• Re: Cops hate encryption but the NSA loves it when you use PGP

    From Wilfred van Velzen@2:280/464 to Aug on Thursday, June 01, 2023 21:31:02
    * Originally in MOBILE
    * Crossposted in PUBLIC_KEYS

    Hi Aug,

    On 2023-06-01 22:13:20, you wrote to All:

    Cops hate encryption but the NSA loves it when you use PGP

    https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp/

    A bit old, but still interesting!

    So you need to hide your pgp/gpg communication, in for instance encrypted binkp sessions! And not use email... ;-)

    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Thursday, June 01, 2023 18:25:00
    Hello Wilfred!

    * Originally in MOBILE
    * Crossposted in PUBLIC_KEYS

    Good choice to x-post here.

    https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp/

    A bit old, but still interesting!

    So you need to hide your pgp/gpg communication, in for instance
    encrypted binkp sessions! And not use email... ;-)

    But binkp is only sound during the initial transfer. The
    resultant fidonet content become public info once it lands on a
    bbs that opens the echos for public viewing. :(


    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Friday, June 02, 2023 08:44:42
    * Originally in MOBILE
    * Crossposted in PUBLIC_KEYS

    Hi August,

    On 2023-06-01 18:15:00, you wrote to me:

    A bit old, but still interesting!

    So you need to hide your pgp/gpg communication, in for instance
    encrypted binkp sessions! And not use email... ;-)

    I failed to notice the date of the original. A lot of things
    have changed in gpg/pgp usage and implementation since 2016.

    It probably has. But not regarding the recognisability of the pgp/gpg data afaik.

    I bet gpg is more wide-spread in usage now than then.

    I don't see any evidence of that.

    Collecting and analying meta data NOW seems like a make-work
    project that wastes time and resources.

    Why do you think so. The NSA (and likes) wouldn't turn of their 2016 systems, if they still keep working and giving them valuable data...


    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Friday, June 02, 2023 08:50:37
    * Originally in MOBILE
    * Crossposted in PUBLIC_KEYS

    Hi August,

    On 2023-06-01 18:25:00, you wrote to me:

    So you need to hide your pgp/gpg communication, in for instance
    encrypted binkp sessions! And not use email... ;-)

    But binkp is only sound during the initial transfer. The
    resultant fidonet content become public info once it lands on a
    bbs that opens the echos for public viewing. :(

    You wouldn't normally send your private mails in public echomail areas. You would use netmail, preferably direct, so I don't see that down side...

    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From Richard Menedetter@2:310/31 to Wilfred van Velzen on Friday, June 02, 2023 11:30:26
    Hi Wilfred!

    01 Jun 2023 21:31, from Wilfred van Velzen -> Aug:

    Cops hate encryption but the NSA loves it when you use PGP
    https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp/

    A bit old, but still interesting!
    So you need to hide your pgp/gpg communication, in for instance
    encrypted binkp sessions! And not use email... ;-)

    Or use steganography to hide in pictures, mp3, whatever.

    CU, Ricsi

    ... Have you ever imagined a world with no hypothetical situations?
    --- GoldED+/LNX
    * Origin: Don't worry, I don't understand what I said either... (2:310/31)
  • From Wilfred van Velzen@2:280/464 to Richard Menedetter on Friday, June 02, 2023 11:48:51
    Hi Richard,

    On 2023-06-02 11:30:26, you wrote to me:

    Cops hate encryption but the NSA loves it when you use PGP
    https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp
    /

    A bit old, but still interesting!
    So you need to hide your pgp/gpg communication, in for instance
    encrypted binkp sessions! And not use email... ;-)

    Or use steganography to hide in pictures, mp3, whatever.

    Do you have experience with this?

    But it also might attrackt some unwanted attention. And you don't know how good the NSA (etc) have become at detecting it...


    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Saturday, June 03, 2023 08:36:00
    Hello Wilfred!

    ** On Friday 02.06.23 - 08:50, Wilfred van Velzen wrote to August Abolins:

    * Originally in MOBILE
    * Crossposted in PUBLIC_KEYS

    But binkp is only sound during the initial transfer. The
    resultant fidonet content become public info once it lands on a
    bbs that opens the echos for public viewing. :(

    You wouldn't normally send your private mails in public echomail areas. You would use netmail, preferably direct, so I don't see that down side...

    Oh yeah.. netmail could work that way exclusively. Good point.
    That could be reasonably invisible to the NSA/spy. But the use
    of the binkp can still be deteted, no? And if that's the case,
    they can start focusing their observations on systems that use
    it and probe deeper.
    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Saturday, June 03, 2023 16:58:23
    Hi August,

    On 2023-06-03 08:36:00, you wrote to me:

    Oh yeah.. netmail could work that way exclusively. Good point.
    That could be reasonably invisible to the NSA/spy. But the use
    of the binkp can still be deteted, no?

    Yes. With or without pgp/gpg content.

    And if that's the case, they can start focusing their observations on systems that use it and probe deeper.

    Why would they want to do that? And if they would, they would have already started doing so decades ago...


    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Saturday, June 03, 2023 21:51:00
    Hello Wilfred!

    Oh yeah.. netmail could work that way exclusively. Good
    point. That could be reasonably invisible to the NSA/spy.
    But the use of the binkp can still be deteted, no?

    Yes. With or without pgp/gpg content.

    Hmmm.. Too bad networked (via FTN) BBSes don't stress that
    opaqueness as pretty-good-isolation from internet collection
    then.


    And if that's the case, they can start focusing their
    observations on systems that use it and probe deeper.

    Why would they want to do that? And if they would, they
    would have already started doing so decades ago...

    Well.. I thought that if it becomes known that BBSes are the
    transport mechanism for secret/suspect messages, then the spys
    could investigate the BBS and owners and choose to knock on
    their doors some day?


    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sunday, June 04, 2023 12:15:40
    Hi August,

    On 2023-06-03 21:51:00, you wrote to me:

    Oh yeah.. netmail could work that way exclusively. Good
    point. That could be reasonably invisible to the NSA/spy.
    But the use of the binkp can still be deteted, no?

    Yes. With or without pgp/gpg content.

    Hmmm.. Too bad networked (via FTN) BBSes don't stress that
    opaqueness as pretty-good-isolation from internet collection
    then.

    Probably everything is collected. And btw binkd doesn't use a very good encryption algorithm. So if they wanted/needed to break it, they probably could. So the hiding gpg traffic only works as long as we remain small and under the radar...

    And if that's the case, they can start focusing their
    observations on systems that use it and probe deeper.

    Why would they want to do that? And if they would, they
    would have already started doing so decades ago...

    Well.. I thought that if it becomes known that BBSes are the
    transport mechanism for secret/suspect messages, then the spys
    could investigate the BBS and owners and choose to knock on
    their doors some day?

    Of course, but that is true for any kind of communication... The point is not to become suspect! ;-)

    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Sunday, June 04, 2023 11:08:00
    Hmmm.. Too bad networked (via FTN) BBSes don't stress that
    opaqueness as pretty-good-isolation from internet collection
    then.

    Probably everything is collected. And btw binkd doesn't use a very good encryption algorithm. So if they wanted/needed to break it, they
    probably could.

    I thought binkd's encryption only extended to the
    authentication part. If the whole transfer, ie. the PKTs are
    encrypted, that's interesting.

    According to this, http://mimac.bizzi.org/
    fidonet_programmi_binkd.html

    "traffic encryption" was added.


    So the hiding gpg traffic only works as long as we
    remain small and under the radar...

    Oh.. so you mean to include gpg'd netmail messages in the
    transfer?


    Well.. I thought that if it becomes known that BBSes are
    the transport mechanism for secret/suspect messages, then
    the spys could investigate the BBS and owners and choose
    to knock on their doors some day?

