      Does trusting Apple to write your encryption software, manage your encryption keys for you, and handle your actual communications make any sense in the least?

      I mean, yes, sure if

      • by mlts (1038732)

        Sometimes, I wonder about an encryption protocol implementation like iMessage being broken up into multiple companies, all separate, perhaps in different countries:

        1: The company that codes the client.
        2: The company with the servers where messages reside.
        3: The company that writes the protocol.
        4: The company that officially signs the executables to be distributed, but vets the code base for unauthorized changes before doing so.

        By splitting this up, it would take compromise of at least two of the above,

      • Does trusting Apple to write your encryption software, manage your encryption keys for you, and handle your actual communications make any sense in the least?

        It makes more sense than not encrypting your messages at all. Actually it's dramatically changing the sort of problem that you're dealing with. If you really just don't trust Apple at all, then I get it. Don't use their products at all, because they could have put in NSA backdoors to everything, so use FOSS.

        But my point wasn't that we should trust Apple. My point was that Apple managed to create an encryption scheme for messaging that results in every message being encrypted, without the user being exp

        • by vux984 (928602)

          But my point wasn't that we should trust Apple.

          Except that's exactly what it is.

          My point was that Apple managed to create an encryption scheme for messaging that results in every message being encrypted, without the user being expected to do special configuration and key management, and it's baked into their software by default. If Apple can do it, why can't someone else?

          What is the value of every message being encrypted if Apple can decrypt them at will? That's like locking your car door to keep the valet

          • by Anguirel (58085)

            If you DO trust the endpoints, and they are the same entity as the intermediary then...

            But Apple isn't the same entity as the intermediary. Apple is involved with both endpoints by providing the hardware and software, but there's a cell tower, whatever service provider you have, whatever network connections are in between, whatever storage exists to ensure delivery even if the end point isn't currently available, whatever service provider the other person has, and another cell tower on the other end. Assume I trust Apple. I still don't trust all that stuff in the middle, particularly the c

            • by vux984 (928602)

              But Apple isn't the same entity as the intermediary. Apple is involved with both endpoints by providing the hardware and software, but there's a cell tower, whatever service provider you have, whatever network connections are in between, whatever storage exists to ensure delivery even if the end point isn't currently available, whatever service provider the other person has, and another cell tower on the other end. Assume I trust Apple. I still don't trust all that stuff in the middle, particularly the cell

          • What is the value of every message being encrypted if Apple can decrypt them at will?

            IIRC Apple doesn't get your encryption keys in their system. I don't remember exactly how it works, but I remember reading that the encryption is from one endpoint to the other, and Apple doesn't actually have the ability to decrypt the message in transit. Now you could complain that they might have put in a back door. Well sure. That's possible with any closed source software-- and really even with FOSS software that hasn't been audited by someone you trust.

            Of course its easy. But its also completely POINTLESS.

            Well it really really depends. If you think

    • The guide breaks it down into 6 simple steps, which each have several sub steps, which each have several actual things you need to do. All presuming you're running Thunderbird in Linux and that people you email will put up with the bullshit.

      I particularly like the step that tells you to blindly sign Adele's key. It's right before the step that tells you to never sign keys you didn't actually verify.

    • by muridae (966931)

      Did you read their instructions? My parents use Thunderbird for email, because it's what I recommended for them. I decided to test on my clean box (browser only for the most part) and see how fast I could get my email, encrypt it with Enigmail and GPG, generate and upload a 4k key, and send out a signed email. Less than 10 minutes, most of that was waiting for the download because I've got torrents running elsewhere. With TBird installed, it was a few seconds to install GnuPG, a second for Enigmail, and les

      • Did you read their instructions?

        Yes. And I'm an IT guy, and I'll tell you that an awful lot of people would have trouble with those directions even if they wanted to follow them. For your average person, they'd have to install Thunderbird, GPG, and Enigmail-- and with that, you've already lost 90% of users. You haven't even gotten to dealing with the encryption keys, but give those instructions to most people and they'll say, "But can't I just use the Internet?" by which they mean, they would rather use webmail than install 3 applicati

    • But do you trust Apple enough to believe they haven't installed any backdoors in their closed-source software?
      • Whether you do or not isn't really my point. I was just using it as an example. They made it easy, and if you want people to encrypt their email, it needs to be equally easy.
  • > the seemingly obvious truth that undue
    > government surveillance, besides being
    > an affront in itself, chills free speech.

    When I first read this, I was completely shocked that, because the NSA monitors this, anyone would ever think they are anything but a bunch of swell guys.

  • by cpghost (719344) on Thursday June 05, 2014 @02:08PM (#47173579) Homepage
    Basically, we're making it WAY too easy for the NSA to spy on us. But, even if we all switched to encrypted mail, that's not enough: with their metadata collection, they can still infer a lot of things from our communications patterns. So technically, we need I2P, Freenet or similar anonymizing technology to hide in the crowd. However, to REALLY fix the problem once and for all, we need to take it to the political arena, and fight for majorities to get Congress to reign in NSA in earnest, no matter what "Yes We Scan" Obama wants. If we don't, Orwell's 1984 will remain in effect, no matter how much we use OSS, encryption and so on.
    • by Anonymous Coward

      It has to be a two-pronged approach. The political side is a very necessary piece, but if it is the sole approach then there will still be an immense temptation to spy on the public still because the public's information is ripe for the picking and hey, nobody is watching.... If the technological piece is the sole approach, you can expect the gov't to use its muscle to subvert the technology or outright ban it. The two approaches must work in concert: Slap the gov't on the nose and stop them from taking

      • by mlts (1038732)

        Another issue is that some protocols are viewed negatively. Tor comes to mind, because it is anonymous and works well... but it becomes a source of abuse, and it is also associated with the Four Horsemen of the Infocalypse. If one could get mainstream users not just using Tor, but setting up usable exit nodes, it might change the perception.

