>Eric quotes someone:
>>At a minimum, I would use encryption techniques on *every* anonymous or
>>pseudonymous message. I've seen postings using PGP and other public key
>>schemes; that's a step in the right direction. Plaintext *cannot* be
>>considered secure or confidential in today's network environment; no
>>'alias server' or third-party email forwarding can provide the level of
>>privacy/confidentiality you want.
Eric responds:
> What does PGP do for you? What you want to hide is the identity of the
> sender - username, hostname, full name. The header isn't going to be
> encrypted. PGP buys you nothing. Plus, I wouldn't entrust my safety to an
> algorithm such as PGP or RSA.
If the contents of a message cannot be determined to be controversial,
what difference does it make if everyone knows who sent it? A plot to
hijack an aircraft carrier could be freely discussed on a list for
homemakers baking for state fair competitions.
If only criminals, revolutionaries and terrorists were using
encryption, major code breaking technology could be marshalled to
intercept and read all encrypted traffic.
On the other hand, if encryption became widespread--remember, it's
just software that could be quite invisible to the user--then code
breaking efforts would be used only when other reasons exist to
suspect something illegal.
Why couldn't a user wanting privacy encrypt his posts, send them by
modem to a remote service offering anonymous posting, and post the
encrypted traffic anonymously from there? If the owner of the
anonymous posting service kept his records encrypted, how would anyone
find out who the original author was?
Years ago in one of the first issues of OMNI I read an article on the
effect that computers would have on privacy. At the time it was
commonplace to do a lot of handwringing about the supposed loss of
privacy that would be effected by the new computer technology.
The article was written by a couple of mathematicians who claimed that
computers would make encryption so easy that codes could be generated
that would be EFFECTIVELY unbreakable, not PERFECTLY unbreakable, but
requiring so much CPU time to decode that no one would bother.
I spent several years working as a locksmith. There are no locks or
security systems that cannot be defeated. But there are many that
make it easier to go elsewhere to break in. As locks and alarms
become more sophisticated, so do thieves. But the reverse is also
true. Wouldn't it be that way with encryption?
It seems to me that with encryption, practical privacy can be achieved
even though absolute privacy will remain forever beyond our reach.
Eric is right, encryption would fail to solve the problem of the
unencrypted header. On the other hand, if the message is encrypted,
how does a snoop know whether it contains anything worth following up?
He could ferret out a poster that is merely sending a Christmas letter
to his mother. Why bother?
-------- All my opinions are tentative pending further data. --------
-------------- John W. Redelfs, [log in to unmask] --------------
|