Five volunteers needed (EU .... Are you sure that this is really advantageous?

Wed Oct 7 10:26:15 CEST 2020

>
> Date: Tue, 6 Oct 2020 12:34:43 +0200
> From: Stefan Claas <sac at 300baud.de>
> To: Mark Fernandes <m.fernandes.business at gmail.com>,
>         gnupg-users at gnupg.org
> Subject: Re: Five volunteers needed (EU .... Are you sure that this is
>         really advantageous?
> Message-ID: <20201006113425.00007f72 at 300baud.de>
> Content-Type: text/plain; charset=US-ASCII
>
> ...

I strongly doubt that *hard working* postmen will do this, because sooner or
> later this will be detected and investigated and it would cost postmen IMHO
> valuable time (which they probably don't have) to copy and send my mail to
> 3rd parties outside the EU. IIRC, postal services scan mail for the
> addresses,
> for automatic sorting machines, but I have never read that they also scan
> letter content within a letter or from postcards, which would violate
> the confidentiality of letters, guaranteed by laws, in Germany and
> elsewhere.
>
> And if you think, or someone else thinks that *hard working* postmen could
> be not trusted, how about all the roots working at email providers? I am
> more concerned nowadays (remember Edward Snowden handling over electronic
> documents from his employer to third parties) that people (maybe part-time
> or intern etc.) can handle over such data to 3rd parties outside the EU,
> much much easier and without been detected.
>
>
Hello Stefan. I'm not saying hard-working, honest postmen would do this,
but not all postmen are necessarily hard-working and honest. How difficult
is it to steam-open an envelope, take a photo of the contents with your
smartphone, send it abroad, and then reseal the envelope? And that's just
the obvious form of corruption... My father lived through a revolution in
the country of his birth, and ended-up leaving the country. The people who
caused the revolution likely didn't all of a sudden organise; probably
through clandestine, and partly corrupt practices, they organised and
planned their attacks. Believing that the postal systems are definitely
secure just seems unwarranted.

I tend to think (perhaps you might say wrongly), that the internet
represents a more secure form of communication, partly because of its
history of origin and development being based in the US military.

Concerning the roots of email providers, I was under the belief that often
internet services were encrypted such that employees of a provider
basically couldn't see user assets in unencrypted form. I would be
surprised if Google employees could read my emails without somehow getting
the password from me. I know email isn't necessarily secure, but so far as
employees and company resources at the provider's end, I don't think they
can do much really. Extra efforts would have to be made to intercept
unencrypted traffic. If I just sent a GMAIL email to another GMAIL address,
because such emails are not at all sent unencrypted (as far as I know), it
would be impossible to read the email unless they somehow hacked my user
environment, eg. if they did something like capturing my password using
hidden cameras in my room. Perhaps I'm wrong?

I'm definitely not saying that the postal system can't be used. But I'm
just saying that perhaps it doesn't represent more than a little more
security than certain digital forms of communication. The good thing about
cryptography algorithms, is that you can study the mathematics behind them,
and convince yourself that they work. Whereas with the postal system, it's
more based simply on reputation and the word of other people. The
algorithms can be verified by users, but the same doesn't seem much true
with the postal system.

Your idea though, of using both digital comms and the postal system
together, is probably a good one, but just not sure you have the right form
yet.

Thanks,

Mark F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201007/002ffaf3/attachment.html>