    • by Shatrat (855151)

      Historically, technical means are a valid way to help fix social problems. Would we have ended slavery as quickly without the cotton gin?

      • by mooingyak (720677)

        Historically, technical means are a valid way to help fix social problems. Would we have ended slavery as quickly without the cotton gin?

        Isn't that backwards?

        quoting from first link from "cotton gin effect on slavery" [teachinghistory.org]

        The cotton gin freed slaves from the arthritic labor of separating seeds from the lint by hand. At the same time, the dramatically lowered cost of producing cotton fiber, the corresponding increase in the amount of cotton fabric demanded by textile mills, and the increasing prevalence of large-scale plantation agriculture resulted in a dramatic increase in the demand for more slaves to work those plantations. Overall, the slave population in the South grew from 700,000 before Whitney’s patent to more than three million in 1850—striking evidence of the changing Southern economy and its growing dependence on the slave system to keep the economy running.

    • by jbn-o (555068)

      It's not enough, true, but we need to get Americans trained in the practice of being more politically active and to seriously consider the consequences of their consumerism. Today, encouraging people to think of encryption as required for increased secure communications is good. We can't fix anything "once and for all" because any change to anything can be reverted (hence Andrew Jackson's warning "...eternal vigilance by the people is the price of liberty, and that you must pay the price if you wish to secu

  • pointless (Score:5, Insightful)

    by Charliemopps (1157495) on Thursday June 05, 2014 @02:12PM (#47173599)

    This is pointless. The 5 people that do this will be protected when they communicate with one another. That's it.

    Lets be clear. I don't care if Google or Facebook are spying on me (well, I do, but that's an entirely different topic.) The NSA is definitely the "worst" despite what this says. I'm even less concerned about foreign governments or criminals spying on me. The real danger is to our entire way of life. What the NSA is doing could be used to turn us into a true totalitarian state... very easily. What China, or some script kiddy, or even what Google can do with this information pales in comparison to the atrocities the federal government could commit with this power. The only thing restraining them at this time is their own will not to do so. That is NOT acceptable in my opinion. How long before we elect the next Nixon? or Stalin? It will happen, it always does. What will they do with this power?

    • It's also pointless because the NSA doesn't care about reading emails - they have no need to. Even with encryption, they can read the headers on the email and the sender/receiver email addresses and link those with real people. They can see who you're communicating with and how often you do so. If they really want to know what you're saying, they have a myriad of options at their disposal:

      - Call the FBI (or other nationwide law enforcement agency for those not in the US) and have them raid you and everyone

  • The problem with public key encrypted email is that your keys only work for encrypting email you receive, not the email you send. In order for an email to be private, the receiver has to set up encryption.

    While I'm sure I could set up encryption for my email quite easily, I can assure you most of my friends and family have no interest in going to the effort.

    In addition to that, encryption only encrypts the body of the message. The to/from addresses, header line, and other tags are sent in plain text,

    • by AHuxley (892839)
      Depends on what you feel like doing. Encryption can be fun just to add to the huge mix of everything the gov is keeping and knowing your repeated use of encryption will be noted.
      You could contact the media about past political stories in your state and retype the names, court events, keywords and offer the press support, scans of related paper or not digital work from the past.
      Take up photography.
      Always have a fully charged video camera (none of that 10/20 min limit hardware) at hand for the expected 'c
  • by sasparillascott (1267058) on Thursday June 05, 2014 @03:06PM (#47174033)
    Great article but this part isn't correct:

    "Nowadays, that means nearly everything besides face-to-face communication, or paper shipped through the world's postal systems."

    As shown here - every single piece of 1st class mail in the U.S. is photographed (and probably handed over to the FBI or NSA or whomever started this stupid program up in the first place to get the Post Office to do that):

    http://www.nytimes.com/2013/07... [nytimes.com]

    Short of radical political reform, which seems a long shot in the U.S. in the near term - technical solutions coming from open software will be the few ways we can restore some privacy to communications.
  • the NSA is certainly not the first, and arguably far from the worst

    What's this argument? First of all, prove that you're not from the NSA.

  • What other country is ACTUALLY KILLING THOUSANDS OF FOREIGN PEOPLE based on oil interests and using it's spying network to determine the targets???? What other country is fighting against democracy in Latin America and Europe (by making coups like the recent one in Paraguay and subverting justice like in Sweden)? What evil could Chinese spying do to an American citizen? I'm not talking about stealing trade secrets, I'm talking about real harm. Will an American be detained indefinitely without accusation due

10 to the 12th power microphones = 1 Megaphone

Working...