Silent Circle Follows Lavabit By Closing Encrypted E-mail Service 470
Okian Warrior writes "Silent Circle shuttered its encrypted e-mail service on Thursday, in an apparent attempt to avoid government scrutiny that may threaten its customers' privacy. The company announced that it could 'see the writing on the wall' and decided it would be best to shut down its Silent Mail feature. 'We’ve been debating this for weeks, and had changes planned starting next Monday. We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision.' The company said it was inspired by the closure earlier Thursday of Lavabit, another encrypted e-mail service provider that alluded to a possible national security investigation."
Does anyone have replacement recommendations for people who used these services?
Nicely done (Score:5, Insightful)
Re:Nicely done (Score:5, Insightful)
2. Suddenly, all commucation is "foreign".
3. All communications are now collectible without any oversight.
Re:Nicely done (Score:4)
Re:Nicely done (Score:4, Interesting)
Brilliant!
I think the idea in this case was that lavabit and silent circle didn't have any way to decrypt your email. If this was true, then it wouldn't matter where it was as long as that remained true and email was between two users of the service ( obviously the NSA could read your sent and received email by just hacking the recipient/ sender of each email) .
Re:Nicely done (Score:5, Interesting)
No I think the way lavabit stored the keys was faulty. They were stored on their own servers and unlocked by the users password when they logged in. So the NSA couldn't crack your email unless they watched you log in, then they would have your password. I suspect the NSA ordered them to allow the NSA to do this very thing and the owners realized that the only way to prevent them from gaining access was to shut down the service so no-one could log-in and give the NSA access to their accounts. Someone in the Lavabit thread suggested that they should have had a client side app that generated keys for you, then there would have been no-way for anyone to crack it unless your local machine was key-logged.
Re:Nicely done (Score:4, Insightful)
You think if Obama lost and Romney won there'd be any difference except for figurehead with false polite smile instead of one playing down to earth guy? How cute.
PS: Not an American, just find it silly how y'all go about this as if it was partisan issue and difference between R and D wasn't only what kind of lube they'll use when fucking you in the ass.
Re:Nicely done (Score:4, Insightful)
Real Americans aren't paying attention to R vs. D since many years ago. If you believe the consciousness of the majority of the American people align with what you see on your television from the U.S., you're just as ignorant.
Re: (Score:3)
When did they start using lube?
Re:Nicely done (Score:5, Funny)
He hasn't been worse.
"If I have appeared worse than prior presidents, it is because I have stood on the shoulders of giants."
Re:Nicely done (Score:5, Insightful)
The sad thing is that I now remember fondly when Obama was compared to Carter. Now it's more like he's channelling Nixon.
Re:Nicely done (Score:5, Interesting)
Re: (Score:3, Insightful)
As far as I know Nixon didn't personally spy on anyone and there is no evidence that Obama is personally spying on anyone either. It's the government (and party in at least Nixon's case) doing the spying and they have been doing it as long as it has been technically possible. Civil war they tapped telegraph lines, prohibition the Supreme Court ruled that tapping phones didn't violate the 4th amendment as long as they didn't break into anyones house to tap their phone http://en.wikipedia.org/wiki/Olmstead_v. [wikipedia.org]
Re:Nicely done (Score:5, Insightful)
Re:Nicely done (Score:5, Insightful)
I agree. For things to have gotten this bad, there's an awful lot of blame to go around. For example, the judicial branch isn't any better here either.
Re: (Score:3)
Re: (Score:3, Insightful)
... and gets a pass because he is a (D) and the press is (D) and not (R).
We have no fifth estate any longer. The MSM press is NOT an ally of the public interest. Not when they realized they could influence politics to their own benefit.
The real scandal in America is the Press. Obama is getting away with things the press would soundly criticize(rightly so) GWB on.
Re:Nicely done (Score:4, Interesting)
There is nothing more right wing than claiming the press favors democrats. There are two sets of press, those like MSNBC that favor the democrat view and those like Murdoch properties like Fox News that go out of their way to advocate the republican party line. In the middle are those companies like CNN that are after rating and don't give a damn about content, including whether it's even factual. These middle organizations generally have individual reporters with extreme bias, like Nancy Grace who advocates for government authority regardless if that authority benefits republican or democrats.
