Re: Is this ALL good advise

[Reco]

On Mon, Dec 09, 2019 at 08:46:13PM +1100, Keith Bainbridge wrote:
> On 9/12/19 6:57 pm, Reco wrote:
> > ll it takes is to look at APNIC record with whois.
> > Shows your ISP and a city it's operating at.
> > I could dig deeper, but I'm lazy.
> Thanks Andrei
> 
> 
> I got 3 addresses
> 2 of them about 3Km away from me (1 in a public park)
> the 3rd, about 4,500Km away from me, but referring specifically to my ISP, 
> must be head office.
> 
> and 3 references to my ISP
> 2 by a very old name
> 1 current name (for about 5 years), but referring to that address 4,500Km away
> 
> Somewhere I found this curl method.

Why would you need an Web API if you have whois (/32 mask is chosen
deliberately to avoid possible privacy concerns)?

$ whois 2402:b801::/32
% [whois.apnic.net]
% Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html
...
inet6num:   2402:b801::/32
netname:IINET-AU-20120806
descr:  iiNet Limited
...
irt:IRT-IINET-AU
address:iiNet Limited
address:Level 9, 250 St Georges Tce
address:Perth
...

Does not show *your* location per se, of course. Hence the "lazy" remark.


> curl http://api.db-ip.com/v2/free/2402:b801:2859::
> {
> "ipAddress": "2402:b801:2859::",
> "continentCode": "OC",
> "continentName": "Oceania",
> "countryCode": "AU",
> "countryName": "Australia",
> "stateProvCode": "VIC",
> "stateProv": "Victoria",
> "city": "Melbourne"
> 
> 
> Only problem is there is no such continent. How can I believe in its accuracy?

And that's GEOIP, a totally different beast. Somewhat accurate for IPv4,
wildly inaccurate for IPv6.

Reco

Re: Is this ALL good advise

[Keith Bainbridge]

On 9/12/19 6:57 pm, Reco wrote:

ll it takes is to look at APNIC record with whois.
Shows your ISP and a city it's operating at.
I could dig deeper, but I'm lazy.

Thanks Andrei


I got 3 addresses
2 of them about 3Km away from me (1 in a public park)
the 3rd, about 4,500Km away from me, but referring specifically to my 
ISP, must be head office.


and 3 references to my ISP
2 by a very old name
1 current name (for about 5 years), but referring to that address 
4,500Km away




Somewhere I found this curl method.

curl http://api.db-ip.com/v2/free/2402:b801:2859::
{
"ipAddress": "2402:b801:2859::",
"continentCode": "OC",
"continentName": "Oceania",
"countryCode": "AU",
"countryName": "Australia",
"stateProvCode": "VIC",
"stateProv": "Victoria",
"city": "Melbourne"


Only problem is there is no such continent. How can I believe in its 
accuracy?



Thanks again. I'll mail the results of using the other SMTPs
--
Keith Bainbridge

keith.bainbridge.3...@gmail.com
+61 (0)447 667 468

Re: Is this ALL good advise

[Reco]

Hi.

On Mon, Dec 09, 2019 at 04:05:00PM +1100, Keith Bainbridge wrote:
> On 4/12/19 11:11 am, John Hasler wrote:
> > Yes.  I suggest Newsguy o
> 
> 
> Um
> 
> Firefox gave me this when I went to their web page
> 
> Warning: Potential Security Risk Ahead

Firefox messages are useless for troubleshooting.


> Should I be worried???

$ openssl s_client -connect member.newsguy.com:443 -showcerts
...
 3 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust 
External CA Root
   i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust 
External CA Root
...
Verify return code: 21 (unable to verify the first certificate)


Your Firefox certificate store (which does not have anything in common
with ca-certificate package) lacks this CA certificate.

File a bug against firefox-esr, or something. CA certificate seems
legit.


> Or am I also cynical?

Nah, that's just TLS.

Reco

Re: Is this ALL good advise

[Reco]

Hi.

On Mon, Dec 09, 2019 at 05:44:37PM +1100, Keith Bainbridge wrote:
> On 7/12/19 10:55 am, Keith Bainbridge wrote:
> > Have had a couple of questions that have gotten me thinking deeply, 
> > primarily about whose/what safety I am really trying to protect. My best 
> > answer is
> > personal, physical safety of my family.
> 
> Good afternoon all
> 
> I have pondered over all you pros and cons of encryption, and figured it 
> isn't worth much if there is enough info in the headers to locate me 'on the 
> ground'.

SMTP is hard at this regard. Possible, but hard.


> So here goes.
> 
> Who would like to help by sending me an Open Street map position of where 
> this email is suggesting I am.
> 
> Please reply to keithr...@iinet.net.au - my ISP   (and that's giving you a 
> clue)

Gmail gave you away already.

Received: from ?IPv6:2402:b801::::5? ([2402:b801::::5]) 

by smtp.gmail.com with ESMTPSA id 
r14sm25683302pfh.10.2019.12.08.22.44.39 
  
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);

Sun, 08 Dec 2019 22:44:41 -0800 (PST) 

All it takes is to look at APNIC record with whois.
Shows your ISP and a city it's operating at.
I could dig deeper, but I'm lazy.


