[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] PGP fiddly-diddly - action required

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] PGP fiddly-diddly - action required
From: Lara <lara.tor@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 16 May 2018 08:34:17 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 16 May 2018 04:34:32 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=veryspeedy.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=0MIQIAEM+iiYPWBvfT3IMxvBSfmN2 NfJW0+905YgDDI=; b=va7WETQOTNFqq/+wQ2fScXIhMzR03pNt0aUmt08J43gXB 12DZ4r8FZmhMi6g4MXkAjXUha/DXuEbMU/Lq4XSEP0267iCT+7bWBmlLWkJqr/zY b9bFw4/4AT+dqz/0w2mCEntj2HfEMzOK1Kq5KSy1KaCbiEXYWHddZFEM/2NJUj6U aTSEOkbbbuvS4WEnPJMxviloAKR78ulRnijaQQTyzp/pKxXalegXi2+3C6cmp4Ix l+D+2g14agLzZv5f73rBdexBWoH8ER0nc3bOdKTYbBugZrPeZIFH37GVoNqXrNDT IiW3CE+Y+ubSdL5g/OWc2ZkRaWKuax7FCrtzU68jQ==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=0MIQIA EM+iiYPWBvfT3IMxvBSfmN2NfJW0+905YgDDI=; b=iEb7CtVY48S+UK11eKx05p gPV0NFaE59EyozvM9r6D6wZm4un1tX6FQf4uvfAtkwAPqb3POtj8ZpZ9GBMmf/Of LQSDkFYXnBwuf1wW1OVd8B5c9o1W+gyP+PdmaSNOm0EakvUVBGLJOVpuF2tD7oqq vWRU52tVS5CAt49wNf7/ZBDySsPiybUCWi/26d5osk7L5Neaa1/NQTwLR3AwPHao 5wJKYW/uwle4bDqvscvj5UjJ98nh4xpvI1VgCh/iy/39o8kFCi5Toxb9kL5K+W6s ewD6CEsAeB/oww5AOwf2GCk+JYpoTzwXzW4EsMvN16LFbhdatz0n1BzuU3XXPJ9g ==
In-reply-to: <3fx76tWQEAaPLsTP4HdcJQ6donCIsMmLAKIEJGCwnNm8l3oRG7Ly7aS3C95Z6sSpDPWg1aalO-HtdML6by8VYasVV4YJ0_5PVBYAa0o_6w0=@protonmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <9CD1BA536D3.00000641beatthebastards@inbox.com> <3fx76tWQEAaPLsTP4HdcJQ6donCIsMmLAKIEJGCwnNm8l3oRG7Ly7aS3C95Z6sSpDPWg1aalO-HtdML6by8VYasVV4YJ0_5PVBYAa0o_6w0=@protonmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, 16 May 2018, at 00:37, panoramix.druida wrote:
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now

The problem with quoting links is that the source can ALWAYS change the
text to fit the latest developments. So you should link as a reference
to the context, but do QUOTE the parts that disturb you.

> So if I have PGP to protect my email, their solution is to stop using
> PGP because someone could read my encripted mails.

The current page says:

+ Our advice, which mirrors that of the researchers, is to immediately
+ disable and/or uninstall tools that automatically decrypt PGP-
+ encrypted email.

Notice the words automatically and decrypt, besides the immediately that
unsettled you.

> So now everyone would be able to read all of may emails.

I doubt even EFF would have written such a thing.

> Wouldn't be better to ask people to disable HTML on email and to
> upgrade their email clients to stay protected.

Only TorBirdy and other email related projects do say that.

And there is no upgrade so asking users to upgrade would have been only
a hysterical reaction.

> I know PGP is not perfect, but it is the best we have for email.

The best you know. And there is no "we". Different needs,
different tools.

> I know email is not perfect but it is more or less descentralize.

More, less, the same. Emotion and zero information.

> Why should be stop using email in favor of something such as Signal
> (recomendation from EFF article) that is centralize and we should
> trust the guys running the server are good guys.

In its current form, it says nothing about "stop using" anything but
software that automatically decrypts PGP. Anyway it is called trying to
give a solution. And as far as I know Signal has a much better security
history than the email client addons.

> I understund that Signal has great security features like foreward
> secrecy that PGP doesn't. I know it is open source, but you are forbid
> to installed from free repostiories such as Fdroid.

Nobody forbids anyone from installing anything from Fdroid. That IS
EXACTLY the point of Fdroid.

> Also you can not use Signal if you don't have a phone number. How
> great is that for anonymity. In the country where I am living you can
> not activiate a mobile phone number without your national id.

In many countries you can't do that. So the responsibility should be
ENTIRELY with you. People from other countries give you FDroid,
Android, Internet, websites, and so on. It is up to you to either
change that reality or vote with your feet if you are too weak,
incompetent, and so on.

Cheers
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] PGP fiddly-diddly - action required
  - From: Sydney

References:
- [tor-talk] PGP fiddly-diddly - action required
  - From: I
- Re: [tor-talk] PGP fiddly-diddly - action required
  - From: panoramix.druida

Prev by Author: Re: [tor-talk] Post Quantum Tor
Next by Author: Re: [tor-talk] PGP fiddly-diddly - action required
Previous by thread: Re: [tor-talk] PGP fiddly-diddly - action required
Next by thread: Re: [tor-talk] PGP fiddly-diddly - action required
Index(es):
- Author
- Thread