Frankly there are almost NO news organizations that care about presenting all the issues and trying to remove reporter bias. They don't exist because (stupid) people want their "news" (or entertainment as Fox calls it) biased to their political view point. There are a couple vary rare organizations that still strive for that, but they have terrible ratings.
If you want it you need two things first, people to actually demand unbiased coverage (the biggest requirement) and to monopolize the coverage, and that means breaking up the big networks. The more competition in coverage and the less central control by large egomaniacal CEO's with agendas and you will see less bias, but that would require reinstating the ownership rules that the republicans works so hard to waive so Murdoch could build his empire.
Re: (Score:3)
Serious question. How come NO Press person has hammered the "phoney scandals" line? I mean not one.
When you can answer that, without saying "they are phoney scandals" ... then we'll talk.
Re: (Score:3)
Godwin's Law is still Godwin's Law even when the obvious name isn't mentioned. Discussion over. ;-)
Solutions anyone?
Re:Nicely done (Score:5, Insightful)
Godwin's law is correctly invoked in a context where comparing a person/action/entity/whatever to Hitler or Nazis is hyperbolic -- it's sort of an insult to those millions who died in the holocaust when someone calls their boss a Hitler because they have to go into work early.
But, when the comparison starts to fit, Godwin's law doesn't apply, precisely because the comparison fits.
So for example, the Nazis focused on a religious/ethnic group and killed millions of them by factory methods.
Americans focus on a particular religious/ethnic group, and kill millions by war, drone strike, and the most devastating weapon of all, economic and trade sanctions.
So the question is, is the way the US is systematically destroying a racial/ethnic group different enough from that the Nazis used, such that Godwin's law may be validly invoked. If not, that's sort of "holy fuck" territory, a place that is very hard to go to intellectually -- so if your knee jerk reply is that Godwin's does apply you should examine that closely because it is really hard to tell yourself, that you're an evil cretin and so much easier to go with the kneejerk.
Re:Nicely done (Score:5, Funny)
. . . Says Europe, which practically jizzed all over themselves upon the election of Obama.
No, only the most blinded Americans buy the Obama bullshit, just like only the most blinded bought the Bush bullshit.
But don't worry, after more than two centuries and dozens of shitty presidents, we are totally going to get an integrity-filled savior in 2016 who will save us from everything and not backtrack on or betray everything he ever said. We've just been desperately waiting for all those brilliant teenagers to finally come of age by the next voting cycle and they will save the world with their naive, inexperienced, easily swayed voting. Everything's gonna change in 2016 you guys!
Re: (Score:3)
But the Republicans want to dismantle the separation between Church and State, specifically by banning gay marriage and related things (visitation rights to gays for their partners in hospital, extending job benefits to a gay partner, allowing gays to adopt children)
Re: (Score:3, Insightful)
Obamma is better than Bush:
no he's not
most of Obamma's policies have been well meaning
no they haven't
and he can give a speech without looking like a complete moron.
no...he can't
Re: (Score:3, Insightful)
Of course he's better than Bush. Failure to end all of Bush's policies doesn't make him worse, or even as bad, as Bush.
"Failure to end" is a euphemism if I ever saw one. To fail, you first need to try. It's more like "embrace and extend". Yes, Bush is responsible for starting a lot of the crap that was escalated out of control under Obama's supervision. And Obama's election promises were quite explicit about reining them in instead.
What did the NSA have on him in order to turn him? Or did they brainwash him? Or what else is in it for him?
Re:Nicely done (Score:5, Insightful)
You haven't been watching long. The Republicans enact the abusive legislation. The Democrats howl about it. Then, when the Democrats are in power, they start using the new powers abusively. (Sometimes the Republicans howl about this, but they're more likely to complain when the government does something that helps people who aren't wealthy.)