> If you are willing to assist further I'll try sending mail via my (android) 
> phone hotspot wifi, using different smtp servers, like my ISP's smtp and ?? 
> proton
> and tormail smtp. This could all be done off list.

Last two could be interesting. I mean a real-life evaluation of the
privacy of Proton and Tormail.

Reco

Re: Is this ALL good advise

[Andrei POPESCU]

On Lu, 09 dec 19, 17:44:37, Keith Bainbridge wrote:
> On 7/12/19 10:55 am, Keith Bainbridge wrote:
> > Have had a couple of questions that have gotten me thinking deeply,
> > primarily about whose/what safety I am really trying to protect. My best
> > answer is personal, physical safety of my family.
> 
> I have pondered over all you pros and cons of encryption, and figured it
> isn't worth much if there is enough info in the headers to locate me 'on the
> ground'.

If you are using SMTP to your mail server (Gmail, ISP, etc.) the IP 
address is recorded in the headers.

This should not be the case with webmail[1], but the provider does have 
your IP address[2]. If you don't trust the provider with that 
information you must use something like Tor.

Do note that Tor is not 100% either[4] (nothing is) and many providers 
don't accept connections via Tor.

[1] Because your connection to the webmail server is not part of the 
SMTP "path".

[2] Depending on your ISP, it may be more or less easy to determine your 
(aproximate) location from it[3]. You should assume that a determined 
entity with sufficient skill and resources will be able to get close 
enough.

[3] E.g. a simple geolocate for my current IP address shows me in a 
different city.

[4] It's probably good enough to hide your location from mass 
surveillance or a casual attacker (e.g. a "common" stalker). It's 
probably not sufficient if you are a disident in a totalitarian country 
(e.g. Romania pre-1989).


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Is this ALL good advise

[Keith Bainbridge]

On 7/12/19 10:55 am, Keith Bainbridge wrote:
Have had a couple of questions that have gotten me thinking deeply, 
primarily about whose/what safety I am really trying to protect. My best 
answer is personal, physical safety of my family.


Good afternoon all

I have pondered over all you pros and cons of encryption, and figured it 
isn't worth much if there is enough info in the headers to locate me 'on 
the ground'.



So here goes.

Who would like to help by sending me an Open Street map position of 
where this email is suggesting I am.


Please reply to keithr...@iinet.net.au - my ISP   (and that's giving you 
a clue)



If you are willing to assist further I'll try sending mail via my 
(android) phone hotspot wifi, using different smtp servers, like my 
ISP's smtp and ?? proton and tormail smtp. This could all be done off list.


I have preferred using my ISP's smtp - until people started getting 
security warnings from GMail to the effect that they can't confirm the 
authenticity of the sender.


Thanks in advance


--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: Is this ALL good advise

[Keith Bainbridge]

On 4/12/19 11:11 am, John Hasler wrote:

Yes.  I suggest Newsguy o



Um

Firefox gave me this when I went to their web page

Warning: Potential Security Risk Ahead

Nightly detected a potential security threat and did not continue to 
member.newsguy.com. If you visit this site, attackers could try to steal 
information like your passwords, emails, or credit card details.


What can you do about it?

The issue is most likely with the website, and there is nothing you can 
do to resolve it.


If you are on a corporate network or using anti-virus software, you can 
reach out to the support teams for assistance. You can also notify the 
website’s administrator about the problem.




Should I be worried???

Or am I also cynical?

--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: Is this ALL good advise

[Jan Bakuwel]

On 7/12/19 12:55 pm, Keith Bainbridge wrote:

On 3/12/19 8:42 pm, Keith Bainbridge wrote:



Just wondering if this is ALL good advice?

Should I use it for ALL my mail, or just sensitive stuff, like 
lobbying politicians.


I'm still here.   Have had a couple of questions that have gotten me 
thinking deeply, primarily about whose/what safety I am really trying 
to protect. Mu best answer is personal, physical safety of my family.


That has started me thinking that I should be hiding my location more 
than what I am saying.


I'll be back.

Companies like G$ attempt to suck in every minute detail of our lives to 
tune their AI to create a detailed profile of everyone one the planet, 
which in turn is used to create the perfect personal echo chamber 
especially for you. It won't take long before that AI is able to present 
you with what you'd like to hear on virtually any topic with the aim of 
manipulating to move your opinion about  in the desired 
direction using real news, half real news, fake news, absent news (news 
you should hear but don't), you name it.


I'll hear a subtly or less subtly different message than you, each 
message carefully crafted for each individual, for example to nudge you 
to vote for one candidate or another or to buy more stuff you don't 
need. This is very bad news for democracy, if that still exists, and the 
planet.


Although I'd sometimes like to think I can, I am under no illusion that 
I'll be able to outsmart that AI.


