Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 2 of 4 < 1 2 3 4 >
Topic Options
#261823 - 07/12/13 05:40 PM Re: Why you don't use large vendors computerencryption [Re: Am_Fear_Liath_Mor]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: Am_Fear_Liath_Mor
I already have PGP installed on Thunderbird.

One recent revelation is that a PGP-encrypted email red flags an email message, even if the NSA can't/doesn't bother trying to decrypt it. So, even if they do actually follow some procedure to ignore/delete certain info that it collects, a PGP encrypted message and its accompanying metadata will be retained "forever."

Top
#261824 - 07/12/13 05:53 PM Re: Why you don't use large vendors computerencryption [Re: Arney]
RNewcomb Offline
Member

Registered: 04/19/12
Posts: 170
Loc: Iowa
Originally Posted By: Arney
Originally Posted By: Am_Fear_Liath_Mor
I already have PGP installed on Thunderbird.

One recent revelation is that a PGP-encrypted email red flags an email message, even if the NSA can't/doesn't bother trying to decrypt it. So, even if they do actually follow some procedure to ignore/delete certain info that it collects, a PGP encrypted message and its accompanying metadata will be retained "forever."


And this points to the real problem with Encryption in general. Once someone has the encrypted document, it's just a matter of time before the technology becomes available to decipher it. The damage is likely still done if the document is deciphered today, a year from now, or even 10 years from now. Encryption, honestly, just makes it harder for someone to get the information. It doesn't make it impossible. One of the reasons I like Kerberos encryption, there's a (theoretical) life-span on it. And although it's useful for on-the-fly data transmissions, it's not useful for long term document storage.

Top
#261831 - 07/12/13 07:10 PM Re: Why you don't use large vendors computerencryption [Re: RNewcomb]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
Originally Posted By: RNewcomb
Once someone has the encrypted document, it's just a matter of time before the technology becomes available to decipher it ... Encryption, honestly, just makes it harder for someone to get the information. It doesn't make it impossible.

This is true. My reason for bringing this up is not to discuss some end-all perfect encryption that can never be broken. I'm sure the NSA can break your PGP or Truecrypt encrypted file if they put there resources to it.

The problem I am illustrating is that people without the determination and resources to truly break an encrypted file don't need to - they have backdoors that make it trivial to access your data. So if Microsoft can get in, a Microsoft employee can get in, the government can get in, a government employee can get in, and any of these could have their backdoor compromised by a hacker who then shows everyone how to get in.

In a nutshell, Don't trust people who intentionally put backdoors into their encryption.

Top
#261833 - 07/12/13 07:29 PM Re: Why you don't use large vendors computerencryption [Re: Jeanette_Isabelle]
James_Van_Artsdalen Offline
Addict

Registered: 09/13/07
Posts: 449
Loc: Texas
Originally Posted By: Jeanette_Isabelle
I use Mac and I followed Apple's security guidebook to make it more secure. Is there a reason for me to be concerned?

From a preparedness standpoint, no.

Guys, this thread of way off into political territory.

A better topic might be how to securely carry confidential data in a mass evacuation, i.e., if you evacuate from a fire to a shelter with a thousand of your closest "friends" how do you carry bank account #'s and passcodes for accessing money without a thief getting to that money too?

Top
#261835 - 07/12/13 07:47 PM Re: Why you don't use large vendors computerencryption [Re: James_Van_Artsdalen]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
Originally Posted By: James_Van_Artsdalen
Guys, this thread of way off into political territory.

Huh??? This thread is discussing exactly what I started it to discuss. Nobody has taken it "way off". It is not political. It is talking about intentional compromises to your private data. These compromises were brought to light in an article that mentioned NSA involvement, but that doesn't mean the overall topic of securing your privacy is political. And the thread was intentionally started in the "Around The Campfire" subforum where things besides strictly preparedness are allowed to be discussed without being called "off topic".

There have been many threads in the past on this same topic where people have asked about securing their personal data. It is of interest to many of us. And it does relate to preparedness, in that people desire to have their personal info available during emergencies, but still protected from general disclosure. Encryption is one way to accomplish that preparedness goal.