Crypto is the answer, jurisdiction-shopping isn't (Score:3)
What the government is doing is repugnant, but only because most people are stupid and take the wrong lessons from it. If people had their shit together, then it would actually cause a positive effect, and we'd be talking about how US government's thuggery inadvertently did everyone a favor.
I never even heard of these encrypted email services until yesterday (except for hushmail about a decade ago but that was an even dumber beast) and the more I look into them, the more apparent it is that they sell .. we
Re: (Score:3)
Probably the only real alternative is to find a country that is "aggressively neutral" towards your desired market. And don't take any customers that reside in that country. This will make you of minimal interest to that country.
Of course, you also need a good security model. No government can be trusted. Remember that governments are usually just gangsters that have been in power so long that people have forgotten about their origins. (Yes, there are exceptions. But damn few. And they don't keep the
NSA or Chinese great firewall (Score:3, Interesting)
Re:NSA or Chinese great firewall (Score:5, Informative)
It turned out that the visit from Homeland Security after the "pressure cooker" and "backpack" searches weren't a result of Google monitoring but of a report from the guy's employer after finding the search on his work computer.
Re:NSA or Chinese great firewall (Score:5, Insightful)
Re: (Score:3)
Well, why don't you test the official story? It's easy, go to your computer and google search "pressure cooker" and a few minutes later "back pack". Make sure to let us know if the MIB go visit you. Here on /., we like to know.
Re: (Score:3, Insightful)
Surely the Streisand effect would have already happened - some percentage of people (especially Slashdot readers) would have read that and immediately searched for "pressure cooker backpacks" - and we'd hear about hundreds/thousands of people suddenly gone missing or being detained for questioning.
I mean come on, there's legit concern, there's paranoia, and there's all out tin-foil-nutjob behavior with layered conspiracies hiding deeper multi-level conspiracies. The story about the employer reporting his em
Re: (Score:3)
Re: (Score:3, Insightful)
Re: (Score:3)
I don't think I'm stupid or naive - I wasn't surprised at all at any of Snowden's revelations. I was skeptical right away at the report of a Long Island couple getting a visit from the feds (or locals directed there by the feds) because of a Google search on two terms associated with a terror event months prior - not because I don't think Google is being watched, but because a policy with such a low threshold for a response would keep every law enforcement officer on 24/7 duty for...ever.
I googled about ri
Re: (Score:2)
First rule about Fight Club... (Score:5, Funny)
Does anyone have replacement recommendations for people who used these services?
The first rule of Fight Club is: You do not talk about Fight Club.
enigmail/pgp/gpg (Score:4, Insightful)
Encryption should be end-to-end. How can you trust someone else to do it for you?
Re:enigmail/pgp/gpg (Score:5, Interesting)
One advantage of these 3rd party email services is that you can't tell who is emailing who without getting access to their servers. It seems some of them are willing to go out of business to prevent that.
Re:enigmail/pgp/gpg (Score:5, Interesting)
Can't you do the same thing on a public forum? e.g. I generate a public key with no personally identifable information, and give it to you. To contact me, you encrypt your message with my public key, and post it to e.g. USENET. I then connect to USENET, download a bunch of posts, try to decrypt everything with my private key, and keep the ones that are successful.
Re: (Score:3)
I did that. I only get messages that say "Drink more ovaltine".
Re: (Score:3)
That's the problem right there. You can't encrypt a single message for multiple recipients without making a separate, encrypted copy for each recipient, unless every recipient has a copy of the same private key.
While that is true, most systems employ a mix of public- and private-key cryptography, if only because public-key crypto is comparatively slow and become more so for large plaintexts. The message itself is encrypted once with a single symmetric key, which is then encrypted separately for each recipient. There is thus no need to duplicate and distribute the entire message for each recipient, just the message-specific symmetric key.
There is a large amplification effect, so this is not a practical system for g
Re:enigmail/pgp/gpg (Score:4, Informative)
Encryption should be end-to-end. How can you trust someone else to do it for you?
I was thinking the same thing; Phil Zimmerman [wikipedia.org] had it figured out decades ago. As long as both ends keep the snoops out of their computers, with PGP or GnuPG, [wikipedia.org] all they can read is the envelope information between SMTP relays. As far as we know, anyway...