And yes, this message comes to you via G$. I use G$ primarily for email 
lists, private stuff lives on a private email server. But hey, as 
someone already mentioned, most people I'm emailing with use G$, M$, Y$ 
, F$ etc, so most of my email still ends up being processed.


A big problem if you ask me, that's virtually without solutions. That's 
why all that G$, M$, Y$, F$ stuff is "so convenient" and "free". They 
employ whole armies of psychologists studying the human mind hunting for 
any and all human weaknesses.


Now back to the topic: does it make sense to encrypt anything? Surely 
for communication between two individuals who'd like to keep their 
conversation private. Otherwise IMHO only if we encrypt everything, to 
make it sufficiently hard for their AI to do this work. But how much 
additional energy would we consume doing that? Can we afford all that 
extra energy? The consequences of runaway climate change might be even 
worse.


As with most other relevant or urgent matters, humanity will not 
voluntarily change course.


Am I just a cynical old bastard? If so, that would be good news!

:-)

J.

Re: Is this ALL good advise

[Keith Bainbridge]

On 3/12/19 8:42 pm, Keith Bainbridge wrote:



Just wondering if this is ALL good advice?

Should I use it for ALL my mail, or just sensitive stuff, like lobbying 
politicians.



I'm still here.   Have had a couple of questions that have gotten me 
thinking deeply, primarily about whose/what safety I am really trying to 
protect. Mu best answer is personal, physical safety of my family.


That has started me thinking that I should be hiding my location more 
than what I am saying.



I'll be back.

--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: Is this ALL good advise

[tomas]

On Fri, Dec 06, 2019 at 10:21:45AM -, Curt wrote:
> On 2019-12-06,   wrote:

> > [...] pompous [...]?
> 
> You seem to have sadly progressed backwards [...]

Thanks for confirming.

Cheers?
-- t


signature.asc
Description: Digital signature

Re: Is this ALL good advise

[Curt]

On 2019-12-06,   wrote:
>
> On Fri, Dec 06, 2019 at 09:28:58AM -, Curt wrote:
>
> [...]
>
>> Unhappily, both you and Joe were so impatient to refute this argument
>> that you could not wait for it to be actually presented [...]
>
> [...] pompous [...]?

You seem to have sadly progressed backwards from an unreasoned grasping
to an *ad hominem* aspersion hardly mitigated by a terminal,
interrogative punctuation of which I can't help but doubt the complete
sincerity of purpose.


-- 
“The cradle rocks above an abyss, and common sense tells us that our existence
is but a brief crack of light between two eternities of darkness.” 
"Speak, Memory," Vladimir Nabokov

Re: Is this ALL good advise

[tomas]

On Fri, Dec 06, 2019 at 09:28:58AM -, Curt wrote:

[...]

> Unhappily, both you and Joe were so impatient to refute this argument
> that you could not wait for it to be actually presented [...]

A little pompous yourself, of late?

Nevermind
-- t


signature.asc
Description: Digital signature

Re: Is this ALL good advise

[Curt]

On 2019-12-05, Brian  wrote:
>
>> If you have nothing to hide, it most certainly does not mean you have
>> nothing to fear.
>
> I wondered when the "If you have nothing to hide,..." argument would
> surface. I have plenty to hide. For example, I would not like it widely
> known that I occasionally put my knickers on inside out.
>

Unhappily, both you and Joe were so impatient to refute this argument
that you could not wait for it to be actually presented. In this case
your contentions to the contrary are, of course, therefore, entirely
made of straw.

BTW, machines do not read, nor do they observe. Machines record (please
see the collapse of the wave function for further edification). The
assertion that the 269 billion emails sent daily (statistic for 2017)
could somehow be "read" in any meaningful sense of that word is so far
from the truth or any genuine feasibility as to not even merit serious
discussion. 

-- 
“The cradle rocks above an abyss, and common sense tells us that our existence
is but a brief crack of light between two eternities of darkness.” 
"Speak, Memory," Vladimir Nabokov

Re: Is this ALL good advise

[Gene Heskett]

On Thursday 05 December 2019 21:02:20 Bob Crochelt wrote:

> On Thu, 5 Dec 2019 05:06:42 -0500
>
> Gene Heskett  wrote:
> > On Thursday 05 December 2019 04:50:56 to...@tuxteam.de wrote:
> > > On Thu, Dec 05, 2019 at 09:14:31AM -, Curt wrote:
> > > > On 2019-12-05, ghe  wrote:
> > > > > I found out about it in an article on Internet
> > > > > security/privacy on the New York Times -- it's safe for
> > > > > mortals.
> > > > >
> > > > > OTOH, I haven't been able to get anyone around here to switch
> > > > > from GMail...
> > > >
> > > > What the aging hoi polloi might not be able to grasp is why
> > > > [...] [encryption] has now somehow become a crucial need.
> > >
> > > I might qualify as "aging hoi polloi" in your view. I very much
> > > grasp (painfully so) why encryption has become crucial.
> > >
> > > Cheers
> > > -- tomás
> >
> > And at 85, I'll wear that label if its not too heavy. And I found my
> > pick it up and carry it weight limit, I got some freight in
> > yesterday the ups guy carried on one shoulder.  The heaviest piece
> > in the box was 55 kg. I got it 3 feet from the box to just inside
> > the garage door, but I'm gonna have to make a skyhook to put it on
> > the milling machines table. But first I gotta get my ticker fixed.
> > Leaky valves.
> >
> > Cheers, Gene Heskett
>
> Gene,
> Best wishes for a quick recovery.
> Bob Crochelt

Thank you.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[Bob Crochelt]

On Thu, 5 Dec 2019 05:06:42 -0500
Gene Heskett  wrote:

> On Thursday 05 December 2019 04:50:56 to...@tuxteam.de wrote:
> 
> > On Thu, Dec 05, 2019 at 09:14:31AM -, Curt wrote:  
> > > On 2019-12-05, ghe  wrote:  
> > > > I found out about it in an article on Internet security/privacy
> > > > on the New York Times -- it's safe for mortals.
> > > >
> > > > OTOH, I haven't been able to get anyone around here to switch
> > > > from GMail...  
> > >
> > > What the aging hoi polloi might not be able to grasp is why [...]
> > > [encryption] has now somehow become a crucial need.  
> >
> > I might qualify as "aging hoi polloi" in your view. I very much
> > grasp (painfully so) why encryption has become crucial.
> >
> > Cheers
> > -- tomás  
> 
> And at 85, I'll wear that label if its not too heavy. And I found my
> pick it up and carry it weight limit, I got some freight in yesterday
> the ups guy carried on one shoulder.  The heaviest piece in the box
> was 55 kg. I got it 3 feet from the box to just inside the garage
> door, but I'm gonna have to make a skyhook to put it on the milling
> machines table. But first I gotta get my ticker fixed. Leaky valves.
> 
> Cheers, Gene Heskett


Gene,
Best wishes for a quick recovery.
Bob Crochelt
-- 

Re: Is this ALL good advise

[Celejar]

On Fri, 6 Dec 2019 00:09:15 +0200
Andrei POPESCU  wrote:

> On Jo, 05 dec 19, 12:30:49, Celejar wrote:
> > On Wed, 4 Dec 2019 23:17:46 +0200
> > Andrei POPESCU  wrote:
> > > 
> > > The free account is quite restricted (500 MB, 150 messages per day). 
> > > This is more than enough for me for the stuff I don't want on GMail.
> > 
> > I really wanted to use ProtonMail, but IIUC, the free account doesn't
> > have any kind of standards (POP / IMAP / SMTP) support (and even the
> > paid accounts require something called the ProtonMail Bridge, still in
> > beta for linux and available by invitation only). I really don't want
> > to use webmail - am I missing something?
> 
> ProtonMail is meant to offer end-to-end encryption out of the box.
> I don't see how they could offer that over "classic" POP / IMAP / SMTP.

By providing a (preferably FLOSS) linux version of their ProtonMail
bridge that sits between the MUA and ProtonMail's systems.

They have an entire page explaining how to utilize IMAP, SMTP, and POP3
- but as I said in my previous mail, it's apparently available in the
free tier:

https://protonmail.com/support/knowledge-base/imap-smtp-and-pop3-setup/

Celejar

Re: Is this ALL good advise

[Andrei POPESCU]

On Jo, 05 dec 19, 12:30:49, Celejar wrote:
> On Wed, 4 Dec 2019 23:17:46 +0200
> Andrei POPESCU  wrote:
> > 
> > The free account is quite restricted (500 MB, 150 messages per day). 
> > This is more than enough for me for the stuff I don't want on GMail.
> 
> I really wanted to use ProtonMail, but IIUC, the free account doesn't
> have any kind of standards (POP / IMAP / SMTP) support (and even the
> paid accounts require something called the ProtonMail Bridge, still in
> beta for linux and available by invitation only). I really don't want
> to use webmail - am I missing something?

ProtonMail is meant to offer end-to-end encryption out of the box.
I don't see how they could offer that over "classic" POP / IMAP / SMTP.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Is this ALL good advise

[Joe]

On Thu, 5 Dec 2019 20:36:28 +
Brian  wrote:


> 
> I wondered when the "If you have nothing to hide,..." argument would
> surface. 

It is always brought up by those who believe that no authority can ever
do wrong, nor even make a mistake. I thought I'd pre-empt them.

> I have plenty to hide. For example, I would not like it
> widely known that I occasionally put my knickers on inside out.
> 

Not many of us have things we need to hide from duly constituted
authorities, but there are many things most of us wouldn't like to be
falsely accused of, whether by accident or design.

Note that encryption is no defence against that kind of thing. The only
way to discourage it is to stop the trawling that goes on. Good luck
finding a government prepared to do that.

