[ExI] hacked email

BillK pharos at gmail.com
Sat Nov 29 09:59:53 UTC 2014

On Fri, Nov 28, 2014 at 8:45 AM, Anders Sandberg wrote:
> The problem with most schemes discussed here are, as Adrian pointed out,
> that anything that is inconvenient to use will get quickly abandoned - this
> is why PGP is not ubiquitous, despite having been around for 20 years.
> Developing a few healthy computer security habits is a good life skill for
> anyone, but unless you feel actively threatened they will not be
> far-reaching. Which is why getting a disruptive group member is usually a
> nasty surprise and too late to set up anything clever.
> A system for authenticating that I am who I am is likely best done using
> encrypted signatures (the math is good) rather than attempts at hiding
> simple pieces of information in the messages, since the eavesdropping Eve
> will likely learn about it while listening to Alice and Bob. Signatures
> likely require proper public key crypto to actually work; I have not seen
> any non-PKI system that allows outsiders to verify my signature.

Agreed. But as I understand Spike's description of the problem, key
verification and encryption would not solve his problem. His group has
a 'user' problem. The troublesome user was given full access to
another user's machine and used that machine to send false messages.
The only way to solve that problem is to stop the false user having
access to the original user's machine.

In other news, Whatsapp has implemented end-to-end encryption for
messaging using Android smartphones. Identity key verification is in
progress and will soon be included. This application is invisible to
the user, which is what encryption needs to become widely used.

Note that this is total encryption. Unlike most email systems,
(Google, Yahoo, etc.), Whatsapp itself cannot decrypt the messages,
even when ordered to by government. Snowden approves!  ;)



More information about the extropy-chat mailing list