That method requires a little more technical skill than having some SaaS provider do it, but if you've got secrets to protect, that's a small price to pay. Use big keys and EC to help future-proof.
And for keeping even the envelope info private, just run a private email service of your own (with no external mail gateway), and keep the snoops off of it. Allow access only via VPN or SSH tunnels.
Simple option(s)... (Score:5, Interesting)
I would say "something hosted outside the US", but as the international banking community has shown, Uncle Sam's jack-booted foot extends well outside our own borders.
So that really leaves "GPG" as you sole realistic option. End to end encryption, with no one but you and the recipient knowing what you wrote. Of course, "they" can compromise either end, but it deprives them of the ability to funnel everything on the wire into their data centers for 4th-amendment violating goodness.
Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.
Re: (Score:2, Insightful)
There is one flaw...they may not know what the message says, but they can still tell WHO you are emailing
Re:Simple option(s)... (Score:5, Informative)
Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.
Well, except for that whole thing about USPS photographing and storing images of every envelope it processes. They've resorted to actually opening and reading them in the past; I don't think, given the current state of affairs, that they're beyond that now.
Re: (Score:3)
On the plus side - when I lost the most recent Bed, Bath, and Beyond coupon, the NSA helpfully provided another copy to me.
time to add a new definition to the term bed bugs
Re: (Score:3)
A kettle costs $10.
Re:Simple option(s)... (Score:5, Informative)
https://www.neomailbox.net/
Neomailbox is a good one. Hosted in Switzerland, also provides VPN services.
They have stronger privacy laws than we do, which helps on the non-technical end.
Re:Simple option(s)... (Score:5, Insightful)
Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.
The entire point of all these [not necessarily so recent] revelations is that legal protections are no protection.
Distributed Mail (Score:2)
Comcast and Mail Servers (Score:3)
Under "Technical Restrictions," they list
use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy services and servers
However, I don't think they go to the trouble of enforcing this very often.
Re: (Score:3)
Of course, Comcast could change the contract without me having any say in the matter.
Re: (Score:3)
Re: (Score:3, Insightful)
The issue that Silent Circle points out is that SMTP is inherently unable to provide security against traffic analysis. Even if the body of the email is encrypted, the headers cannot be.
So yes, you can run your own email server, and require that only gpg traffic pass through it. But that won't keep you secure against traffic analysis (aka "metadata collection") with collection performed at your ISP.
Re: (Score:3)
... SMTP is inherently unable to provide security against traffic analysis. Even if the body of the email is encrypted, the headers cannot be.
I2P-Bote is one alternative, an experimental distributed e-mail system which addresses the header issue. It's implemented as a distributed hash table with connectivity through I2P. The design allows senders and receivers to remain anonymous, in addition to encrypting the content of the messages.
Re: (Score:3)
Running a mail server from home is near impossible on most ISPs. The majority of ISPs block incoming traffic, and in some cases even outgoing traffic, on port 25 (SMTP). Even if you can get around this using alternate ports, chances are your ISPs IP range is blanket blacklisted by most anti-spam lists.
Your best bet for privacy and control of your e-mail would be to setup a collocated or rented server. You'll have to configure some sort of encryption for your e-mail messages in case the data center gets raid
Re:Distributed Mail (Score:4, Interesting)
Not only that, many _other_ ISPs won't send mail to mail servers located in comcast space or accept mail coming from comcast space. It's why I set up my own colocated server. The problem with that is all the difficulties dealing with such a system including spam and attackers.
The last time I checked I was getting a bit over a million ssh break in attempts each month. I eventually blocked all of Taiwan at my firewall due to the majority of attempts coming from their address space.
The other issue is with the colocated site address space. Since I have no control over the other addresses they host, DNS blacklist sites that blacklist IP ranges prevent mail from my mail server from being delivered. There are some sites that will let me communicate with their NOC and get put on a white list but there are others, like shaw.ca, that have no way to communicate with them to get off their list. They want me to contact the DNS blackhole sites they use but the DNS blackhole site has no way to get off their list (it's been a while, I remember shaw.ca).
