* Originally in MOBILE
* Crossposted in PUBLIC_KEYS

Hi Aug,

On 2023-06-01 22:13:20, you wrote to All:

Cops hate encryption but the NSA loves it when you use PGP

https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp/

A bit old, but still interesting!

So you need to hide your pgp/gpg communication, in for instance encrypted binkp sessions! And not use email... ;-)

Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

Hello Wilfred!

* Originally in MOBILE
* Crossposted in PUBLIC_KEYS

Good choice to x-post here.

https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp/

A bit old, but still interesting!

So you need to hide your pgp/gpg communication, in for instance
encrypted binkp sessions! And not use email... ;-)

But binkp is only sound during the initial transfer. The
resultant fidonet content become public info once it lands on a
bbs that opens the echos for public viewing. :(


--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)

* Originally in MOBILE
* Crossposted in PUBLIC_KEYS

Hi August,

On 2023-06-01 18:15:00, you wrote to me:

A bit old, but still interesting!

So you need to hide your pgp/gpg communication, in for instance
encrypted binkp sessions! And not use email... ;-)

I failed to notice the date of the original. A lot of things
have changed in gpg/pgp usage and implementation since 2016.

It probably has. But not regarding the recognisability of the pgp/gpg data afaik.

I bet gpg is more wide-spread in usage now than then.

I don't see any evidence of that.

Collecting and analying meta data NOW seems like a make-work
project that wastes time and resources.

Why do you think so. The NSA (and likes) wouldn't turn of their 2016 systems, if they still keep working and giving them valuable data...


Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

* Originally in MOBILE
* Crossposted in PUBLIC_KEYS

Hi August,

On 2023-06-01 18:25:00, you wrote to me:

So you need to hide your pgp/gpg communication, in for instance
encrypted binkp sessions! And not use email... ;-)

But binkp is only sound during the initial transfer. The
resultant fidonet content become public info once it lands on a
bbs that opens the echos for public viewing. :(

You wouldn't normally send your private mails in public echomail areas. You would use netmail, preferably direct, so I don't see that down side...

Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

Hi Wilfred!

01 Jun 2023 21:31, from Wilfred van Velzen -> Aug:

Cops hate encryption but the NSA loves it when you use PGP
https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp/

A bit old, but still interesting!
So you need to hide your pgp/gpg communication, in for instance
encrypted binkp sessions! And not use email... ;-)

Or use steganography to hide in pictures, mp3, whatever.

CU, Ricsi

... Have you ever imagined a world with no hypothetical situations?
--- GoldED+/LNX
* Origin: Don't worry, I don't understand what I said either... (2:310/31)

Hi Richard,

On 2023-06-02 11:30:26, you wrote to me:

Cops hate encryption but the NSA loves it when you use PGP
https://www.theregister.com/2016/01/27/nsa_loves_it_when_you_use_pgp
/

A bit old, but still interesting!
So you need to hide your pgp/gpg communication, in for instance
encrypted binkp sessions! And not use email... ;-)

Or use steganography to hide in pictures, mp3, whatever.

Do you have experience with this?

But it also might attrackt some unwanted attention. And you don't know how good the NSA (etc) have become at detecting it...


Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

Hello Wilfred!

** On Friday 02.06.23 - 08:50, Wilfred van Velzen wrote to August Abolins:

* Originally in MOBILE
* Crossposted in PUBLIC_KEYS

But binkp is only sound during the initial transfer. The
resultant fidonet content become public info once it lands on a
bbs that opens the echos for public viewing. :(

You wouldn't normally send your private mails in public echomail areas. You would use netmail, preferably direct, so I don't see that down side...

Oh yeah.. netmail could work that way exclusively. Good point.
That could be reasonably invisible to the NSA/spy. But the use
of the binkp can still be deteted, no? And if that's the case,
they can start focusing their observations on systems that use
it and probe deeper.
--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)

Hi August,

On 2023-06-03 08:36:00, you wrote to me:

Oh yeah.. netmail could work that way exclusively. Good point.
That could be reasonably invisible to the NSA/spy. But the use
of the binkp can still be deteted, no?

Yes. With or without pgp/gpg content.

And if that's the case, they can start focusing their observations on systems that use it and probe deeper.

Why would they want to do that? And if they would, they would have already started doing so decades ago...


Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

Hello Wilfred!

Oh yeah.. netmail could work that way exclusively. Good
point. That could be reasonably invisible to the NSA/spy.
But the use of the binkp can still be deteted, no?

Yes. With or without pgp/gpg content.

Hmmm.. Too bad networked (via FTN) BBSes don't stress that
opaqueness as pretty-good-isolation from internet collection
then.

And if that's the case, they can start focusing their
observations on systems that use it and probe deeper.

Why would they want to do that? And if they would, they
would have already started doing so decades ago...

Well.. I thought that if it becomes known that BBSes are the
transport mechanism for secret/suspect messages, then the spys
could investigate the BBS and owners and choose to knock on
their doors some day?


--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)

Hi August,

On 2023-06-03 21:51:00, you wrote to me:

Oh yeah.. netmail could work that way exclusively. Good
point. That could be reasonably invisible to the NSA/spy.
But the use of the binkp can still be deteted, no?

Yes. With or without pgp/gpg content.

Hmmm.. Too bad networked (via FTN) BBSes don't stress that
opaqueness as pretty-good-isolation from internet collection
then.

Probably everything is collected. And btw binkd doesn't use a very good encryption algorithm. So if they wanted/needed to break it, they probably could. So the hiding gpg traffic only works as long as we remain small and under the radar...

And if that's the case, they can start focusing their
observations on systems that use it and probe deeper.

Why would they want to do that? And if they would, they
would have already started doing so decades ago...

Well.. I thought that if it becomes known that BBSes are the
transport mechanism for secret/suspect messages, then the spys
could investigate the BBS and owners and choose to knock on
their doors some day?

Of course, but that is true for any kind of communication... The point is not to become suspect! ;-)

Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

Hmmm.. Too bad networked (via FTN) BBSes don't stress that
opaqueness as pretty-good-isolation from internet collection
then.

Probably everything is collected. And btw binkd doesn't use a very good encryption algorithm. So if they wanted/needed to break it, they
probably could.

I thought binkd's encryption only extended to the
authentication part. If the whole transfer, ie. the PKTs are
encrypted, that's interesting.

According to this, http://mimac.bizzi.org/
fidonet_programmi_binkd.html

"traffic encryption" was added.

So the hiding gpg traffic only works as long as we
remain small and under the radar...

Oh.. so you mean to include gpg'd netmail messages in the
transfer?

Well.. I thought that if it becomes known that BBSes are
the transport mechanism for secret/suspect messages, then
the spys could investigate the BBS and owners and choose
to knock on their doors some day?

Of course, but that is true for any kind of
communication... The point is not to become suspect! ;-)

Yes n No. I suppose that "authorities" could demand unlocking
encrypted messages on "grounds" for suspicion. That happend at
Prontomail not long ago. What those "grounds" could be could
be debatable and suspect itself. :D

I recall a movement that suggested that people simply FLOOD the
channels with messages that bore "suspect" text in the Subject
lines: super secret, terrorism, murder.. etc. The idea being
that then they will have too much data to analyse.

Similarly, random suspect words could be also be thrown in as
part of the message body at random times.

I dunno.. at this point I think the NSA wants people to think
that they have the ability analyse all the traffic out there -
and the media is more than willing to communicate that on their
behalf - but I think the reality is that analysing it ALL
within a reasonable time frame is not happening.

--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)

Hi Wilfred!

02 Jun 2023 11:48, from Wilfred van Velzen -> Richard Menedetter:

So you need to hide your pgp/gpg communication, in for instance
encrypted binkp sessions! And not use email... ;-)

Or use steganography to hide in pictures, mp3, whatever.

Do you have experience with this?

Little and a veeeeery long time ago.

But it also might attrackt some unwanted attention. And you don't know
how good the NSA (etc) have become at detecting it...

Well you can always embed a PGP file steganographically.
In that case they would just know that something is there if they are able to detect it.

CU, Ricsi

... The perfect guest is one who makes his host feel at home.
--- GoldED+/LNX
* Origin: INPUT: Food, whisky, beer, aspirin, etc. (2:310/31)

Hi August,

On 2023-06-04 11:08:00, you wrote to me:

Probably everything is collected. And btw binkd doesn't use a very
good encryption algorithm. So if they wanted/needed to break it,
they probably could.

I thought binkd's encryption only extended to the
authentication part. If the whole transfer, ie. the PKTs are
encrypted, that's interesting.

It can be, but not every node supports it...

I recall a movement that suggested that people simply FLOOD the
channels with messages that bore "suspect" text in the Subject
lines: super secret, terrorism, murder.. etc. The idea being
that then they will have too much data to analyse.

I don't think that would work now. Data analyses and cpu power has come a long way...


Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

Hello WvV!

** On Friday 02.06.23 - 08:44, you wrote to me:

* Originally in MOBILE
* Crossposted in PUBLIC_KEYS

I bet gpg is more wide-spread in usage now than then.

I don't see any evidence of that.

Well.. Thunderbird has supported PGP/GPG integration for years
via plugins, and now it is practically built-in and part of the
whole program. An implementation like that only begs to be
discovered and used. If the coders for TB have done this, they
must have had the evidence or requests for that.

Then there are all the other programs such as GPGTools
GPGshell, etc.. that exist and continue to be supported.

I am sure friends tell two friends and so on, about these
options to integrate more privacy in comms.

Collecting and analying meta data NOW seems like a make-work
project that wastes time and resources.

Why do you think so. The NSA (and likes) wouldn't turn of
their 2016 systems, if they still keep working and giving
them valuable data...

Sure.. even for them change is hard. So, they just keep
investing more and more resources to maintain this beast of
collecting everything - but with a very limited feasible
outcome.

They are forced to focus on narrow sets of data: a particular
suspect or small group.

But even then, the associations between suspects/groups could
be full of red-herrings.



--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)

Hi August,

On 2023-06-06 08:34:00, you wrote to me:

I bet gpg is more wide-spread in usage now than then.

I don't see any evidence of that.

Well.. Thunderbird has supported PGP/GPG integration for years
via plugins, and now it is practically built-in and part of the
whole program. An implementation like that only begs to be
discovered and used. If the coders for TB have done this, they
must have had the evidence or requests for that.

Then there are all the other programs such as GPGTools
GPGshell, etc.. that exist and continue to be supported.

I am sure friends tell two friends and so on, about these
options to integrate more privacy in comms.

Support/availability doesn't automatically mean usage...

And you will have to configure it in Thunderbird. Most users won't bother.

Collecting and analying meta data NOW seems like a make-work
project that wastes time and resources.

Why do you think so. The NSA (and likes) wouldn't turn of
their 2016 systems, if they still keep working and giving
them valuable data...

Sure.. even for them change is hard. So, they just keep
investing more and more resources to maintain this beast of
collecting everything - but with a very limited feasible
outcome.

You don't know that! ;-)

They are forced to focus on narrow sets of data: a particular
suspect or small group.

You don't know that! ;-)


Bye, Wilfred.

--- FMail-lnx64 2.2.0.0
* Origin: FMail development HQ (2:280/464)

Hello Wilfred!

** On Tuesday 06.06.23 - 16:28, you wrote to me:

I am sure friends tell two friends and so on, about these
options to integrate more privacy in comms.

Support/availability doesn't automatically mean usage...

And you will have to configure it in Thunderbird. Most
users won't bother.

We/you don't know if people are not bothering. I get the
occassional question about the signature file that my TB
includes when I send a message. But unless they use TB
themselves, they won't have an easy path to change from their
confort-zone of the webbased gmail or outlook or hotmail or
live.com

And.. there is the ever pervasive notion that "there is nothing
worthy of secrecy in my email conversations, so privacy doesn't
matter".

Sure.. even for them change is hard. So, they just keep
investing more and more resources to maintain this beast of
collecting everything - but with a very limited feasible
outcome.

You don't know that! ;-)

There is no evidence that they have been successful in using
that system.

They are forced to focus on narrow sets of data: a particular
suspect or small group.

You don't know that! ;-)

Based on some articles that do get out on mainstream media,
there is the occassional mention that enmasse data collection
has helped them follow a trail of a suspect. But, then they
have to ignore the billions of petrabytes of other info they
have collected. But even if if get reported as such, that could
be a ruse to keep the public in check.


--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)

Hello Richard Menedetter!

** On Sunday 04.06.23 - 20:45, you wrote to Wilfred:

Or use steganography to hide in pictures, mp3, whatever.

Do you have experience with this?

Little and a veeeeery long time ago.

But it also might attrackt some unwanted attention. And
you don't know how good the NSA (etc) have become at
detecting it...

Well you can always embed a PGP file steganographically.
In that case they would just know that something is there
if they are able to detect it.

I like the idea of that - PGP messages wrapping in short .mp3/
.ogg soundbites and send those as attachments in basic email.
Create something that occupies their time for nothing.

--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)

Hello Wilfred!

** On Friday 02.06.23 - 11:48, you wrote to RM:

Or use steganography to hide in pictures, mp3, whatever.

But it also might attrackt some unwanted attention. And
you don't know how good the NSA (etc) have become at
detecting it...

I'm afraid everyone is already a suspect and our comms are
already collected and subject to rudimentaty analysis.

By putting a lock on that data (pgp, stenographics, etc) we are
declaring the right to agency and privacy.

THIS is a sad commentary:

https://www.cato.org/blog/nearly-third-gen-z-favors-home- government-surveillance-cameras-1

--
../|ug

--- OpenXP 5.0.57
* Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)