Off-topic Question for my friends here

[rgleason]

I would like to keep this as factual as possible, please no extraneous comments, or I'll get this thread removed (I promise it will be very quick).

With changes at FCC should we all be considering use of
OpenPGP? (no, not our favorite, but something else that has been around awhile)

Has anyone used this software and does it do the job of protecting our privacy? I'd like to get a sense of how many use it and what is your experience? Does it take a high level of technical skill to setup?

Is it easily setup on Win, Mac, Android, iphone, etc. Should we all be using it in any case?

A less important question is how it works, but I would be interested.

Thanks very much
Rick

[rgleason]

There is also openVPN.

[Mirage35]

With those changes AND the risks associated with logging in at your local coffee shop AND somebody within WiFi range of my house who is trying to hack my wireless devices ...

Yes, we should be considering it.

Supplementary: should we (as Active Captain did recently) also be actively trying to get people off unsecure email services? I have recently received new contact info from two people, on of whom I met on CF, who are still using Yahoo email! Maybe further OT but I had to bring it up.

[Lake-Effect]

Quote:

Originally Posted by rgleason

I would like to keep this as factual as possible, please no extraneous comments, or I'll get this thread removed (I promise it will be very quick).

With changes at FCC should we all be considering use of
OpenPGP? (no, not our favorite, but something else that has been around awhile)

Has anyone used this software and does it do the job of protecting our privacy? I'd like to get a sense of how many use it and what is your experience? Does it take a high level of technical skill to setup?

Is it easily setup on Win, Mac, Android, iphone, etc. Should we all be using it in any case?

A less important question is how it works, but I would be interested.

Thanks very much
Rick

This is an interesting read, and has some other related links in it.

A few observations:

- at the airport, Homeland Security check devices and are able to ask to view social media accounts. I've heard that not having a device, and/or not having social media accounts are sometimes red flags. I wonder if CF counts...

- since the majority of our email is not encrypted, encryption itself can stand out when present.

- the commonly available encryption is enough to thwart most common interception... but the government isn't exactly common. Just ask Apple. In the UK, they're closer to demanding backdoors into all consumer apps.

- Congress just Ok'd the use and sale of your browsing history by ISPs, which is information that can be more personal and revealing than email. Encryption won't fix that; a VPN may... but again it's a red flag. Also, with the current flood of Android/Kodi set-top TV boxes that access illegal streaming sources, I expect enforcement to soon take more interest in VPNs or anonymisers, which are currently the only way to disguise your browsing/streaming.

I have PGP somewhere but never used it really. I recommend a good password manager, like Lastpass or KeePass.

For myself... I take comfort in the herd. I live a pretty average, banal existence, that I reveal in average, banal emails. I expect my average, banal commercial transactions to be protected by the usual means (strong password, SSL), I encrypt the occasional file to my accountant... and my personal communications could put the most gung-ho government agent to sleep in minutes. Too old for pr0n and torrents, too lazy for real activism. Nothing to see here.

[rgleason]

Thanks guys. All good thoughts/actions/points. There is the coffee shop- boatyard - marina wifi loggin to financial that concerns many. How would one of the vpn services help or openpgp or openvpn to create a tunnel?

[barnakiel]

There are two answers I have and they may seem contradictory. The point is they are not.

Answer A: We actually want less privacy. This is the times we are living in. Since we failed to eliminate problems at the local level, governments may need the power to act effectively at global levels. This take calls for NO encryption on our comms and on suspicion towards people who do and who encrypt their hard drives.

Answer B: We do not care about public safety and simply concentrate on our fears that tell us there is anything very special in our otherwise plain daily comms. This take call for encrypting mails, drives, using nick names (ha! Barnakiel, got ya!), etc. Selfish, shortsighted and not effective (because any encryption can be easily opened by guys with the right tools). And they have them.

The long of it we would be trying to address locally a global problem. So NO, no encryption, solve the problem at FCC level because this is where the problem is. Or should I carry both mine and then also FCC cross?

Love,
b.

[Scot McPherson]

Barnakiel,
A: if it wasn't so valuable, then why did it need to go to congress to sell it? Apparently its valuable enough to bring it to congress.


Who would want it other than our government? Bad guys...lots of them, working way harder to get my stuff than the government is...What's so valuable? My financial data, things the bad guy can use to destroy my life by creating ludicrous debt in my name.


Do I have anything to hide from uncle sam? No, I work for uncle sam and am investigated regularly as a result, but giving up my data privacy to the world at large is not one of the conditions and is not a reasonable assumption.


B: This is also not entirely true....If you chose bad encryption and set poor passcodes, yes...I can crack your password in seconds. If you pick a good encryption and use a proper passcode, it will take several years with even the most power cloud of computer to crack it. Its a matter of scaling math....each character in your password is 67 different choices, and passwords up to 256 characters in length...well the combinations are insurmountable. Doesn't matter how fast your computers are. A computer can't even count that high in less than years let alone crack a passcode.




and this argument is just like guns...take it away from the law abiding citizens and the only one left who have them are the bad guys.


