[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, Jun 26, 2013 at 9:03 AM, Kai Hendry wrote: > Well as you know email traffic isn't encrypted. There seems to be > backdoors even every major provider, so if they wanted to see all your > email at sweetwatergeek@xxxxxxxxx they could. Yes. The NSA can, because they have a backdoor at Google. GCHQ taps everything that leaves or enters the country at Bude. That doesn't help read what I send to a fellow Gmail user. Of course they get a partial picture - if I send an email to a users who uses a mail server based in the UK, it's out there for GCHQ to read - and perhaps I underestimate the 'usefulness' of this partial picture. (And they do of course have access to whatever the NSA provides them with.) > As for SSL, people have speculated that the root keys with Verisign > and co. is an obvious flaw amongst others. > http://revk.www.me.uk/2013/06/can-they-see-what-i-am-doing.html?showComment=1372017775406#c3038302101798240152 Yes, root keys at CAs introduce a single-point-of-failure. It means the NSA could create their own certificate for gmail.com and have all out traffic go through their servers. 99.999% of people wouldn't notice, because their browsers wouldn't complain about anything. (Actually, in Gmail's case Chrome might.) But that 0.001% that does notice is large enough to make a huge fuss. So I'm pretty sure they're not doing this. > Don't want to get too bogged down in the technological details, as I > think that's not where the solution lies. Surely telling our > government to stop watching us is far more prude? Ideally yes. In practise, even in the best of cases it would take some time for such a thing to get through and then you'd only have to believe them not to do this. And to be honest, I don't think we are likely to achieve this at the moment: it doesn't seem to be high on the political agenda, and if it was, we'd still have to hope it were on that of the US Congress too. So I think knowledge of technological details matters, as it helps us find ways to defend ourselves against surveillance. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq