PDA

View Full Version : The National Security Administration, Lavabit, and YOU



Dwood
December 1st, 2013, 10:28 PM
Everyone here knows that I have been hanging around kickstarter for ages and just hitting f5 almost every day, but then, I discovered:

THIS GEM (http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative/posts)

http://lavabit.com/

http://www.wired.com/threatlevel/2013/11/lavabit-reply-brief/

Just like obama said we could keep our plan if we liked it, i'm sure we can trust him when he said they're not spying on american citizens.

Now, if you notice

kicktraq:

http://www.kicktraq.com/projects/ladar/lavabits-dark-mail-initiative/

Look at that huuuge jump on the very last day. :O Now, go back to kickstarter and read comments section


Discuss.

TL; DR:
They are looking for a way to encrypt all email and have it be user friendly to every user, and to notify the user if the email they are sending it to doesn't use encryption that is strong enough

Patrickssj6
December 2nd, 2013, 12:01 AM
If you care for a secure communication, just SSH your E-Mail client connection. Why need a standard? As always in life, if you are un-knowledgeable of something, you lose. In times where everyone posts everything on Facebook, why even bother.

Look at it this way: Do you know on what basis the RSA Cypher works? It is a relative simple mathematical property but I bet only a fraction of people understand it and still everyone trusts in it to be secure. My point is that people are afraid of things they don't fully understand (e.g. what personal privacy really means) and trust in things they do not understand (Internet security). They are clueless and as long as there is someone who understands how to use that weakness, you will see social exploitation.

Let me give you an example admin:admin (http://tinyurl.com/oo4ho6h)
No one has a clue: The guy who installed it, the people who run, the people that are being watched.

Btcc22
December 2nd, 2013, 01:40 AM
If you care for a secure communication, just SSH your E-Mail client connection. Why need a standard?

What good does that do when it's still being sent in plain text from the mail server to the recipient? Granted, there are precautions you can take but they're ineffective if they require any additional effort on the part of the sender and recipient (like PGP).

The protocols underpinning some of the more popular services are just not compatible with today's Internet. The likes of HTTP, FTP and the suite of email protocols were designed in an era where the Internet was far more trustworthy. Today, the best security we can offer is an extra layer slapped on top and to be honest, it's not enough for this day and age. It'd be better if we had protocols that were secure out of the box, so to speak (see HTTP 2.0).


As always in life, if you are un-knowledgeable of something, you lose.

What does that have to do with email?


In times where everyone posts everything on Facebook, why even bother.

Stuff posted on Facebook is generally intended to be public whereas emails generally aren't. Apples and oranges.

Patrickssj6
December 2nd, 2013, 09:29 AM
Stuff posted on Facebook is generally intended to be public whereas emails generally aren't. Apples and oranges.
Having multiple images of someone along with his name, his friends, his family, his interests, his whereabouts, his conversations, his phone number, his 3rd party services is suppose to be public information? Talk about the part being clueless. Just because people post it for everyone to see doesn't make it less interesting for someone else to see it. This was part of my point.

This dualism of people complaining that the government is reading your emails and at the same time placing an avatar (literally) on Facebook? Most people cannot understand at what extend you can get information from their "public" profile.

My E-Mails contain nothing important except for a million gift codes :P Try to understand my point about security more or less just being in illusion.

Kornman00
December 2nd, 2013, 09:43 AM
News flash: not everyone uses goddamn facebook, and not everyone wants their shit being read. Either by the US gov't or some foreign nation's gov't which has fewer 'freedom of speech' laws.

Patrickssj6
December 2nd, 2013, 10:11 AM
1.5 billion people with internet access, 1.2 billion active Facebook users. If you don't want your shit being read, then get some knowledge and be one step ahead.

TVTyrant
December 2nd, 2013, 01:07 PM
Dwood, I'd like to join the conversation, but with the 40 seconds I was willing to spend looking at those links all I could see was some stuff about the constitution needs defending and something called dark mail. Is this some new type of drone rocket resistant body armor? Because he's going to need much more than 180 grand for that in a kickstarter.

Kornman00
December 2nd, 2013, 03:48 PM
1.5 billion people with internet access, 1.2 billion active Facebook users accounts.
ftfy.

Dwood
December 2nd, 2013, 04:40 PM
Dwood, I'd like to join the conversation, but with the 40 seconds I was willing to spend looking at those links all I could see was some stuff about the constitution needs defending and something called dark mail. Is this some new type of drone rocket resistant body armor? Because he's going to need much more than 180 grand for that in a kickstarter.

Okay, when I wrote the OP i wasn't exactly... thinking straight, so I'll attempt to summarize in a clearer manner. I assume you are aware of the NSA tapping into essentially everything that happens on the internet, not the least of which is email. A company (lavabit) had a secure service that allowed people to send and receive emails that were encrypted to a degree which were extremely difficult to unencrypt via bruteforce.

The servers did not store any emails in plain-text form, so when asked to send to the NSA a specific user's emails and credentials, this company sent them the encrypted emails. Then, the NSA (which, i'm sure, already had those encrypted emails b/c they tap all online comms) went back to a judge and demanded the master key for the whole entire site, which is why the lavabit page is about constitutional rights.

This darkmail is about making it so that the NSA doesn't, by default, have access to any of yours, or my, data. It's about creating secure, open source, server-sided protocols so you and i don't get snooped on.

Why should we care? Because, NSA is 10x worse than Nixon's Watergate ever was. It's more akin to the KGB in Russia where they spied as much on their own citizenry as they did/do on those of other countries. I honestly don't like wikileaks or groups like them, but what if one political party used this to spy on the other party? It would be a terrible circumvention of democracy and civil rights.

Patrickssj6
December 2nd, 2013, 04:55 PM
ftfy.
good, active accounts. accounts which login by themselves without any human interaction