Discussion:
Dumping an old friend because he doesn't use encryption
(too old to reply)
d***@yahoo.com
2008-08-28 14:56:40 UTC
Permalink
Here's a rant:

Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.

This past week I briefly corresponded with an old acquaintance. I
strongly suggested encryption. But, as life turns out, he is just
another deadbeat.

In the future I'm not going to bend. Encryption capabilities are out
there. There is creepy surveillance out there. There is nothing
delusional about the premiums on information about individuals.
Paranoia over email surveillance has long proven justified.

The loss that my friend and I are experiencing by no-encryption can
not be measured. He might as well kill himself for his stupidity. I
haven't deleted his plaintext emails, but I've placed them in a
forgettable folder. My only replies to his plaintext messages now and
forever after will be

http://www.pgp.com and
http://www.gnupg.org

Will I be making myself clear?

regards to all the other privacy geeks in this group,

d.

----------------------------------------------
A homeless bum with PayPal.
David E. Ross
2008-08-28 17:21:14 UTC
Permalink
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
This past week I briefly corresponded with an old acquaintance. I
strongly suggested encryption. But, as life turns out, he is just
another deadbeat.
In the future I'm not going to bend. Encryption capabilities are out
there. There is creepy surveillance out there. There is nothing
delusional about the premiums on information about individuals.
Paranoia over email surveillance has long proven justified.
The loss that my friend and I are experiencing by no-encryption can
not be measured. He might as well kill himself for his stupidity. I
haven't deleted his plaintext emails, but I've placed them in a
forgettable folder. My only replies to his plaintext messages now and
forever after will be
http://www.pgp.com and
http://www.gnupg.org
Will I be making myself clear?
regards to all the other privacy geeks in this group,
d.
I think you are being too harsh. If he is truly your friend, you might
want to send him a post card now and then. If you are willing to send
him a post card, then you should be willing to send him an unencrypted
E-mail message. Just don't put anything into the message you would not
put onto a post card.

By the way, per RFC 3676, your message signature should have only two
dashes followed by a space (dash-dash-space) in front of it. That is
how my signature is setup. This allows some newsgroup applications to
remove the signature when replying.
--
David E. Ross
<http://www.rossde.com/>

Q: What's a President Bush cocktail?
A: Business on the rocks.
Neil W Rickert
2008-08-29 02:24:29 UTC
Permalink
And for all the ranting, you failed to PGP-sign your message.
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
It's a bit much to impose that obligation on somebody who is not
familiar with handling encryption with email, or who "really likes"
an email client that does not support pgp/gpg.

At least consider S/MIME. Personally, I don't like S/MIME.
But many more mail clients support it than support PGP.
d***@yahoo.com
2008-08-29 06:39:58 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
And for all the ranting, you failed to PGP-sign your message.
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
It's a bit much to impose that obligation on somebody who is not
familiar with handling encryption with email, or who "really likes"
an email client that does not support pgp/gpg.
At least consider S/MIME.  Personally, I don't like S/MIME.
But many more mail clients support it than support PGP.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAki3XdkACgkQvmGe70vHPUPz3gCgzPEhmWvmGzkd81KjVqTF1t6y
odUAoIqoYzMhhCoHfHxIPa2iLLJRSjeb
=ZX32
-----END PGP SIGNATURE-----
He's got brains enough to learn encryption. I'd encourage him to use
standalone file encryption/decryption using copy, paste, and save as a
dot-ascii file.

