![]() ![]() If your grandmother sends a message to your aunt, it ought to be private. Our communications systems ought to be resistant to inexpensive automated large scale mass surveillance. First, we want ordinary people who are going about their business without focusing too much on security to be reasonably safe. I think we want to try to achieve two separate things. No, the concept of TOR is based on providing US (and Israeli, I guess) spooks with a secure network by inviting as many irrelevants as possible, making data correlation hard.Īfter all, a network made for and used by spies would be a pretty bad network if only spies used it. The entire concept of TOR is based on trust. This misleading promotional campaign is causing regular users to put themselves at risk by assuming that TOR is safe. The second problem is that the TOR Project has been repeatedly promoting their service as a secure solution.īut TOR is only one small part of a secure solution. ![]() First, they make no effort to curb illegal activities.Īn unmoderated environment attracts criminals who attract law enforcement and governments.Īnd it has worked perfectly in making people think that TOR is secure.įor “people”, substitute “child pornography consumers” etc. In my opinion, TOR really has only two big problems. TOR does a good job anonymizing the network route. it may need to be a dedicated device - like a KEK perhaps. What we have not addressed is, that for PGP/GPG to work as intended - we need to establish proper 3d party introducers - “for the masses” - everybody.Ĭredit unions, DMV, County Records, - Notary Publics - we already have facilities for authenticating identifications. How do you authenticate your Forms 1040 when you submit to the IRS ? What now in the digital/commercial network? We used to rely on the old ball point pen and handwriting experts for this Remember Whitfield Diffie’s notes in the NewEgg case: when the lawyer takes the document into court the judge can recognize the signature although no one other than the signer could have created it It is certainly well to note the difficulty related to proper use of PGPīut this difficulty is inherent to the commercial/digital network: how ought one establish authenticity ? Well I wish the purists good luck trying to ditch email and even bigger luck required for finding other people who will ditch email. More usable PGP bases solutions are needed. Because of this, Signal will remain a small niche, even if IM were interchangeable with email which it is not.Įmail is and will likely remain in the observable future the only robustly and globally federated messaging system using which people can still control their privacy – using open source PGP. It’s like bad doctors who want to kill the patient to get rid of him.Īs to Signal, Moxie Marlinspike refuses to federate (and made sure LibreSignal die because of this). The disastrously and irreparably UX-oblivious security techies totally failed in this task (except maybe Protonmail, but they are full of other flaws like being a walled garden and not supporting IMAP) and from time time they wake up and say – let’s ditch email altogether. What is needed are solutions that make using PGP easier and less error-prone. ![]() Their usage is totally different and they are not intergchangeable. ![]() The idea of using Signal instead of PGP does not hold water. It’s funny how security puritans periodically pop up to attack PGP. Such practices actually encourage expanding the attack surface by making backups of the key.īoth he and I favor encrypted messaging, either Signal or OTR.ĮDITED TO ADD (1/13): More PGP criticism. Worse, long-term key patterns, like collecting signatures and printing fingerprints on business cards, discourage practices that would otherwise be obvious hygiene: rotating keys often, having different keys for different devices, compartmentalization. USB devices would get plugged in.Ī long-term key is as secure as the minimum common denominator of your security practices over its lifetime. Offline keys would sit in a far away drawer or safe. Yubikeys would get exposed to hotel rooms. The more time passed, the more I would feel uneasy about any specific key. I never felt confident in the security of my long-term keys. Valsorda has a different complaint, that its long-term secrets are an unnecessary source of risk:īut the real issues, I realized, are more subtle. More generally, e-mail is inherently difficult to secure because of all the different things we ask of it and use it for. It’s hard to use correctly, and easy to get wrong. I have long believed PGP to be more trouble than it is worth. Filippo Valsorda wrote an excellent essay on why he’s giving up on PGP. ![]()
0 Comments
Leave a Reply. |