On Vi, 19 mar 21, 00:54:08, deloptes wrote: > Stefan Monnier wrote: > > > I hear there's a lot of interesting discussions there about how to > > communicate safely, but sadly so far I haven't managed to configure my > > safe not-internet-connected machine to participate. > > do you think it is possible to have public & encrypted discussion, when we > do not know each other? It is pointless. > My point is that even if you use GPG on network computer, it is a risk that > you get compromised. > I don't remember if it was StaxNEt that was making screenshots of your > mobile display and sending them home for further analyses and this was may > be 10y ago. Today with the one and only iPhone and Android ... even with > encrypted whatever part. > > The best way is > 1. download the encrypted message (usb/SD or uSD) > 2. upload to isolated machine > 3. decrypt, read, answer, encrypt The message itself could be used to compromise the offline machine. > 4. upload encrypted message to the networked machine (usb/SD or uSD) > > Note: all keys on the isolated machine (especially the private keys) Good luck in doing public key cryptography without publishing the public key :) > This worked 30-40y ago, works also now (well back then it was a floppy > drive). > I am writing it, because people get lazy but in the same time wine about > privacy. On the battle field (or in the jungle) if you are lazy, you die. > It should be clear that even with the best security network it still may get > compromised. And if you are stupid, nothing can help you anyway :) In my (not so humble) opinion, this level of security could make sense for a disident in a totalitarian state, less so for regular users in democratic country. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature