On Sun, 21 Feb 2016 21:22:02 +0100, Stig Roar Wangberg wrote: >I only encrypt to people I trust IF the message requires it.
Here we face another issue. If you don't always encrypt messages, then a judge could assume that the encrypted email are related to a crime. In some countries, IIRC e.g. Great Britain, people can be forced by law to decrypt data, if they don't do it, they get arrested. In Germany we have a strong data protection, AFAIK you can't be forced to decrypt data. Btw. by accident I lost some unimportant keys, so I can't decrypt some unimportant data, but this could become an issue in countries, that are allowed to force you, to decrypt data. However, some nations even use torture. "IF the message requires it" is a strange statement. Actually all mail, perhaps excepted of postcards, are liable to inviolability of the mail. If you like to turn the spotlight on you, then encrypt just a few messages, so police and others know at least dates, when you might be involved in crimes or whatsoever they are interested in. IOW by decrypting messages that "require" decryption and at the same time not encrypting other messages, you already provide useful data to those who are interested in it. The content of the message might be unimportant to them, the only information they need is, that at a given date you corresponded by encrypted emails. Now you could argue, that in addition you're using anonymous mailing, mixminion or similar. Since TOR was mentioned I'll quote from the FAQs: "So I'm totally anonymous if I use Tor? No. [snip]" "What attacks remain against onion routing? As mentioned above, it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model. [snip] Furthermore, since Tor reuses circuits for multiple TCP connections, it is possible to associate non anonymous and anonymous traffic at a given exit node, so be careful about what applications you run concurrently over Tor. Perhaps even run separate Tor clients for these applications." - https://www.torproject.org/docs/faq.html.en IOW e.g. even if you run Ardour, a digital audio workstation that phones home and it phones home, while you are using TOR browser, a lot of the security provided by TOR could be null and void. Regards, Ralf _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list