-- 
Joe

Re: Is this ALL good advise

[Brian]

On Thu 05 Dec 2019 at 20:23:04 +, Joe wrote:

> On Thu, 5 Dec 2019 18:52:40 - (UTC)
> Curt  wrote:
> 
> > On 2019-12-05, Joe  wrote:
> > >
> > > Because only in the last decade or so has it been possible for a
> > > government or company to read and listen to every single word of
> > > correspondence of every single person in their country, without any
> > > judicial oversight or probable cause. If it had been possible
> > > earlier than that, it would have been done.
> > >  
> > 
> > You are confusing the electronic harvesting of raw data by inanimate
> > machines and the human intentionality required for the interpretation
> > of written and audible material.
> > 
> > 

[...}

> If you have nothing to hide, it most certainly does not mean you have
> nothing to fear.

I wondered when the "If you have nothing to hide,..." argument would
surface. I have plenty to hide. For example, I would not like it widely
known that I occasionally put my knickers on inside out.

-- 
Brian.

Re: Is this ALL good advise

[Brian]

On Thu 05 Dec 2019 at 18:18:55 +, Joe wrote:

> On Thu, 5 Dec 2019 09:14:31 - (UTC)
> Curt  wrote:
> 
> > On 2019-12-05, ghe  wrote:
> > >
> > > I found out about it in an article on Internet security/privacy on
> > > the New York Times -- it's safe for mortals.
> > >
> > > OTOH, I haven't been able to get anyone around here to switch from
> > > GMail... 
> > 
> > What the aging hoi polloi might not be able to grasp is why, after
> > many decades and even centuries of communication using diverse media
> > (notably postal and telephone services) without encryption for the
> > masses (i.e. for those who are neither spies nor wise guys nor
> > soldiers engaged in battle et. al.), it has now somehow become a
> > crucial need.
> 
> Because only in the last decade or so has it been possible for a
> government or company to read and listen to every single word of
> correspondence of every single person in their country, without any
> judicial oversight or probable cause. If it had been possible earlier
> than that, it would have been done.

I'd question "company" linked with "country". But we will let that pass.

Individuals who wish to encrypt correspondence between correspondents
are free to so (given the laws of the counties they live in) and are
entitled to do so. Most email is on the banal level and hectoring users
does little good. Saying it is "crucial" (commercial enterprises apart)
falls on deaf ears.

On a side note: if James Joyce's love letters to Nora Barnacle had been
encrypted, how much of a loss would that have been to humanity? Swings
and roundabouts. Open communication in all but the most obvious cases is
crucial to humankind.

-- 
Brian.

Re: Is this ALL good advise

[Joe]

On Thu, 5 Dec 2019 18:52:40 - (UTC)
Curt  wrote:

> On 2019-12-05, Joe  wrote:
> >
> > Because only in the last decade or so has it been possible for a
> > government or company to read and listen to every single word of
> > correspondence of every single person in their country, without any
> > judicial oversight or probable cause. If it had been possible
> > earlier than that, it would have been done.
> >  
> 
> You are confusing the electronic harvesting of raw data by inanimate
> machines and the human intentionality required for the interpretation
> of written and audible material.
> 
> 

Not at all. The biggest danger is not to criminals or terrorists, it's
that eavesdropped communication will eventually be accepted in a court
of law, if it isn't already, and the large volume of material coupled
with the Peter Principle in government and law enforcement will lead to
large numbers of miscarriages of justice, many of them inadvertent. I
don't know how it is where you are, but it is claimed in my country
that at least ten per cent of driver and car records contain at least
one error. Most of them are insignificant...

If you have nothing to hide, it most certainly does not mean you have
nothing to fear.

And as to interpretation of mass communication, pictures etc., that is
almost certainly the main subject of current AI research. 

-- 
Joe

Re: Is this ALL good advise

[Celejar]

On Wed, 4 Dec 2019 23:17:46 +0200
Andrei POPESCU  wrote:

> On Mi, 04 dec 19, 12:49:53, Gene Heskett wrote:
> > 
> > Which bring me to the table to ask about protonmail. Who pays for that 
> > supposedly secure service at the end of the month? Simple TANSTAAFL, a 
> > law that can't be broken and have survivors, John.
> 
> The free account is quite restricted (500 MB, 150 messages per day). 
> This is more than enough for me for the stuff I don't want on GMail.

I really wanted to use ProtonMail, but IIUC, the free account doesn't
have any kind of standards (POP / IMAP / SMTP) support (and even the
paid accounts require something called the ProtonMail Bridge, still in
beta for linux and available by invitation only). I really don't want
to use webmail - am I missing something?

Celejar

Re: Is this ALL good advise

[Curt]

On 2019-12-05, Peter Hillier-Brook  wrote:
> On 05/12/2019 18:18, Joe wrote:
>
> I can't take any more of this thread. It's "ADVICE" ! :-)
>

Well, as Carl Jung once said, giving advice is a safe activity, seeing
that hardly anyone ever takes it (thus the psychoanalyst's legendary
reserve, I suppose).