Wasn't SHA1 broken a couple years ago? Why should I bother
clearsigning here in this stupid thread? Ritual PGP worship?
Unruh
2008-08-29 07:11:25 UTC
Permalink
Post by d***@yahoo.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
And for all the ranting, you failed to PGP-sign your message.
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
There is this habit in the computer world for people to believe that their
own prejudices are really the law, and all should share them. This is
another instance.
Post by d***@yahoo.com
It's a bit much to impose that obligation on somebody who is not
familiar with handling encryption with email, or who "really likes"
an email client that does not support pgp/gpg.
At least consider S/MIME. =A0Personally, I don't like S/MIME.
But many more mail clients support it than support PGP.
He's got brains enough to learn encryption. I'd encourage him to use
standalone file encryption/decryption using copy, paste, and save as a
dot-ascii file.
Wasn't SHA1 broken a couple years ago? Why should I bother
clearsigning here in this stupid thread? Ritual PGP worship?
Any why should your friend bother listening to your stupid ideas?
d***@yahoo.com
2008-08-29 07:58:44 UTC
Permalink
Post by Unruh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
And for all the ranting, you failed to PGP-sign your message.
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
There is this habit in the computer world for people to believe that their
own prejudices are really the law, and all should share them. This is
another instance.
It's a bit much to impose that obligation on somebody who is not
familiar with handling encryption with email, or who "really likes"
an email client that does not support pgp/gpg.
At least consider S/MIME. =A0Personally, I don't like S/MIME.
But many more mail clients support it than support PGP.
He's got brains enough to learn encryption.  I'd encourage him to use
standalone file encryption/decryption using copy, paste, and save as a
dot-ascii file.
Wasn't SHA1 broken a couple years ago?  Why should I bother
clearsigning here in this stupid thread?  Ritual PGP worship?
Any why should your friend bother listening to your stupid ideas?
Because my stupid ideas are sometimes better than others' smart ideas.
Otto Sykora
2008-09-14 12:49:30 UTC
Permalink
Post by d***@yahoo.com
Wasn't SHA1 broken a couple years ago? Why should I bother
clearsigning here in this stupid thread?
SHA1 was not broken, but mathematical shortcuts created which could lead
to faster results then bruteforce some day.
It is similar with Shamir introducing methods for attacking AES, 3DES
and other algos considered safe today. It is a method, but it still
needs lot to make it useful for any practical app.

clearsign, well I think they mean here when you are so big extreme
encryption hero, then you would sure sign everything everywhere anytime...
Baal
2008-08-31 10:46:16 UTC
Permalink
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
Nice idea, but given human nature (i.e. sloth) this just ain't gonna happen.
Post by d***@yahoo.com
This past week I briefly corresponded with an old acquaintance. I
strongly suggested encryption. But, as life turns out, he is just
another deadbeat.
People tend to be set in their ways, accordingly, you have to make it as
easy as possible for them to do what you want. You don't say what OS your
friend is using... is it Windows?

If so, in all likelihood, the easiest way for him to use encryption is to
use GPG for Windows, and the Firefox GPG plugin, FireGPG. Both of these
allow signing, verification, encryption/decryption to take place in a
browser window. This is ideal for web-based email accounts like Gmail,
Hotmail, Yahoo and the like.

If he installs GPG4Win, it will also work with Enigmail the GPG plugin for
Thunderbird.
Post by d***@yahoo.com
In the future I'm not going to bend. Encryption capabilities are out
there. There is creepy surveillance out there. There is nothing
delusional about the premiums on information about individuals.
Paranoia over email surveillance has long proven justified.
True enough, but these threats, although real, are distant and remote in
the minds of the average users. They just think we're all paranoid.
Post by d***@yahoo.com
The loss that my friend and I are experiencing by no-encryption can
not be measured. He might as well kill himself for his stupidity.
I think this is more than a trifle harsh.
Post by d***@yahoo.com
I haven't deleted his plaintext emails, but I've placed them in a
forgettable folder. My only replies to his plaintext messages now and
forever after will be
http://www.pgp.com and
http://www.gnupg.org
Try sending him the link to GPG4Windows instead, and tell him about the
Firefox GPG plugin, FireGPG.

http://www.gpg4win.org/
Post by d***@yahoo.com
Will I be making myself clear?
As I said, make it as easy for him as possible to try out encryption--once
he gets used to it, he may even get some of his friends to try it.
Post by d***@yahoo.com
regards to all the other privacy geeks in this group,
d.
----------------------------------------------
A homeless bum with PayPal.
Baal <***@Usenet.org>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1E92C0E8
PGP Key Fingerprint: 40E4 E9BB D084 22D5 3DE9 66B8 08E3 638C 1E92 C0E8
Retired Lecturer, Encryption and Data Security, Pedo U, Usenet Campus
- --

"Sed quis custodiet ipsos Custodes?" -- "Who will watch the Watchmen?"
-- Juvenal, Satires, VI, 347. circa 128 AD