What you propose, sounds to me awefully dystopian...and you can say well its for the good of our safety, but that's how it always starts.


Benjamin Franklin, "A man who gives up his liberty in the name of security deserves neither."

[Alan Mighty]

Quote:

Originally Posted by rgleason

There is also openVPN.

Andy, from TorrentFreak (a specialist media source), has reported a big rise in the number people using Google search seeking information on VPNs following those votes in Congress to repeal privacy rules.


See: https://torrentfreak.com/vpn-searche...-rules-170329/

[barnakiel]

Quote:

Originally Posted by Scot McPherson

(...)

Who would want it other than our government? Bad guys...lots of them, working way harder to get my stuff than the government is...What's so valuable? My financial data, things the bad guy can use to destroy my life by creating ludicrous debt in my name.

(...)

If you chose bad encryption and set poor passcodes, yes...I can crack your password in seconds. If you pick a good encryption and use a proper passcode, it will take several years with even the most power cloud of computer to crack it.

(...)

I am sorry that you a millionaire. Perhaps investigate at your bank on proper web security / Internet banking measures. If they do not provide security method X, you cannot use it communicating towards the bank from you local machine. Your money is only as safe as you bank's IT specialists are smart.

You assume anybody has to crack any codes. How about people acting simply getting your code. They just use your code and read your data. That simple. You do not refuse your codes to an investigator at the federal level, can you? And if they are investigating you, clearly there is something suspicious about the way you act.

Wrong? Well then, change the FCC, not the www.

Please read the OP's query. He is asking about FCC reading your stuff. They are not after your financial data and they will get your codes in the legal procedure if they want them.

b.

[Scot McPherson]

Money in a bank is insured. I am not worried about the bank screwing up, I am more worried about identity theft.


Background Investigations are a regular part of being cleared. Don't make assumptive accusations please.


And no, I would not volunteer my passcodes without a warrant. I want proof that a blind justice thinks its necessary.


passcodes aren't just "gotten" casually, not sure where you are going with this, but there IS a reason why you are encouraged to change your passcode regularly, and that is just in case it's gone wild, and to ensure you stay ahead of the cryptoperiod of that cipher and the length of the password you chose.

[RidgeRunner]

If you want an interesting sailing connection to keep your "off-topic" question more "on-topic", check out this 2007 documentary about sailing the Bahamas in a old Pearson 30:

https://www.youtube.com/watch?v=2lwbHYOFD-4

This vagabond anarchist filmmaker eventually become the head of cyber security at Twitter, and wrote the popular encryption app Signal that has been much in the news as of late.

[Suijin]

It's my understanding that the recent FCC vote simply scuttled a regulation that had not yet been implemented.

Your ISP does not have access to your email content unless they actually manage your email. Google was pilloried for serving up ads based on the content of your emails, not sure if they still do that.

Using any PGP email encryption is a good idea, particularly for any sensitive information. A better approach is to not email sensitive information in the first place, if possible, since once something is digital and out of your control, it's out there, period.

Using a VPN is always a good idea, and it will prevent ISPs from tracking your browsing usage. It's also largely transparent and seamless to use, as opposed to PGP.

Bottom line is that the risks to your personal/identity information increase every day. If you're not proactively working to exercise caution and protect yourself with appropriate tools and habits the risk to your information will do nothing but grow.

[Lake-Effect]

Quote:

Originally Posted by Suijin

It's my understanding that the recent FCC vote simply scuttled a regulation that had not yet been implemented.

This is true, but til now ISPs hadn't really implemented such harvesting and selling of their traffic data because of the impending regulations. Now... with the prospect of 3+ years of use of your traffic data... they have a reason to do so.

As mentioned, only a VPN can hide your traffic from your ISP... but the commercial VPN companies also have the ability to monitor your traffic, and they may choose to mine it cos technically they're also an ISP.

This link is from one VPN supplier, so they're not unbiased, but it does contain some more info about what a VPN can/can't do.

[Suijin]

Quote:

Originally Posted by RidgeRunner

If you want an interesting sailing connection to keep your "off-topic" question more "on-topic", check out this 2007 documentary about sailing the Bahamas in a old Pearson 30:

Best line: "Keep the rig up and the water out; everything else is just a convenience." Priceless.

[rgleason]

Thanks to the Senate, ISPs can now continue doing these things as much as they want, and it will probably be years before we can do anything to stop them.

1. Sell your browsing history to basically any corporation or government that wants to buy it
2. Hijack your searches and share them with third parties
3. Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
4. Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
5. Pre-install software on phones that will monitor all traffic — even HTTPS traffic — before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.

This is for friends who may be paranoid, ...and may not be!

https://medium.freecodecamp.com/tor-...y-1a593f2104c3

https://thatoneprivacysite.net/vpn-comparison-chart/

How painful is this going to get?

NSA Will put you on a list if you get a VPN.
https://www.wired.com/2014/07/nsa-ta...vacy-services/