Five volunteers needed (EU .... Are you sure that this is really advantageous?

Stefan Claas sac at 300baud.de
Wed Oct 7 14:33:04 CEST 2020 

Mark Fernandes wrote:
 
[...]

Hello Mark,

> Hello Stefan. I'm not saying hard-working, honest postmen would do this,
> but not all postmen are necessarily hard-working and honest. How difficult
> is it to steam-open an envelope, take a photo of the contents with your
> smartphone, send it abroad, and then reseal the envelope? And that's just
> the obvious form of corruption... My father lived through a revolution in
> the country of his birth, and ended-up leaving the country. The people who
> caused the revolution likely didn't all of a sudden organise; probably
> through clandestine, and partly corrupt practices, they organised and
> planned their attacks. Believing that the postal systems are definitely
> secure just seems unwarranted.

Yes, understand, but people who are sending (encrypted) sensitive things with
postal mail can also use security envelopes, which does not let light shine
through, can use covers for NFC tags and additionally tamper evident bags so
that a bribed postman could not photograph the content of the letter.

This is all available for purchase online. 
 
> I tend to think (perhaps you might say wrongly), that the internet
> represents a more secure form of communication, partly because of its
> history of origin and development being based in the US military.

I like to say it this way, when the ARPANET and later the relatively small
Internet, compared to other global networks came up people did not rely on
encryption and their communications were somewhat more secure, because of
how OSs for the computers and the used software was designed, compared with
nowadays hardware / software components.
 
> Concerning the roots of email providers, I was under the belief that often
> internet services were encrypted such that employees of a provider
> basically couldn't see user assets in unencrypted form. I would be
> surprised if Google employees could read my emails without somehow getting
> the password from me. I know email isn't necessarily secure, but so far as
> employees and company resources at the provider's end, I don't think they
> can do much really. Extra efforts would have to be made to intercept
> unencrypted traffic. If I just sent a GMAIL email to another GMAIL address,
> because such emails are not at all sent unencrypted (as far as I know), it
> would be impossible to read the email unless they somehow hacked my user
> environment, eg. if they did something like capturing my password using
> hidden cameras in my room. Perhaps I'm wrong?

Well, first of all, we should ask ourselves why in the world do people get
so many many services on the Internet for *free* ...? I think it has to do
with the U.S. Supremacy & Leadership role. Normally when you or me would
start a business you would need a lot of money, then secure your business,
and finally charge users, so that you can make an income for you and your
employees and cover the monthly network traffic/hardware/maintenance costs.

Regarding Google Mail etc. These services are run on multi-user systems
and people with super-user privileges, which a root user assigned to them,
can control the whole system and does not need your encrypted and salted
password to access your account. However, your email is encrypted in transient
when it leaves the servers or arrives at servers. Modern and privacy oriented
email services like Tutanota or ProtonMail do not allow this, because their
servers encrypt you email, while it rests on the servers. Hence probably
why these modern services receive often heavily DDOS attacks...

What a lot of people probably don't know, when we had global (and local) Online
Services decades ago, like CompuServe, AOL etc, where you could also chat, write
email and had forums. users have *been charged monthly* for using these Online
Services, besides, the access points they used! And these business were successful
and had millions of users.

Later when Al Gore 'invented' the Internet all these cool and good Networks,
Online Services etc. disappeared.

In case you have access to a good library, with computer books, or can get
old computer books from sellers, I highly recommend the book "The Matrix",
from John S. Quarterman. The Book is from the late 80's and shows people
that we had plenty of global computer networks and which are all no longer
exists.
 
> I'm definitely not saying that the postal system can't be used. But I'm
> just saying that perhaps it doesn't represent more than a little more
> security than certain digital forms of communication. The good thing about
> cryptography algorithms, is that you can study the mathematics behind them,
> and convince yourself that they work. Whereas with the postal system, it's
> more based simply on reputation and the word of other people. The
> algorithms can be verified by users, but the same doesn't seem much true
> with the postal system.

Correct, but my idea is based on that people can use the postal system with
encryption too.
 
> Your idea though, of using both digital comms and the postal system
> together, is probably a good one, but just not sure you have the right form
> yet.

Well, I think, in 2020 and ongoing it is a good and valid option and let's
see how this will pan out, i.e. hearing later politicians and LEA saying the
same thing what they say about encryption on the Internet ... Once this will
happen than we see that they need, for what ever reason, full control of
peoples digital content.

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

More information about the Gnupg-users mailing list