    Of course, but that is true for any kind of
    communication... The point is not to become suspect! ;-)

    Yes n No. I suppose that "authorities" could demand unlocking
    encrypted messages on "grounds" for suspicion. That happend at
    Prontomail not long ago. What those "grounds" could be could
    be debatable and suspect itself. :D

    I recall a movement that suggested that people simply FLOOD the
    channels with messages that bore "suspect" text in the Subject
    lines: super secret, terrorism, murder.. etc. The idea being
    that then they will have too much data to analyse.

    Similarly, random suspect words could be also be thrown in as
    part of the message body at random times.

    I dunno.. at this point I think the NSA wants people to think
    that they have the ability analyse all the traffic out there -
    and the media is more than willing to communicate that on their
    behalf - but I think the reality is that analysing it ALL
    within a reasonable time frame is not happening.

    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Richard Menedetter@2:310/31 to Wilfred van Velzen on Sunday, June 04, 2023 20:45:08
    Hi Wilfred!

    02 Jun 2023 11:48, from Wilfred van Velzen -> Richard Menedetter:

    So you need to hide your pgp/gpg communication, in for instance
    encrypted binkp sessions! And not use email... ;-)
    Or use steganography to hide in pictures, mp3, whatever.
    Do you have experience with this?

    Little and a veeeeery long time ago.

    But it also might attrackt some unwanted attention. And you don't know
    how good the NSA (etc) have become at detecting it...

    Well you can always embed a PGP file steganographically.
    In that case they would just know that something is there if they are able to detect it.

    CU, Ricsi

    ... The perfect guest is one who makes his host feel at home.
    --- GoldED+/LNX
    * Origin: INPUT: Food, whisky, beer, aspirin, etc. (2:310/31)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sunday, June 04, 2023 22:08:43
    Hi August,

    On 2023-06-04 11:08:00, you wrote to me:

    Probably everything is collected. And btw binkd doesn't use a very
    good encryption algorithm. So if they wanted/needed to break it,
    they probably could.

    I thought binkd's encryption only extended to the
    authentication part. If the whole transfer, ie. the PKTs are
    encrypted, that's interesting.

    It can be, but not every node supports it...

    I recall a movement that suggested that people simply FLOOD the
    channels with messages that bore "suspect" text in the Subject
    lines: super secret, terrorism, murder.. etc. The idea being
    that then they will have too much data to analyse.

    I don't think that would work now. Data analyses and cpu power has come a long way...


    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Tuesday, June 06, 2023 08:34:00
    Hello WvV!

    ** On Friday 02.06.23 - 08:44, you wrote to me:

    * Originally in MOBILE
    * Crossposted in PUBLIC_KEYS

    I bet gpg is more wide-spread in usage now than then.

    I don't see any evidence of that.

    Well.. Thunderbird has supported PGP/GPG integration for years
    via plugins, and now it is practically built-in and part of the
    whole program. An implementation like that only begs to be
    discovered and used. If the coders for TB have done this, they
    must have had the evidence or requests for that.

    Then there are all the other programs such as GPGTools
    GPGshell, etc.. that exist and continue to be supported.

    I am sure friends tell two friends and so on, about these
    options to integrate more privacy in comms.


    Collecting and analying meta data NOW seems like a make-work
    project that wastes time and resources.

    Why do you think so. The NSA (and likes) wouldn't turn of
    their 2016 systems, if they still keep working and giving
    them valuable data...

    Sure.. even for them change is hard. So, they just keep
    investing more and more resources to maintain this beast of
    collecting everything - but with a very limited feasible
    outcome.

    They are forced to focus on narrow sets of data: a particular
    suspect or small group.

    But even then, the associations between suspects/groups could
    be full of red-herrings.



    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tuesday, June 06, 2023 16:28:14
    Hi August,

    On 2023-06-06 08:34:00, you wrote to me:

    I bet gpg is more wide-spread in usage now than then.

    I don't see any evidence of that.