-- 
“The cradle rocks above an abyss, and common sense tells us that our existence
is but a brief crack of light between two eternities of darkness.” 
"Speak, Memory," Vladimir Nabokov

Re: Is this ALL good advise

[Peter Hillier-Brook]

On 05/12/2019 18:18, Joe wrote:

I can't take any more of this thread. It's "ADVICE" ! :-)

> On Thu, 5 Dec 2019 09:14:31 - (UTC)
> Curt  wrote:
> 
>> On 2019-12-05, ghe  wrote:
>>>
>>> I found out about it in an article on Internet security/privacy on
>>> the New York Times -- it's safe for mortals.
>>>
>>> OTOH, I haven't been able to get anyone around here to switch from
>>> GMail... 
>>
>> What the aging hoi polloi might not be able to grasp is why, after
>> many decades and even centuries of communication using diverse media
>> (notably postal and telephone services) without encryption for the
>> masses (i.e. for those who are neither spies nor wise guys nor
>> soldiers engaged in battle et. al.), it has now somehow become a
>> crucial need.
> 
> Because only in the last decade or so has it been possible for a
> government or company to read and listen to every single word of
> correspondence of every single person in their country, without any
> judicial oversight or probable cause. If it had been possible earlier
> than that, it would have been done.
> 

Re: Is this ALL good advise

[Curt]

On 2019-12-05, Joe  wrote:
>
> Because only in the last decade or so has it been possible for a
> government or company to read and listen to every single word of
> correspondence of every single person in their country, without any
> judicial oversight or probable cause. If it had been possible earlier
> than that, it would have been done.
>

You are confusing the electronic harvesting of raw data by inanimate
machines and the human intentionality required for the interpretation of
written and audible material.


-- 
“The cradle rocks above an abyss, and common sense tells us that our existence
is but a brief crack of light between two eternities of darkness.” 
"Speak, Memory," Vladimir Nabokov

Re: Is this ALL good advise

[Charles Curley]

On Thu, 5 Dec 2019 18:18:55 +
Joe  wrote:

> Because only in the last decade or so has it been possible for a
> government or company to read and listen to every single word of
> correspondence of every single person in their country, without any
> judicial oversight or probable cause. If it had been possible earlier
> than that, it would have been done.

Not that they haven't tried. I think it was Charles I of England who
gave the Royal Mail a monopoly on mail service, so he could read his
nobles' mail.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Is this ALL good advise

[Joe]

On Thu, 5 Dec 2019 09:14:31 - (UTC)
Curt  wrote:

> On 2019-12-05, ghe  wrote:
> >
> > I found out about it in an article on Internet security/privacy on
> > the New York Times -- it's safe for mortals.
> >
> > OTOH, I haven't been able to get anyone around here to switch from
> > GMail... 
> 
> What the aging hoi polloi might not be able to grasp is why, after
> many decades and even centuries of communication using diverse media
> (notably postal and telephone services) without encryption for the
> masses (i.e. for those who are neither spies nor wise guys nor
> soldiers engaged in battle et. al.), it has now somehow become a
> crucial need.

Because only in the last decade or so has it been possible for a
government or company to read and listen to every single word of
correspondence of every single person in their country, without any
judicial oversight or probable cause. If it had been possible earlier
than that, it would have been done.

-- 
Joe

Re: Is this ALL good advise

[Curt]

On 2019-12-05,   wrote:

>> What the aging hoi polloi might not be able to grasp is why [...]
>> [encryption] has now somehow become a crucial need.
>
> I might qualify as "aging hoi polloi" [...]. I [...] grasp
(...)

That's wonderful that you're grasping, but I appreciate neither your
unreasoned and always ideologically motivated opinions nor your
dishonest manner of trimming my 59 word post so that it appears
unreasoned, too, and your inane response therefore somehow warranted.

IOW, please fuck off.

;-)


-- 
“The cradle rocks above an abyss, and common sense tells us that our existence
is but a brief crack of light between two eternities of darkness.” 
"Speak, Memory," Vladimir Nabokov

Re: Is this ALL good advise

[Gene Heskett]

On Thursday 05 December 2019 04:50:56 to...@tuxteam.de wrote:

> On Thu, Dec 05, 2019 at 09:14:31AM -, Curt wrote:
> > On 2019-12-05, ghe  wrote:
> > > I found out about it in an article on Internet security/privacy on
> > > the New York Times -- it's safe for mortals.
> > >
> > > OTOH, I haven't been able to get anyone around here to switch from
> > > GMail...
> >
> > What the aging hoi polloi might not be able to grasp is why [...]
> > [encryption] has now somehow become a crucial need.
>
> I might qualify as "aging hoi polloi" in your view. I very much grasp
> (painfully so) why encryption has become crucial.
>
> Cheers
> -- tomás

And at 85, I'll wear that label if its not too heavy. And I found my pick 
it up and carry it weight limit, I got some freight in yesterday the ups 
guy carried on one shoulder.  The heaviest piece in the box was 55 kg. I 
got it 3 feet from the box to just inside the garage door, but I'm gonna 
have to make a skyhook to put it on the milling machines table. But 
first I gotta get my ticker fixed. Leaky valves.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[Gene Heskett]

On Thursday 05 December 2019 03:31:18 Erik Christiansen wrote:

> On 04.12.19 17:33, Gene Heskett wrote:
> > My point exactly.  That means two accounts at your isp, I think mine
> > charges only after the 2nd one, and two active fetchmail/procmail
> > sessions = more trouble than it worth. Me? I got the heck off gmail
> > years ago for lack of privacy reasons, and I frankly don't
> > understand why the rest of the planet hasn't bailed out for the same
> > reasons.
>
> Hi Gene, I can't fault the idea of avoiding gmail.
>
> Incidentally, one fetchmail/procmail session will handle a bunch of
> mail sources, given more than one "poll" line in .fetchmailrc, AFAIR.
> And multiple recipients just needs multidrop-mode, which it enters on
> finding more than one "user" line in the config file. So it should be
> pretty straightforward. If you really wanted to do it, that is.
>
> Erik

My current isp, shentel, is working so well I'd forgotten there were 2 
more poll stanza's commented out. So all I need is a new poll stanza 
with a new username?  Thats easy nuff, and just a phone call to tech 
support. I might just do that after my ticker gets fixed.

Thanks Erik.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[tomas]

On Thu, Dec 05, 2019 at 09:14:31AM -, Curt wrote:
> On 2019-12-05, ghe  wrote:
> >
> > I found out about it in an article on Internet security/privacy on the
> > New York Times -- it's safe for mortals.
> >
> > OTOH, I haven't been able to get anyone around here to switch from GMail...
> >
> 
> What the aging hoi polloi might not be able to grasp is why [...]
> [encryption] has now somehow become a crucial need.

I might qualify as "aging hoi polloi" in your view. I very much grasp
(painfully so) why encryption has become crucial.

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: Is this ALL good advise

[Gene Heskett]

On Thursday 05 December 2019 01:21:18 deloptes wrote:

> Gene Heskett wrote:
> >> [1] (neo)mutt, Sylpheed, Claws Mail, Evolution, KMail, etc.
> >
> > My kmail is TDE's, might not be new enough.
>
> Not new enough, but good enough ;-)
>
> I use it on a daily bases with GPG - works just fine

Good to know, thank you deloptes.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[Curt]

On 2019-12-05, ghe  wrote:
>
> I found out about it in an article on Internet security/privacy on the
> New York Times -- it's safe for mortals.
>
> OTOH, I haven't been able to get anyone around here to switch from GMail...
>

What the aging hoi polloi might not be able to grasp is why, after many
decades and even centuries of communication using diverse media (notably
postal and telephone services) without encryption for the masses (i.e.
for those who are neither spies nor wise guys nor soldiers engaged in
battle et. al.), it has now somehow become a crucial need.



-- 
“The cradle rocks above an abyss, and common sense tells us that our existence
is but a brief crack of light between two eternities of darkness.” 
"Speak, Memory," Vladimir Nabokov

Re: Is this ALL good advise

[Erik Christiansen]

On 04.12.19 17:33, Gene Heskett wrote:
> My point exactly.  That means two accounts at your isp, I think mine 
> charges only after the 2nd one, and two active fetchmail/procmail 
> sessions = more trouble than it worth. Me? I got the heck off gmail 
> years ago for lack of privacy reasons, and I frankly don't understand 
> why the rest of the planet hasn't bailed out for the same reasons.

Hi Gene, I can't fault the idea of avoiding gmail.

Incidentally, one fetchmail/procmail session will handle a bunch of mail
sources, given more than one "poll" line in .fetchmailrc, AFAIR. And
multiple recipients just needs multidrop-mode, which it enters on
finding more than one "user" line in the config file. So it should be
pretty straightforward. If you really wanted to do it, that is.

Erik

Re: Is this ALL good advise

[deloptes]

Gene Heskett wrote:

>> [1] (neo)mutt, Sylpheed, Claws Mail, Evolution, KMail, etc.
>>
> My kmail is TDE's, might not be new enough.

Not new enough, but good enough ;-)

I use it on a daily bases with GPG - works just fine

Re: Is this ALL good advise

[rhkramer]

On Wednesday, December 04, 2019 08:42:43 PM Gene Heskett wrote:
> On Wednesday 04 December 2019 18:20:11 John Hasler wrote:
> > Gene writes:
> > > That means two accounts at your isp...
> > 
> > Why?

Just to state it clearly, I've never had a need for more than one account at 
my ISP for multiple email services.  

Re: Is this ALL good advise

[Gene Heskett]

On Wednesday 04 December 2019 18:20:11 John Hasler wrote:

> Gene writes:
> > That means two accounts at your isp...
>
> Why?
>
> > ...and two active fetchmail/procmail sessions...
>
> Fetchmail can scan any number of different servers with a single
> session.

I recall now that I've done as high as 3 servers with one fetchmail, but 
its been a while, 5 years or so, since I dropped VZ and got a real 
telephone, which I define as one that works when you pick it up. VZ 
couldn't manage that.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[ghe]

(Please excuse topPost. )

I'm use protonmail. I run a tiny domain. And I use 2 email
clients/servers: protonmail and Thunderbird. I'm quite happy with
protonmail (PM).