And Microsoft sucks. They have my server blocked with no way to clear it however I can pay a fee to Microsoft to open up my server to Hotmail (for example) so I can send advertising. And on the funny side, Microsoft only blocks me about 50% of the time.
[John]
Encrypted (Score:5, Funny)
The company announced that it could 'see the writing on the wall'
They were however not able to read it.....
Penet.fi all over again... (Score:2)
Just this time it's not Scientology sect, but governments.
http://en.wikipedia.org/wiki/Penet_remailer [wikipedia.org]
The only lesson learned is that there is no such thing as fully anonymous email service, it's always just a certain degree, especially when it comes to USA power play.
Comment removed (Score:3)
NSL order to not reveal NSLs (Score:5, Insightful)
I don't think Silent Circle would commit an effective suicide just preventively. Lavabit, while technically not saying a word about NSLs, told us very clearly what the request was. If the government criminals are not idiots, they learned and worded the Silent Circle order in a way that prevented such disclosure.
Re: (Score:2, Informative)
PRZ already has been in the government sights (suspected ITAR violations of PGP). I can understand why he is leery.
Of course, there is Hushmail which is still around. It isn't perfect (they had to comply with an Interpol order and hand over stuff), but it is probably the best bet and is pretty sound.
Re: (Score:3)
Phil Zimmerman, one of the Silent Circle founders, has a history of fighting back publicly. See also https://en.wikipedia.org/wiki/Phil_Zimmermann [wikipedia.org] I therefor suspect he is telling the truth.
In addition, orders to not disclose the existence of orders have been found unenforcable in common-law jurisdictions.
--dave
What the heck is going on? (Score:2)
What the heck is going on over there?
Do you really have running governmant agents around closing shops at will?
That's not a good sign.
Re:What the heck is going on? (Score:5, Insightful)
Hype or Reallity? (Score:2, Insightful)
Okay, playing devil's advocate here.
LavaBit shuts down "citing" pressure they have received from gov't agencies. No evidence is provided to indicate that reason behind the shutdown...just they guy's word.
Given how everybody is rallying against the gov't at this time - could this actually just be an action of protest rather than a true, official, take-down? Everybody will just assume that the gov't forced the take down "just because". Who would be the wiser? Right? Makes their point, right?
Now, we have
Re: (Score:3)
The crazy times (Score:2)
Security investigations lead to closures of secure services.
Citizen... (Score:5, Funny)
Does anyone have replacement recommendations for people who used these services?
Citizen, we welcome you to use the new service at secure.nsamail.com. This will ensure that no terrorists, paedophiles, or drug dealiers co-opt your email account for their nefarious purposes.
Thank you for your cooperation.
Re: (Score:2)
Open WhisperSystems (Score:4, Informative)
Open WhisperSystems (https://whispersystems.org) doesn't have encrypted e-mail, however they do have Android-based encrypted phone (RedPhone) and text (TextSecure) capabilities. They are working on iPhone releases in the near future of their products. Btw, all of it is open source and they DO release the source code as well.
Remember when the press covered stuff like this? (Score:3)
Does anyone remember when the press covered stuff like this? Before 2009, the Lavabit shutdown would have been national news. Everyone would have known the name of Lavabit's owner.
His name is Ladar Levison.
Re: (Score:3)
Does anyone remember when the press covered stuff like this?
It was second from the top on http://www.bbc.co.uk/news/ [bbc.co.uk] this morning:
http://www.bbc.co.uk/news/world-us-canada-23627656 [bbc.co.uk]
Re: (Score:3)
Remember when the press in the USA covered stuff like this?
distributed encrypted p2p email system (Score:5, Interesting)
Although currently everyone can install an email server (e.g. there are several available in debian). It is not what would solve the problem. Not just because it requires technical expertise, but also because it requires too much dedication on your side to maintain your freshly installed server. Also to make sure it has outside access with SMTP port, and so on. Not mentioning that it needs about 100% uptime. Such solution is too much centralized.
I was thinking about p2p email more like this one [psu.edu] which I googled right after I had this initial idea. This is a proof of concept so it can work.
Key features would be:
1) uses p2p distributed encrypted file system, like tahoe [tahoe-lafs.org]
2) each p2p node can act as email receiver/sender
3) to send email to someone you use nick@1.2.3.4 where 1.2.3.4 is any IP that is running p2pemail. Simplest would be 127.0.0.1 if you just run a p2pemail node yourself.
4) everyone can have p2pemail account, just connect via https to nearest p2pemail node. It can be running on your computer or anywhere else. Doesn't matter. This just requires setting up an account name on your side, and a lenghty password, which is also used as a sha256 seed for private key for encryption of your emails and also as a PGP signature for you emails.
5) PGP signing emails would be so easy, that it would be a new standard.
6) all encryption and decryption is done locally on your computer either in javascript or in your email client. Just make sure that your browser and computer are not compromised.
7) if any of p2pemail nodes are running compromised code (eg. like compromised tor nodes) they still cannot read your email, because they have no acces to your private key. The only hope they can have is to monitor when you are accessing your data, but only if a request to the compromised node is made.
8) even if huge NSA datacenter decided to store all p2pemail data, they still cannot read it, and have nobody to file a warrant to.
If we combined that with bitcoins we would get additional (optional) features:
9) buy storage with bitcoins, while buying decide how many copies of your data you want to have (can change this anytime later). Offer any price you want, lower bids might not be taken.
10) provide encrypted storage space and get paid. If you store multiple copies of same data (might be possible before p2pemail gets popular) ensure that at least it is on different physical locations, otherwise you might be compromising security
11) create whitelists with people from whom you want to receive email, add mandatory bitcoin fees if anyone not on the whitelist wants to send you email.
12) You can create various stages if whitelisting, depending on domains you can define different prices to receive email. Or you can say that first email is free for everyone, and each next will be paid or not depending on if you received spam. Or configure spamassasin to decide for you.
PROBLEM: where do my friends send email to?
ANSWER: your_nick@p2pemail.org/net/com/info (we need to register many domains, and use many IPs to resolve those dns-es)
PROBLEM: Will my address still be the same after long time?
ANSWER: your nick in p2pemail will be the same, tell your friends that if they cant send email (eg. govt seized all p2pemail domain names), then they have to find some p2pemail node. Google it, or install one themselves. If they can't do that, you can solve this by installing a node yourself, and making sure it has the same domain name all the time. Services like dyndns can help you with that.
well maybe that's just a pipe dream. But the proof of concept implementation that I linked above gives some hope. What do you think?
Re:distributed encrypted p2p email system (Score:4, Interesting)
Check out Pond [imperialviolet.org], by Adam Langley. It's Tor based secure end to end mail with a variety of interesting tricks, done by a real cryptographer (one of the people who upgraded OpenSSL to support forward secrecy, and then upgraded Google to use it).
My Suggestion (Score:3)
what's happening (Score:4, Informative)
It appears that what is happening is that the government is applying pressure to anyone who enables communication in a way where the government cannot detect who is talking to whom. This is a logical extension of the methods that Snowden leaked. He showed that they already have full coverage of the metadata of phone calls, texts, emails, and webpage views routed through the US. The leaks have pressured the US to close the loops. This is a very dangerous threat to our Constitutional rights. Secrecy does not equal guilt, and our founders went to great lengths to enshrine that principle in our Bill of Rights.
A recommendation for those seeking privacy (Score:3)
> Does anyone have replacement recommendations for people who used these services?
For those from outside the US, your best bet is probably to use small, local players who might not yet have had pressure applied to them. For those inside the US, I have one recommendation: run for Congress.
If you have nothing to hide ... (Score:5, Insightful)
If you have nothing to hide, you have nothing to fear. Freedom is Slavery. The government is here to help.
It sounds like we're trending towards not being allowed to encrypt our own stuff because that automatically means we're doing something shady. There's all sorts of reasons I might want to encrypt information that have nothing at all to do with American national security.