    Well.. Thunderbird has supported PGP/GPG integration for years
    via plugins, and now it is practically built-in and part of the
    whole program. An implementation like that only begs to be
    discovered and used. If the coders for TB have done this, they
    must have had the evidence or requests for that.

    Then there are all the other programs such as GPGTools
    GPGshell, etc.. that exist and continue to be supported.

    I am sure friends tell two friends and so on, about these
    options to integrate more privacy in comms.

    Support/availability doesn't automatically mean usage...

    And you will have to configure it in Thunderbird. Most users won't bother.

    Collecting and analying meta data NOW seems like a make-work
    project that wastes time and resources.

    Why do you think so. The NSA (and likes) wouldn't turn of
    their 2016 systems, if they still keep working and giving
    them valuable data...

    Sure.. even for them change is hard. So, they just keep
    investing more and more resources to maintain this beast of
    collecting everything - but with a very limited feasible
    outcome.

    You don't know that! ;-)

    They are forced to focus on narrow sets of data: a particular
    suspect or small group.

    You don't know that! ;-)


    Bye, Wilfred.

    --- FMail-lnx64 2.2.0.0
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Sunday, June 11, 2023 13:40:00
    Hello Wilfred!

    ** On Tuesday 06.06.23 - 16:28, you wrote to me:

    I am sure friends tell two friends and so on, about these
    options to integrate more privacy in comms.

    Support/availability doesn't automatically mean usage...

    And you will have to configure it in Thunderbird. Most
    users won't bother.

    We/you don't know if people are not bothering. I get the
    occassional question about the signature file that my TB
    includes when I send a message. But unless they use TB
    themselves, they won't have an easy path to change from their
    confort-zone of the webbased gmail or outlook or hotmail or
    live.com

    And.. there is the ever pervasive notion that "there is nothing
    worthy of secrecy in my email conversations, so privacy doesn't
    matter".

    Sure.. even for them change is hard. So, they just keep
    investing more and more resources to maintain this beast of
    collecting everything - but with a very limited feasible
    outcome.

    You don't know that! ;-)

    There is no evidence that they have been successful in using
    that system.


    They are forced to focus on narrow sets of data: a particular
    suspect or small group.

    You don't know that! ;-)

    Based on some articles that do get out on mainstream media,
    there is the occassional mention that enmasse data collection
    has helped them follow a trail of a suspect. But, then they
    have to ignore the billions of petrabytes of other info they
    have collected. But even if if get reported as such, that could
    be a ruse to keep the public in check.


    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From August Abolins@2:221/1.58 to Richard Menedetter on Sunday, June 11, 2023 13:55:00
    Hello Richard Menedetter!

    ** On Sunday 04.06.23 - 20:45, you wrote to Wilfred:

    Or use steganography to hide in pictures, mp3, whatever.
    Do you have experience with this?

    Little and a veeeeery long time ago.

    But it also might attrackt some unwanted attention. And
    you don't know how good the NSA (etc) have become at
    detecting it...

    Well you can always embed a PGP file steganographically.
    In that case they would just know that something is there
    if they are able to detect it.

    I like the idea of that - PGP messages wrapping in short .mp3/
    .ogg soundbites and send those as attachments in basic email.
    Create something that occupies their time for nothing.

    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Sunday, June 11, 2023 14:07:00
    Hello Wilfred!

    ** On Friday 02.06.23 - 11:48, you wrote to RM:

    Or use steganography to hide in pictures, mp3, whatever.

    But it also might attrackt some unwanted attention. And
    you don't know how good the NSA (etc) have become at
    detecting it...

    I'm afraid everyone is already a suspect and our comms are
    already collected and subject to rudimentaty analysis.

    By putting a lock on that data (pgp, stenographics, etc) we are
    declaring the right to agency and privacy.

    THIS is a sad commentary:

    https://www.cato.org/blog/nearly-third-gen-z-favors-home- government-surveillance-cameras-1

    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)