Re: wacky question

To: debian-user@lists.debian.org
Subject: Re: wacky question
From: Greg <greg451@att.net>
Date: Fri, 21 Jun 2013 16:52:20 -0400
Message-id: <[🔎] 1371847940.10674.25.camel@fast.cercy.net>
In-reply-to: <[🔎] 1371746502.644.51.camel@archlinux>
References: <[🔎] 1371696252.19732.9.camel@fast.cercy.net> <[🔎] 20130619235624.5f5a8ddf@debian.ok.shawcable.net> <[🔎] 1371741122.11007.8.camel@fast.cercy.net> <[🔎] 87zjukbxcm.fsf@thumper.dhh.gt.org> <[🔎] 1371746502.644.51.camel@archlinux>

On Thu, 2013-06-20 at 18:41 +0200, Ralf Mardorf wrote:
> On Thu, 2013-06-20 at 10:44 -0500, John Hasler wrote:
> > Governments just don't give a damn about your desktop.  Sorry if that
> > bruises your ego.  They may be interested in your email and Websurfing
> > in the unlikely event that you are a "person of interest", but they
> > can get that from your provider.
> 
> Correct, if they would spy my machine, they would risk, that I would
> notice it soon or later, but if they do it at another location, that is
> beyond my scope.
> 
> OTOH they might be interested to get the private openPGP keys, just to
> take a look, if we're "persons of interest", so a backdoor to our PCs
> would be from interest for them too.
> 
> The solution is very simple. My machine that is for everyday usage
> doesn't contain secrets. It's not a secure machine and I'm aware of this
> fact. If I ever have the need to share top secrets, I would set up
> another machine, with all kinds of protections and I only would connect
> it to the Internet, when it's absolutely needed. We e.g. could decrypt
> and read mails on a machine, that is never connected to the Internet and
> then e.g. use a self build (self soldered) USB stick to transmit it
> between our computers etc. pp..

That might work for an actual terrorist, but I am a citizen and I do not
think it is acceptable to have to act like a terrorist to keep my
humble, everyday "secrets" private. This government does not make any
effort to spy only on terrorists or foreigners, it digests everything it
can and every few months we find out they collect even more than we
thought.

Even worse, Mr Snowden and other have shown there is little regard for
that information once it is collected. Interested parties can and do tap
into that information for their own private, non-terrorist-catching
purposes.

Maybe everyone is predisposed to make a joke of the problems that are
largely beyond our control (ie government, corporations and the failure
of our "democracy" to have any power to restrain them). But with debian
I have powerful tools to protect myself and I would like to have some
sense that those tools are built with some significant safeguards rather
than everyone just assuming it is too hard to hack or such hacking could
easily be detected. I hope the developers have given these issues a lot
of thought. It is a sad day when security through obscurity is a main
argument on a debian mailling list.

Maybe I should have asked on a dev list, but that is something I don't
do because DMs and DDs have more important things to do than instruct
random people on details of their work. The reason I asked here is
because the searches I did on debian and debian related sites didn't
bring up much relevant info.

Reply to:

Follow-Ups:
- Re: wacky question
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

References:
- wacky question
  - From: Greg <greg451@att.net>
- Re: wacky question
  - From: Alan Ianson <agianson@gmail.com>
- Re: wacky question
  - From: Greg <greg451@att.net>
- Re: wacky question
  - From: John Hasler <jhasler@newsguy.com>
- Re: wacky question
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

Prev by Date: Re: PHP code won't run
Next by Date: Re: wacky question
Previous by thread: Re: wacky question
Next by thread: Re: wacky question
Index(es):
- Date
- Thread