[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tormail?

On 10/11/11 16:48, Ted Smith wrote:

>> It's quite different for non-anonymous providers. They are restricted by
>> laws, and are held responsible for their actions, legally and
>> commercially. If we don't even know where TorMail is hosted, we don't
>> know what laws they're subject to, nor whether they're following them.
>> And if they're caught doing something illegal, we can't track them down
>> in order to hold them responsible.
> If Google was reading your email, you could not track them down or hold
> them responsible. Google, like other corporations, is not restricted by
> law. 

So let me get that straight. Google is above the law, and nobody knows
how to get in contact with them. I disagree with both assertions.

> What you're referring to is "privacy by policy." In this mode of
> thinking, you assert that a service is private because the person
> providing that service says that it's private. At this point, you need
> go figure out how much you trust them to evaluate how private that
> system is. 

GMail   : Has a policy that they don't read your email
TorMail : Has a policy that they don't read your email

If GMail does read your email, there may be legal or commercial
consequences. If TorMail reads your email, there is no recourse. None.

> Tor and other privacy-enhancing technologies provide "privacy by
> design." In this mode of thinking, you assert that a service is private
> because you, the person using it, uses some other technology that
> enforces privacy. At this point, you don't care about who's running the
> service, because even though Google has a lot of lawyers, those lawyers
> can't get a court order to break RSA. The government can't subpoena
> math.
> It should be clear which mode of thinking is better.
> This idea is stolen without any remorse from
> <https://blog.torproject.org/blog/anonymity-design-versus-policy>.

That's all very nice, but at no point did I advocate using a
non-anonymous email provider, without anonymising yourself.

Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list