Jump to content

If you STILL believe personal emails are private...


zeitgeist57

Recommended Posts

Talk to Gov. Mark Sanford (R-SC)...

http://news.yahoo.com/s/ap/20090625/ap_on_re_us/us_sc_governor_e_mails_1

 

Scroll down for email exchanges, and no fapping whilst reading this, please.

 

Interesting. I wonder if these were sent from his personal email account or from a state owned/work email address.

Link to comment
Share on other sites

Most likely the state owned account.

 

If you want juicy you should read the former mayor of Detroit's text messages. They were allowed to be released because they were sent between phones that were paid for by the city. Don't conduct personal 'business' on government property if you want to keep it private. :)

Link to comment
Share on other sites

Most likely the state owned account.

 

If you want juicy you should read the former mayor of Detroit's text messages. They were allowed to be released because they were sent between phones that were paid for by the city. Don't conduct personal 'business' on government property if you want to keep it private. :)

I read some of the detroit mayor text exchanges. :eek:

Link to comment
Share on other sites

I firmly believe that nothing we type on a computer is private anymore.

 

It's not.

 

Anything we do on a computer can be private. Just don't connect it to teh interwebz.

 

False. Extraordinarily false, actually.

Link to comment
Share on other sites

Anything we do on a computer can be private. Just don't connect it to teh interwebz.

 

I can't begin to tell you how much information I've retrieved off old PC's that have come into my possession. I bought an old Apple Power PC circa 1994 at a garage sale last year and retrieved all kinds of personal data. The owner has now idea what he and his family left on there.

 

Same with the two used notebooks I bought recently. I was told they were wiped too :rolleyes:

 

EDIT: Chris beat me to it :)

Link to comment
Share on other sites

Advanced blowfish for the win... or any other encryption program really. I have a plugin for blowfish on irc. Connect to irc with a BNC (connect to irc through another computer) then private message someone using the plugin = encrypted text.

 

The plain text sent over the internet is nothing but random characters and letters.

Link to comment
Share on other sites

Advanced blowfish for the win... or any other encryption program really. I have a plugin for blowfish on irc. Connect to irc with a BNC (connect to irc through another computer) then private message someone using the plugin = encrypted text.

 

The plain text sent over the internet is nothing but random characters and letters.

 

Encryption isn't the savior of privacy. Don't forget, it has to be decrypted at some point on both sides to be usable. At either point there are myriad ways it can be intercepted, exploited, and manipulated. When you send your encrypted data to the other party, can you guarantee that it's really the other party and a not an impostor? Can you also guarantee that the other party hasn't been compromised, or that they're not going to use your data for whatever means they see fit without your knowledge or consent? Of course you can't.

 

There is no way to guarantee your privacy on a computer. Period.

Link to comment
Share on other sites

Encryption isn't the savior of privacy. Don't forget, it has to be decrypted at some point on both sides to be usable. At either point there are myriad ways it can be intercepted, exploited, and manipulated. When you send your encrypted data to the other party, can you guarantee that it's really the other party and a not an impostor? Can you also guarantee that the other party hasn't been compromised, or that they're not going to use your data for whatever means they see fit without your knowledge or consent? Of course you can't.

 

There is no way to guarantee your privacy on a computer. Period.

 

 

If I call the sender over the phone and tell him to login to irc I can guarantee he is receiving my message. This is planned out before hand. I don't send encrypted messages to just anyone. So yes I can know before hand the data will be safe with them.

Link to comment
Share on other sites

Lastly I also suspect I feel a little vulnerable because this is ground I have never certainly never covered before - so if you have pearls of wisdom on how we figure all this out please let me know... In the meantime please sleep soundly knowing that despite the best efforts of my head my heart cries out for you, your voice, your body, the touch of your lips, the touch of your finger tips and an even deeper connection to your soul."

 

 

:wtf: Ummm is it really that hard. Either you're going to sneek around on your wife and family or you're going to break it off then hook up with your new woman...

Link to comment
Share on other sites

If I call the sender over the phone and tell him to login to irc I can guarantee he is receiving my message. This is planned out before hand. I don't send encrypted messages to just anyone. So yes I can know before hand the data will be safe with them.

 

Sure, but can you guarantee the recipient computer/network/etc. isn't and will never be compromised? And again, can you guarantee the recipient intentions? What is the individual going to do with your data after they're done with it, can you guarantee data-at-rest protection? What about five years from now? Now think beyond just your recipient - who else might have access to the hardware?

 

It's impossible to guarantee information security 100%. Impossible. I haven't even touched on sophisticated man-in-the-middle vectors. This is the problem with staking faith in encryption, it leads to a false sense of security. Once the data is out of your hands you really, truly have no idea. You can have faith and trust, but all faith and trust do is help you sleep at night until whatever it is you're trying to protect is compromised.

 

Information security practitioners wear a lot of tinfoil, but for good reason.

Link to comment
Share on other sites

 

 

 

False. Extraordinarily false, actually.

 

 

I'm not talking about someone coming into possession of one of your hard drives.

 

 

I can't begin to tell you how much information I've retrieved off old PC's that have come into my possession. I bought an old Apple Power PC circa 1994 at a garage sale last year and retrieved all kinds of personal data. The owner has now idea what he and his family left on there.

 

Same with the two used notebooks I bought recently. I was told they were wiped too :rolleyes:

 

 

I'm not talking about someone coming into possession of one of your hard drives.

Link to comment
Share on other sites

Sure, but can you guarantee the recipient computer/network/etc. isn't and will never be compromised? And again, can you guarantee the recipient intentions? What is the individual going to do with your data after they're done with it, can you guarantee data-at-rest protection? What about five years from now? Now think beyond just your recipient - who else might have access to the hardware?

 

It's impossible to guarantee information security 100%. Impossible. I haven't even touched on sophisticated man-in-the-middle vectors. This is the problem with staking faith in encryption, it leads to a false sense of security. Once the data is out of your hands you really, truly have no idea. You can have faith and trust, but all faith and trust do is help you sleep at night until whatever it is you're trying to protect is compromised.

 

Information security practitioners wear a lot of tinfoil, but for good reason.

 

With 256bit encryption it would be difficult to decode without my key. It isn't impossible but it would take time. Even so the things I send encrypted over IRC are still not something that is crazy data sensitive. I am not that stupid. If it is something crazy important I will tell the person face to face and that would be the end of it.

 

For what I use it for I don't really care if someone decodes it. It just makes it look like I am typing jibberish to anyone that happens to be packet sniffing either my network or the one my shell account is on (highly doubtful).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...