GnuPG cryptographic defaults on the 2.2 branch [was: Re: [Announce] GnuPG 2.2.1 released]

[Ben McGinnes]

On Thu, Sep 21, 2017 at 04:40:17PM +0000, Ineiev wrote:
> On Thu, Sep 21, 2017 at 11:32:11AM -0400, Daniel Kahn Gillmor wrote:
>> I'd prefer to not be attacked at all -- if i were able to choose. :)
>> 
>> Do you think we should avoid the use of cryptography entirely, so that
>> network-based adversaries can monitor us from a distance without getting
>> too close?  Your adversary being able to secretly attack your data from
>> a distance without touching you doesn't somehow protect you from being
>> attacked "IRL" in the long run.
> 
> There are adversaries and adversaries.

And then there's my adversary.org.

C'mon, I so rarely get to play on that line or similar.

> I met people who were happy with adversaries like their government
> reading all their data, but not with adversaries like their ISP
> logging the sites they accessed (and vice versa).

I can understand that and that most are probably more concerned about
what might fall in between.

Take my situation, I know the biggest technical threat is one of or
more of the alphabet agencies.  I also know that messages of mine will
be in the bank of collected encrypted communications the NSA collects
just for practice.  I know my name will have popper up in regards to a
few things (probably beginning with those PGP signed emails to their
own SELinux mailing list back when it launched).

OTOH, everything I do that they would or do object to is both entirely
public anyway and also an insignificant speck of civil disobedience
compared to what they're actually stalking the world after on any
given turning of the globe.

There's much greater potential threat locally, some with the trappings
of an office or position and some without.  As long as I don't do
something more than a little stupid, then my files and messages are
quite save; leaving the principal concerns to gregulatory, physical,
medical and other points of corruption ... or as they prefer to put
it, governmental oversight.

I imagine many people have similar sorts of situations.  The potential
threat which seems more intellectual and detached, by comparison to
some thing or a number of things closer to home and which instil a
more visceral reaction.

Very few in this worls are in the position where the greatest
technical threat also poses the most visceral intended threat.  Most
of those in that position are actively hunted so viggorously that they
either fall, or their health deterorates from the stress.  I believe
currently there would arguably be only one exception to that: Edward
Snowden.  Most of the rest of us aren't anywhere near that position,
in spite of the interesting intersectional points we may skate
through.

>> In many cases, surveillance and privacy violations are the first step
>> toward other negative consequences to the surveilled party, up to and
>> including physical attacks against your person.
> 
> In that context, it becomes a matter of beliefs.

That depends on how you measure beliefs I guess.  My government
already has mandatory data retention in play (all of which I
circumvent, there's a reason my MX is in Germany).  Now they're
already planning on taking that much further with electronic health
records containing everything, no matter how sensitive, in a system
which they reduced the security of to make it work with mobile phones
and have a history of not protectingMedicare records.

Necause how could that possibly end badly as long as you have total
faith in the Goodness™ of those in charge?  Oh, right, that's got
total disaster written all over it from the outset.  Without even
taking into accountb departmental reports referring to the patient
data of everyone in the country as a commercial asset, as well as
referring to patient surveillance (by which they did *not* mean they
were content to wait)..

>> Keeping your data cryptographically protected, whether at rest or in
>> motion, is a way to defend yourself from physical attack, not to
>> encourage it.
> 
> IMVHO it depends.

Yes, but more often than not there will be greater benefit to leaving
things encrypted than in not doing so.  I'll grant that it's still a
bit subjective, but I suspect we'd find the same inclination reflected
across most people lurking around these projects (i.e. beyond just
developers).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: </pipermail/attachments/20170922/e08b6e30/attachment.sig>