security of gmail

Mike Kallies mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Dec 3 04:28:33 UTC 2009


On Wed, Dec 2, 2009 at 8:32 PM, G. Matthew Rice <matt-s/rLXaiAEBtBDgjK7y7TUQ at public.gmane.org> wrote:
...
> Don't rely on google to protect you from anything.
>
> Protect your IP address by using TOR or something like it:
>
>    http://www.torproject.org/
>
> And install the FireGPG add-on to gmail to encrypt everything you send.
>
> Then, make everyone encrypt the e-mail that they send you.
>
> I'll leave the last part for you to figure out...
>
> Let me know when you do.

The nice thing about gmail is that so many people use it that it
doesn't appear at all suspicious.  The downside is yeah, they've got a
presence in a lot of countries so they may *silently* comply with any
given local government's demands.

www.hushmail.com is Canadian with some foreign presence.  They've been
known to give data to the U.S. under court order, but if you're not
doing anything illegal, you should be okay.   See the Wikipedia
article http://en.wikipedia.org/wiki/Hushmail about the controversy.
A nice advantage to their system is that you can send mail securely to
a recipient who doesn't have a special client... although it still
confuses technoboobs.

BTW, I would not be surpised to see the TLUG mailing list on an
archive on the web.  Archives have existed in the past and may exist
again in the future.  So what you write here, as with anything on the
Internet, is suprisingly permanent, and can surface at any time.

You need to be careful with Tor.  Your data is unencrypted at the exit
node, so identifiable information must be kept to a minimum.  It's an
interesting project, but very subtle in how it can be best used.  Note
that the exit nodes can be government-run.  While that might worry you
about Russia, just think of how many Chinese end-nodes you must be
using :-)

If you're concerned about illegal activities under a suspicious
government, e.g, dissenting in Iran, you're stuck.  That's a hard
problem.  But if you're concerned about your government committing
illegal activities, like corporate espionage, I think depending on a
less-than-cooperative foreign companies is reasonable, especially if
the  business ventures are beneficial to the interest of the host
country.

If you fear your government suspecting you of having something to
hide, you really need to stick to things that look un-suspicious.
Google over https, Skype, and stuff like that.  Sadly, if necessary,
resorting to physical letters, you might be able to make things
tamper-evident.  Depending on the nature of your information, the
knowledge of disclosure might be all you need.

I hope all is well.

-Mike
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list