SAN FRANCISCO — Microsoft Corp. worked closely with U.S. intelligence services to help them intercept users' communications, including letting the National Security Agency circumvent e-mail encryption, the Guardian reported Thursday.
You can't "allow encryption to be circumvented". What that really means is that Microsoft either intentionally put back doors in their encryption scheme, or intentionally created default keys for decryption that they then kept for themselves (then shared them with the government), etc. This is Microsoft
intentionally leaving themselves a way into your supposedly private data, no matter how they try to spin it. This is not someone discovering a flaw in an encryption algorithm and then exploiting it. This is intentional.
I'm sure Microsoft is not the only big-player doing this. And it illustrates why you should never trust any "black box" encryption and take the vendors word for it that it is secure. You need to use open source encryption software. "Open source" allows anybody to read the source code and compile the code themselves to verify it truly is secure. While most here would not have the expertise to review encryption code, you can bet that other more advanced computer users are doing exactly that. So use what they use, and have reviewed. Which is open source encryption.
Basically, if you have to pay for what you're using for encryption, then it should be considered suspect and you should do your due diligence in researching it before using it. And if the encryption "came for free with the product", as this Microsoft offering no doubt did - red flag!
Previous Topic
Index