The state must declare the child to be the most precious treasure of the
people. As long as the government is perceived as working for the benefit
of the children, the people will happily endure almost any curtailment of
liberty and almost any deprivation. -- Adolf Hitler, Mein Kampf
d***@yahoo.com
2008-08-31 09:48:49 UTC
Permalink
Post by Baal
People tend to be set in their ways, accordingly, you have to make it as
easy as possible for them to do what you want. You don't say what OS your
friend is using... is it Windows?
If so, in all likelihood, the easiest way for him to use encryption is to
use GPG for Windows, and the Firefox GPG plugin, FireGPG. Both of these
allow signing, verification, encryption/decryption to take place in a
browser window. This is ideal for web-based email accounts like Gmail,
Hotmail, Yahoo and the like.
If he installs GPG4Win, it will also work with Enigmail the GPG plugin for
Thunderbird.
Post by d***@yahoo.com
In the future I'm not going to bend. Encryption capabilities are out
there. There is creepy surveillance out there. There is nothing
delusional about the premiums on information about individuals.
Paranoia over email surveillance has long proven justified.
True enough, but these threats, although real, are distant and remote in
the minds of the average users. They just think we're all paranoid.
Post by d***@yahoo.com
The loss that my friend and I are experiencing by no-encryption can
not be measured. He might as well kill himself for his stupidity.
I think this is more than a trifle harsh.
The literary term is 'hyperbole'.
Tim Murray
2008-08-31 13:01:15 UTC
Permalink
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
This past week I briefly corresponded with an old acquaintance. I
strongly suggested encryption. But, as life turns out, he is just
another deadbeat.
In the future I'm not going to bend. Encryption capabilities are out
there. There is creepy surveillance out there. There is nothing
delusional about the premiums on information about individuals.
Paranoia over email surveillance has long proven justified.
The loss that my friend and I are experiencing by no-encryption can
not be measured. He might as well kill himself for his stupidity. I
haven't deleted his plaintext emails, but I've placed them in a
forgettable folder. My only replies to his plaintext messages now and
forever after will be
http://www.pgp.com and
http://www.gnupg.org
Will I be making myself clear?
If your e-mails are about how's the wife and kids stuff, what's the problem?
Do you really care that a clerk in the NSA might know that Johnny got his
braces off?
d***@yahoo.com
2008-09-01 17:30:48 UTC
Permalink
I view email surveillance as intellectual property theft unless the
sender consents. When I had my old posting account at best.com I'd
always include a copyright notice and a personal use notice. It's
harder to do something like that with Yahoo where I'd always have to
put it in the signature instead of in the headers where I put them
from my best.com account. At the bottom in plain view it tends to
annoy other posters.

I believe the "intellectual property" point of view is important
because it implies a federal constitutional basis for attacking the
telecom acts that approve government surveillance and which immunize
ISP's from liability.

Suppose somebody wanted to sue the government over email surveillance
- from the intellectual property point of view, the lawsuit could be
based on the fifth amendment "just compensation" clause. When we look
at the injury to society caused by government surveillance we will
obviously see a chilling effect on communications. All we can talk
about safely by email are things like, "Johnny got his braces off."

None of the entitlement bunny "civil liberty" lawyers and privacy
organizations seem to have caught on to this. Nor would any of those
police-approved, spoiled credentialed pigs support my admission to the
bar or bench.

dhm

- co-founder, alt.society.homeless
- founder Professionals without Credentials (registered np, 2001)
- founder The Underground Bar (registered np, 2001)
- founder, a pro bono yahoo group with over 100 members
- victim of police seizure of personal computer, sports equipment,
writings, papers, and some important books from
my bedroom and from the garage I was using in 2002.
- genuine homeless person, never a druggie or alcoholic, no government
benefits, all my money comes from
either work or panhandling, and my average average income over the
past 25 years has been under $5000.
Potential employers all seem to have their heads up their butts as
their excuse not to hire me.
- remnants of best.com website now at http://www.geocities.com/dhm_at_best_dot_com

--
Except for the quotes of others, all my postings are copyright by D.H.
Myers (me) as of their respective dates and for personal use only,
including this one.

See my logic?
d***@yahoo.com
2008-09-02 04:32:49 UTC
Permalink
  either work or panhandling, and my average average income over the
past 25 years has been under $5000.
That was supposed to be "average annual income".
Tim Murray
2008-09-09 00:05:37 UTC
Permalink
I view email surveillance as intellectual property theft unless the sender
consents. When I had my old posting account at best.com I'd always
include a copyright notice and a personal use notice. It's harder to do
something like that with Yahoo where I'd always have to put it in the
signature instead of in the headers where I put them from my best.com
account. At the bottom in plain view it tends to annoy other posters.
I believe the "intellectual property" point of view is important because
it implies a federal constitutional basis for attacking the telecom acts
that approve government surveillance and which immunize ISP's from
liability.
Suppose somebody wanted to sue the government over email surveillance -
from the intellectual property point of view, the lawsuit could be based
on the fifth amendment "just compensation" clause. When we look at the
injury to society caused by government surveillance we will obviously see
a chilling effect on communications. All we can talk about safely by
email are things like, "Johnny got his braces off."
None of the entitlement bunny "civil liberty" lawyers and privacy
organizations seem to have caught on to this. Nor would any of those
police-approved, spoiled credentialed pigs support my admission to the bar
or bench. [snipped]
Except for the quotes of others, all my postings are copyright by D.H.
Myers (me) as of their respective dates and for personal use only,
including this one.
See my logic?
Yes, but it sounds like you're worried more about what they'd do with your
e-mails than the possibility that someone might get them at all. If you're
sending your latest novel to the publisher, then a secure channel may be in
order. But ... well, call me a cynic, but I have this sneaking suspicion that
the spies who would stumble upon your e-mails to your long-lost friend have
less interest in them than even I.
Neil W Rickert
2008-09-09 00:51:59 UTC
Permalink
Post by Tim Murray
Yes, but it sounds like you're worried more about what they'd do with your
e-mails than the possibility that someone might get them at all. If you're
sending your latest novel to the publisher, then a secure channel may be in
order. But ... well, call me a cynic, but I have this sneaking suspicion that
the spies who would stumble upon your e-mails to your long-lost friend have
less interest in them than even I.
You are right, that most email does not contain anything that
warrants encryption.

On the other hand, there is always the problem that when you encrypt
only few messages, and leave most unencrypted, you are creating
an evidence trail that flags those few messages as particularly
important or particulary interesting.

Some people prefer to encrypt everything, to avoid leaving such
evidence.
d***@yahoo.com
2008-09-10 14:40:01 UTC
Permalink
Post by Tim Murray
Post by d***@yahoo.com
See my logic?
Yes, but it sounds like you're worried more about what they'd do with your
e-mails than the possibility that someone might get them at all.  If you're
sending your latest novel to the publisher, then a secure channel may be in
order. But ... well, call me a cynic, but I have this sneaking suspicion that
the spies who would stumble upon your e-mails to your long-lost friend have
less interest in them than even I.
There has to be a lot more going on in surveillance besides the
content of individual messages.

- the government can snoop on your recipient's reactions. If I send a
suggestion to an old friend that he get encryption, and then he sends
an email to another friend asking "What's going on with him?", then
the government has a big advantage.

- the government can profile your recipients and your relationships
with them more than you can.

- the government can profile you based on other factors, such as
timing and frequency of messages to certain people.

- if you arrange by email to meet somebody, the government knows where
you're going to be and when.

The big tragedy of email encryption is that so few people use it.

I know I'm "an interesting person". It's like I'm an unpaid
consultant for a government crime syndicate that wants to perfect its
totalitarian rule by learning personal values of its slaves, not
merely personal details.

I wonder how much spam that I get is from government sources. I don't
believe in coincidences when I email someone from one account and
receive a spam message from a different account that contains keywords
or names from the other. "You're being watched."
Tim Murray
2008-09-13 14:09:20 UTC
Permalink
Post by d***@yahoo.com
the government can snoop on your recipient's reactions. If I send a
suggestion to an old friend that he get encryption, and then he sends
an email to another friend asking "What's going on with him?", then
the government has a big advantage.
Advantage at what? The grounds for their next subpoena? You're implying some
kind of clash here where none exists.
Post by d***@yahoo.com
I wonder how much spam that I get is from government sources. I don't
believe in coincidences when I email someone from one account and
receive a spam message from a different account that contains keywords
or names from the other. "You're being watched."
Sound like shades of that MI-5 Persecution fellow.
Neil Rickert
2008-08-31 14:11:55 UTC
Permalink
Post by d***@yahoo.com
Some years ago I proposed a netiquette RFC that if one email
correspondent requests encryption, then the other is obliged to use
encryption too.
I think your proposed "netiquette" is too strict to be realistic.

I generally follow the principle:

Information that is received encrypted should not be sent unencrypted.

Thus if you send me an encrypted message, and I choose
to reply unencrypted, then I must not quote your text, and
I should avoid making comments on your message, if
those comments could significantly hint at the what was the
encrypted content.
Loading...