On 08/06/2015 11:22 AM, Bob Bernstein wrote:
On Thu, 6 Aug 2015, Jape Person wrote:I could jump through all the hoops I wanted to, but using my ISP-provided e-mail account (even with encrypted contents and directed through a VPN) for communications with people at risk would be laughable.How much of that particular POV, expressed in the above-cited paragraph, did you adopt only AFTER the Lavabit experience?
Just about none of it. I've been involved in sensitive political communications since the 60s. We didn't trust regular mail then, and we don't trust "regular" Internet now. We used "poor man's encryption" (messages compressed in encrypted archives with special arrangements for figuring out the passwords) in the Fido-NET days. Actually the gimmicks used to get around physical mail services were far more torturous than anything I use now.
Using encrypted contents on an e-mail server that doesn't keep the messages after delivery which is hosted by the VPN provider or by a third trusted party who doesn't log IP addresses begins to improve the safety of the communicators.Again, I am struck by how much of this advice (and it's good advice, _if_ you can find such a server) seems to point directly back to Lavabit and its fate.
I think that a great many people who were burned were well-aware of the dangers of trusting a single source for security. The more cautious people didn't do that if they had the knowledge and means to avoid it. I know that among those burned were some solid citizens of the planet and also some folks you wouldn't want hanging around the local school yard in a white van.
The more cautious people these days use multiple VPN hops with hosted virtual machines created and run on-demand in volatile memory to create and send messages. Job done, machine eradicated. Each VPN and VM located in a different country -- preferably none of these countries bing particularly close allies. It's easy enough to do from where I live, but hard to learn about and do from many locations.
In any case, I don't think most of us are fooled into thinking that it's safe to cross Big Brother (or Big Business). The weak point is often at one end or another of the communications chain. Moles in the activist communities have always been a huge problem. But, nothing risked, nothing gained.
The primary safeguards that help when communications are compromised are to compartmentalize activities until it makes you bleed, vary your communications styles over extreme ranges, and make use of plausible deniability (a tactic actually made easier sometimes by deliberate use of insecure methods).
But I can tell ya this: if they want my lotion 'n tissues they'll have to pry them out of my cold dead hands!
Ugh, now there's a mental image! I may have to go pour Drain-O on my brain.Brings up another point. I've always wondered how the sticky fingers crowd could manage all the key-presses necessary for arranging proper security.
Jape