Encryption on Mailing lists sensless?

Garreau, Alexandre galex-713 at galex-713.eu
Mon Nov 17 22:58:34 CET 2014


On 2014-11-17 at 18:02, Robert J. Hansen wrote:
>> But sorry, I disagree a little bit. If we want literally to jam the
>> secret service's attempts to decrypt mails, then it makes sense to use
>> encryption for every single mail, private, business, nonsense and spam....
>
> This would have the ultimate effect of destroying email as a
> platform. Email works as well as it does -- as well as fails so
> miserably in other ways -- largely *because* it's open to inspection.

Because today it works the way it works is not a reason to let it work
that way forever whatever is context.

> As an example, pervasive end-to-end encryption would require antispam
> defenses to move to the client rather than being deployed at the
> mailserver or relay.  This would essentially be tantamount to giving
> up, since there are no really effective client-side antispam measures.

Internet is fundamentally superior to all other technic networks
invented by mankind for this reason: moving intelligence to periphery,
make work client-side, make things horizontal, decentralized everything,
giving control on everything to everybody locally, making everybody able
to do anything wathever others do. That’s what distinguish Internet from
what existed in France before Internet : the minitel.

The minitel is a dumb terminal only able to connect via phone-lines to a
server, send input to server and display what server send back. It were
popular when computers where too much expensive and nobody could have
one.

In the free software and decentralized/secure internet movement in
France, we generally use the term “Minitel 2.0” to humorously speak
about (and mock) GAFA and all ultra-centralized services where quite
everything tends to be made server-side, where the client is just a dumb
terminal controlling nothing and delegating everything to the
server. Where the server can do anything.

rms also denounced SaaSS as worse evil than proprietary software, and
that’s true. Because with just proprietary software you can still cut
the Internet (or even just its access to it), and even do
reverse-engineering. With SaaSS, URSS and 1984 seem a happy pink poney
world.

The fact is that doing everything client-side, you can adapt everything
even better than Google would do, because *you* control it. You could
use spamassasin-like rules based on naive bayes filtering, and choose
yourself what you identify as a spam, then choose to make a message more
visible or not according its probability to be it. Then you could even
make more category than just “vacation/viagra/enlarge-penises-like
spam”, you could try to do the same thing about insulting messages,
(death/rape)menaces messages, racist, sexist, homophobic, transphobic
nationalist, classists messages (all containing some interesting common
patterns, and it could even be useful on some mailing-lists, more
practical than just banning people, could just prevent people to read
messages that they could consider psychologically hurtful to them, while
letting other trying to deal with some people’s annoying ideas). If that
can work, you could even share score lists in a F2F manner, and ponder
that according bonds, and then secure everything with cryptographic
signature, and identify people with DHTs, etc. etc.

Decentralizing you can do quite everything, and very very very very
interesting things. Then with just complex maths, moderns DHT, etc. you
can achieve quite spectacular things, avoiding issues like “Facebook has
a considerable part of mankind population subscribed, is able to
statistically determine if someone is homosexual even without him/her
knowing it, and activally collaborate with especially intolerant
authoritarian governments or agencies, especially if payed well” (yellow
star seems pointless in front of that).

Give a look to what GNUnet tries to do.

> Similarly, it would assist in the spread of malware and viruses and
> for the same reasons.  If a mailserver can't inspect the email, it
> can't recognize malware and quarantine it for the health of the
> internet.

Malware and viruses is the problem of client, only client, always
client. If we have to make a less freedom-compatible internet because of
client not doing its job, there’s a problem. As far as I know that
especially regards proprietary systems.

> Etc., etc.  I am fanatically in favor of people's right to protect the
> privacy of their communications, but there's a flipside to it: we also
> need to be responsible and prudent with how we do it.  Simple, naive
> solutions like "encrypt everything!" aren't a fix: at best, they'll
> trade our current set of problems for a new set of problems which
> we'll have even less knowledge of how to handle.

So instead of trying to make nice authorities known for their
authoritarian interests and with a creepy background, you’ll try to just
invent, and most of time just implement, new algorithms… One of these
solutions seems more realist to me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20141117/5f403f16/attachment.sig>


More information about the Gnupg-users mailing list