Five volunteers needed (EU .... Are you sure that this is really advantageous?

[Ángel]

On 2020-10-06 at 12:34 +0200, Stefan Claas wrote:
> Mark Fernandes wrote:
> 
> Hello Mark,
>  
> [...]
> 
> > Hello Stefan. Forgive my ignorance, but I'm failing to see the
> > significant
> > benefit of such a method. Is what you are proposing similar to
> > sending an
> > encrypted message on CD via the post, that the recipient then gets
> > decrypted using the public key published on the internet?
> 
> Yes, it is the same procedure, except that I used postcards.


>  
> > I don't consider postal systems, even those in the EU, to be
> > generally secure or at least verifiable as being secure. Actually
> > worked for a Christmas stint at Royal Mail, helping out with the
> > extra mail --didn't convince me that mail was much secured. Postmen
> > can be blackmailed, bribed, or succumb to other methods of attack.
> > What's stopping someone working in the postal system from simply
> > corruptly sending data to outside the EU?
> 
> I strongly doubt that *hard working* postmen will do this, because
> sooner or later this will be detected and investigated and it would
> cost postmen IMHO valuable time (which they probably don't have) to
> copy and send my mail to 3rd parties outside the EU. IIRC, postal
> services scan mail for the addresses, for automatic sorting machines,
> but I have never read that they also scan letter content within a
> letter or from postcards, which would violate the confidentiality of
> letters, guaranteed by laws, in Germany and elsewhere.
> 
> And if you think, or someone else thinks that *hard working* postmen
> could be not trusted, how about all the roots working at email
> providers? I am more concerned nowadays (remember Edward Snowden
> handling over electronic documents from his employer to third
> parties) that people (maybe part-time or intern etc.) can handle over
> such data to 3rd parties outside the EU, much much easier and without
> been detected.


First of all, postcards are fine for a proof of concept. They are more
'fun' to send and receive. However, for a serious encrypted
conversation Alice and Bob should use enveloped mail.
Using a postcard you have pretty much weakened the letter
confidentiality, imho.

And if rather than writing text you are sending some electronics, a QR,
etc. you will be attracting even more attention ("Hey, John, see this
weird postcard that is being sent").

The real contents themselves are encrypted, but they would typically
want to blend with other messages, not to stand out. The NFC tags are
out of the way, since they can easily be found amidst all the mail.

A more subtle approach would be to have their armored pgp message with
spaces inserted, then sent inside an envelope, so that even if looked
against the light it seemed like filled with "normal word".


To consider postmen harder to bribe seems naive. Plus, there are many
hardworking sysadmins that would be offended by your words.
If you want to compare postal mail and electronic mail, you should
focus on the benefits of each medium.
For example, a letter sent to its final destination but not yet
received could be read by the admin of the email mailbox. A postman
could not "recall" the letter from your mailbox to read it after it has
been delivered (or, if it is possible to extract a delivered letter
from your mailbox, that's possible not only for your postman but also
for your neighbours).
Once you pick your physical mail, it's no longer in the mailbox.
Nowadays, most people keep a copy of their emails stored on their
providers' mailbox.


Most postmen will never open your mail to read it, nor will they
maliciously hand it over to a third party. However, if you were framed.
Maybe you were considered a person of interest by a Government, or a
competitor wanted to spy your mail (even though it'd be illegal), that
would not be complex.
If they managed to bribe the postman that delivers your mail would
simply keep mail directed to you on their bag. Then they would hand it
out to to their spymaster (or process it themselves on reaching home),
and actually deliver it the next day.¹
That would require them some effort. But whoever is paying the bribe
should offer one that compensates for that.

Remember that while you may encrypt and sign the message to ensure
confidentiality and integrity, the postmen control the medium, and thus
availabilty.


You might want to send a canary token encoded ina QR and see if anyone
triggers that. Postmen is not expected and should not scan or read it,
just as the NSA is full of professional people that should not peek
into content unrelated to their assigned work, yet might end up sharing
your nude photos with their colleagues.²
(using a QR would have the interesting issue that I think some postal
systems do use a QR internally to encode the addressing, so could a
user-level message QR be confused -and thus scanned- with a transport-
level QR?)

As a coded letter is likely to bring attention to it (few people if any
send encrypted messages that way), they would ideally hide it into
something less conspicuous. They could use invisible ink over a normal-
looking text or, a pretty clever way to sneak your QR would be to
provide an ad of he products from a company, with the real data hidden
on different QR attached to the magazine.


¹ A postcard would be even simpler, just the time of taking a
smartphone picture and send to their contact.
² https://www.huffpost.com/entry/nsa-nude-photos_n_5597472

Best