Top
#261841 - 07/13/13 12:18 AM Re: Why you don't use large vendors computerencryption [Re: haertig]
LesSnyder Offline
Pooh-Bah

Registered: 07/11/10
Posts: 1680
Loc: New Port Richey, Fla
AFLM... re: typewriters... if you find an Underwood with the type face re soldered so as to print vertical and not horizontal, grab it... it's useful to decrypt transposition ciphers....transposition ciphers are encrypted horizontally and extracted vertically according to a key sequence.... and it might even have an NSA inventory tag on it....

Top
#261842 - 07/13/13 01:29 AM Re: Why you don't use large vendors computerencryption [Re: haertig]
chaosmagnet Online   content
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
I've received messages from posters asking me to explain and/or revisit the decision to lock this thread.

Upon reflection I think locking the thread was an over-reaction. It is now unlocked.

Discussion of privacy issues and maintaining privacy is appropriate. Political commentary is not.


chaosmagnet


Edited by chaosmagnet (07/16/13 09:55 PM)
Edit Reason: I changed my mind

Top
#261888 - 07/16/13 10:00 PM Re: Why you don't use large vendors computerencryption [Re: haertig]
chaosmagnet Online   content
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Let me follow up by apologizing to anyone who was discouraged or upset when I locked the thread.

The posters who contacted me did me a service by doing so and being polite about it, and I do appreciate that.



chaosmagnet

Top
#261891 - 07/16/13 10:53 PM Re: Why you don't use large vendors computerencryption [Re: haertig]
ILBob Offline
Old Hand

Registered: 02/05/10
Posts: 776
Loc: Northern IL
I was not all that surprised by either the thread locking or the fact that my suspicions about some of these companies has come true.

They are all very badly need to stay in the good graces of the federal government and have very little reason to want to stick their necks out.

personally, since companies like IBM who have massive government software contracts took over the lion's share of the programming for the open source stuff, I am not convinced it is secure either.

Just because there is some means of vetting software does not mean anyone has actually done so. and it is so complex these days that it does not seem outside the realm of possibility that a well funded effort could sneak something in there.

I am also suspicious of all the motherboards made in China. What makes anyone think they are secure? What about all the firmware that runs just about every piece of electronic and computer related gear? its all made in China. is it even possible to vet that stuff?

_________________________
Warning - I am not an expert on anything having to do with this forum, but that won't stop me from saying what I think. smile

Bob

Top
#261893 - 07/17/13 01:38 AM Re: Why you don't use large vendors computerencryption [Re: haertig]
Lono Offline
Old Hand

Registered: 10/19/06
Posts: 1013
Loc: Pacific NW, USA
Can I say just one thing - all these Companies Big and Small are subject to US law, especially FISA for interception of data and communications. Its not a matter of a company being Big or Corruptible, its about companies being subject to the FISA law. When the Man comes with a court directive, you have attorneys review it, and if you must comply with it you will, under relevant (in this case FISA) law. That's FISA. It isn't an open invitation for corruption, pipelining all data to the NSA or another party, or disclosing wholesale customer data - where exactly is the profit in that??

Political commentary redacted

In an earlier incarnation I responded to court directives about kiddie porn suspects who hosted and transited data over our internet provider. Smaller job than the terrorist task demanded by FISA. It involved receiving the court directive, validating it as in effect, retrieving their data, and handing it over to law enforcement. A pretty trivial task. This simple process has messed me up for the past 15 years. You can't take back the horror and mind mess that kiddie porn purveyors let pass over their internet accounts. The stuff they traffic in gets captured by internet providers, which is how they get caught. It will mess you up.


Edited by chaosmagnet (07/17/13 03:31 AM)
Edit Reason: Inappropriate political commentary

Top
Page 2 of 4 < 1 2 3 4 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
March
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Who's Online
0 registered (), 324 Guests and 6 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
GallenR, Jeebo, NicholasMarshall, Yadav, BenFoakes
5367 Registered Users
Newest Posts
What did you do today to prepare?
by dougwalkabout
Yesterday at 11:21 PM
Zippo Butane Inserts
by dougwalkabout
Yesterday at 11:11 PM
Question about a "Backyard Mutitool"
by Ren
03/17/24 01:00 AM
Problem in my WhatsApp configuration
by Chisel
03/09/24 01:55 PM
New Madrid Seismic Zone
by Jeanette_Isabelle
03/04/24 02:44 PM
EDC Reduction
by EchoingLaugh
03/02/24 04:12 PM
Using a Compass Without a Map
by KenK
02/28/24 12:22 AM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.