Hopefully some non-American company will step up to the plate and give us this, and we can send a big "Fuck You" to the NSA that says we'll encrypt if we want to, and you can eat shit. My rights aren't defined by your security interests.
Sorry, but the rest of the world doesn't give a crap about what you want, and want to retain our privacy without having to cede it to the US government.
Thanks America, you've now essentially broken the internet, and are only going to make computing less secure for all of us. Welcome to the new world, where industry and government demands full control over technology in order to enforce their will on us.
do the smart thing (Score:3)
Schneirer had a great point today (Score:4, Insightful)
Last para:
"When the small companies can no longer operate, it's another step in the consolidation of the surveillance society."
Game. Set. Match.
Re:Weird! (Score:5, Insightful)
The same thing the Fourth Amendment is for. Keeping out people who have no business reading your mail.
Re:Weird! (Score:5, Informative)
This is how it works:
1) The government suspects you of a crime (rightly or wrongly)
2) The government looks up your email history to try to find something with which to convict or embarass you (do you honestly think that if you have years of email conversations that there's not SOMETHING in there that could do this?)
3) The government uses that as leverage against you
Remember, most people "don't have anything to hide", and therefore don't care that much about their privacy. The problem is that most Americans commit 3 felonies a day [amazon.com], and therefore, by definition do have something to hide, even IF they've done nothing wrong intentionally.
If you think it can't happen to you, think again [wikipedia.org]. They searched for years and eventually found something to prosecute him with.
Seriously, watch the first video. [youtube.com] 15 minutes now could very well save you from a life of jail, if the police come knocking.
Re: (Score:3, Informative)
Can happen, has happened.
I can't find any name now, but there was an incident many years ago when police in the US charged a man with possession of child pornography after an internet investigation lead to his IP address. It turned out to be a mistake on their part - when the family were eventually able to get an independent examination of their computer (Which itsself took months, as the prosecution considered it evidence and refused to permit access) it was found to be infected with a trojan that was resp
Re: (Score:3)
All the comments on that book about "3 felonies a day" say:
You can find more there, but in essence, there is no mention of what 3 felonies the "common man" is doing per day. Is
Re:Weird! (Score:5, Interesting)
The fourth/fith amendments exist to protect innocent citizens from otherwise accidentally incriminating themselves.
And even more specifically, the fourth and fifth amendment exist to protect innocent citizens from being forced into incriminating themselves by an overreaching government who is trying to silence dissidents.
People frequently overlook the historical context of the Bill of Rights. You have a bunch of people who had just fought a revolution against a government that they believed was oppressive, and they were trying to safeguard themselves against falling under another oppressive government. The Bill of Rights was created specifically for that reason. Essentially, you have a bunch of people who were recently rebels, who want to limit the government's ability to quash a rebellion, silence dissidents, or subvert a popular uprising.
To guide them, they look through their recent history for the tools employed by the power they had just thrown off. The British had limited speech, forbidden ownership of guns, stationed military personnel in people's homes, performed searches without cause, etc. In order to prevent a new oppressive government from using those tools, the authors of the Bill of Rights made them illegal.
So it's not really a defense to say, "This should be ok, because we're only trying to catch dissidents, terrorists, and enemies of the state!" The founding fathers were dissidents, terrorists, and enemies of the state. The Bill of Rights was written to protect exactly those kinds of people.
Re:Weird! (Score:5, Insightful)
Re:Weird! (Score:5, Insightful)
The customers of the company I work for do not like it when their blueprints are publicly available. Would you like to have your code and documentation searched by gmail to show ads? (What information do these ads leak to the company that pays for it?)
And any "alien" Amazon, Microsoft, Yahoo or Google cloud data is up for collection by the NSA. Sounds like a good reason to encrypt at least some of your mail.
Re:Weird! (Score:4, Informative)
The customers of the company I work for do not like it when their blueprints are publicly available. Would you like to have your code and documentation searched by gmail to show ads? (What information do these ads leak to the company that pays for it?)
And any "alien" Amazon, Microsoft, Yahoo or Google cloud data is up for collection by the NSA. Sounds like a good reason to encrypt at least some of your mail.
Using SMTP to transmit that kind of info in the clear is a bad idea, even if the endpoints are credible. Interception is your biggest risk if you are two known parties trading in proprietary information, and probably doing so to/from fixed geographic locations as well. Why not encrypt the payload to guard against this?
What an encrypted email service does is different, they offer a quasi-anonymous way for people to send/receive email so that they can accept messages from unknown parties and trust that the contents will be a secret (if they arrived without being snooped). A person in Snowden's position is attracted to this because he can trade emails with otherwise uninvolved persons (who wouldn't necessarily be subject to scrutiny by the feds or "evil corp X") and the only real "link" between any of those parties is heavily encrypted on the server (and the provider doesnt even hold the keys) unless a snooper gets really lucky and intercepts enough of them to put the pieces together.
Re:Weird! (Score:5, Interesting)
Re:Weird! (Score:5, Insightful)
So i guess, you didn't use envelopes for your mail before email?
Why use clothes even? What do you have to hide?
Why whisper?
That's right... it's called privacy.
Re: (Score:3, Insightful)
So what'd be "encrypted email" for?
It's like the envelope in snail mail. You put your mail in an envelope to protect it until it arrives at its destination, don't you? Encryption accomplishes the same thing for e-mail.
Re: (Score:2)
With that in mind, why do we put mail in lined envelopes? People do not seem to remember that email is sent plain text. Can be read by anyone. If you do not care who reads it, then why just have one recipient? CC everyone? CC the NSA and CIA? The conversation I share with people is not sensitive, not dangerous, does not contain anything that would cost a person their life. That conversation though, is between the person and myself. I feel uneasy using email due to this reason.
Re: (Score:3)
TLS and encrypted IMAP protect the path, not the content. Only if you deliver directly to and receive directly from the other endpoint is there known protection. Any relay in the system might not store the message encrypted on disk and might not relay on with TLS.
Encryption of the body itself is the only real way to protect the message completely. And that shouldn't need a third party like Lavabit or Silent Circle to do as it is a mail client function.
Re:Weird! (Score:5, Insightful)
Who gives a damn?
I see no reason to defend the situations in which I could choose to encrypt something. I am not going to open my stuff up to you so that I can prove I'm not a terrorist unless you have something to suggest that I am. That's not how it works in a free society.
This "we'll assume everyone is guilty and ignore the ones we don't care about" mentality is crap, and in complete opposition to privacy, freedom, and everything else the US claims to hold so dear.
It doesn't matter if I'm discussing something I'd like to patent, my financial statements, my medical condition, having an affair, or planning to BASE jump off a building -- it's none of the governments business, and without evidence to suggest I'm doing something they need to be concerned about, they can fuck off.
This is just an undue control over your citizens, and sadly, everyone else on the planet since these guys are tapping pretty much everything.
That more an more people might choose to encrypt on general principles is something the NSA is just going to have to learn to deal with -- because I see no point in helping them any more than I can avoid.
America is rapidly becoming some of the same things they used to criticize the Soviets for. And that is sad.
Re:Were they contacted? (Score:5, Insightful)
Their statement about closing the service specifically said they hadn't been contacted so if they have been contacted then they didn't just make an ommission it would have been an outright lie.
Because Lavabit has been officially contacted they can't destroy any data, they can shutup shop to prevent anyone else falling into the net which is what they have done but for anyone who have already used the service and have any data already on the Lavabit servers, it's just a matter of time before their data is decrypted one way or another..
I suspect that Silent Circle are shutting up shop before any warrents arrives, that means that it's completely legal for them to destroy any and all data they have. I wouldn't be surprised if the data is already wiped at a software level and the hardware destruction is either in progress or getting planned.
Re: (Score:3)
Re: (Score:3)
The likelihood is about 100%.
As seen on Slashdot [slashdot.org]. And if they're helping a much less powerful and reaching government than the U.S., what do you think the odds are of them helping the U.S. too?