On 12/4/19 3:33 PM, Gene Heskett wrote:
> On Wednesday 04 December 2019 16:17:46 Andrei POPESCU wrote:

>> On Mi, 04 dec 19, 12:49:53, Gene Heskett wrote:
>>> Which bring me to the table to ask about protonmail. Who pays for
>>> that supposedly secure service at the end of the month? Simple
>>> TANSTAAFL, a law that can't be broken and have survivors, John.

Ain't no FL. It's more like a Free Nibble. The free account is pretty
limited -- plenty for me, but there are others who'll eat up their 500M
cache pretty quickly. And the next step up is $4 a month. Not much if
you're paying for an ISP and a room full of computer toys.

>> This is more than enough for me for the stuff I don't want on GMail.

I was on GMail. At GMail, you don't pay for the service, Amazon does.

PM is a lot like GMail -- webBased, kinda free. It even looks a lot like
GMail.

It's not real fast, though. All that cryptography runs through a lot of
CPU cycles. And as best I've been able to find out, they're running on a
/29.

>>> And an it follows question, how does it work with mailing lists such
>>> as this one?

That I don't know. My mailing lists, so far, come in on Thunderbird.
GMail worked, and I can't think of any reason PM wouldn't.

>> What's the point in using something like ProtonMail with a publicly
>> archived mailing list?

Yup. No point to that. Except that Google doesn't get to suck your data.

>> In any case you will be needing key(s).
>> See https://wiki.debian.org/GnuPG for how to generate and manage them.

Not really. Protonmail generates them when you sign up, and the keys
don't go to a PGP/GPG database. That's a bit worrisome -- they're in a
database in Switzerland with no Chain of Trust.

I communicate with a friend down in Texas. He has Enigmail on his Ubuntu
TB, and PM is happy with his key. PM works transparently with other
protonmail installs, with his GPG key (I did have to tell PM that he has
one and I'd like to use it), and with unencrypted folk.

Highly recommended. Very nicely done by some folks at CERN.

I found out about it in an article on Internet security/privacy on the
New York Times -- it's safe for mortals.

OTOH, I haven't been able to get anyone around here to switch from GMail...

-- 
Glenn English

Re: Is this ALL good advise

[Andrei POPESCU]

On Mi, 04 dec 19, 17:33:40, Gene Heskett wrote:
> On Wednesday 04 December 2019 16:17:46 Andrei POPESCU wrote:
> >
> > What's the point in using something like ProtonMail with a publicly
> > archived mailing list?
> >
> My point exactly.  That means two accounts at your isp, I think mine 
> charges only after the 2nd one, and two active fetchmail/procmail 
> sessions = more trouble than it worth. Me? I got the heck off gmail 
> years ago for lack of privacy reasons, and I frankly don't understand 
> why the rest of the planet hasn't bailed out for the same reasons.

Because ISPs never spied on anyone...


> > In any case you will be needing key(s).
> > See https://wiki.debian.org/GnuPG for how to generate and manage them.
> 
> And these are not the same keys used with an ssh -Y pi@rpi4 connection. I 
> use those to operate the rest of the machinery here for maintenance.

Apparently it's possible to generate (sub?)keys usable with SSH, but 
yes, they will be different than the signing and/or encryption key(s).
 
> > How to use the key(s) with a particular mail client depends on the
> > mail client ;). I would expect most of the "traditional" mail clients
> > on Linux[1] with GPG support to pick up the key(s) automatically if
> > you use default locations.
> 
> I'd assume so too. Until proven otherwise.
>  
> > [1] (neo)mutt, Sylpheed, Claws Mail, Evolution, KMail, etc.
> >
> My kmail is TDE's, might not be new enough.

I would be surprised if it doesn't support it.

> > What is not explicitly mentioned there is that you should also somehow
> > establish that a specific key belongs to the person, e.g. by meeting
> > in person and comparing key fingerprints (and some photo ID if you
> > don't know each other).
> 
> Which for me is a bit complex, and if travel required, costly.

Signing and/or encryption works without it, you just won't be so sure 
you're communicating with the right person.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Is this ALL good advise

[Andrei POPESCU]

On Mi, 04 dec 19, 17:17:30, John Hasler wrote:
> Andrei writes:
> > The free account is quite restricted (500 MB, 150 messages per day).
> > This is more than enough for me for the stuff I don't want on GMail.
> 
> If it's free (as in beer) it's no different than Gmail.

The only "advertising" you'll see are some promotions of their own 
services (paid accounts, VPN, etc.), so that's already a plus for me ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Is this ALL good advise

[John Hasler]

Gene writes:
> That means two accounts at your isp...
Why?
> ...and two active fetchmail/procmail sessions...
Fetchmail can scan any number of different servers with a single
session.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Is this ALL good advise

[John Hasler]

Andrei writes:
> The free account is quite restricted (500 MB, 150 messages per day).
> This is more than enough for me for the stuff I don't want on GMail.

If it's free (as in beer) it's no different than Gmail.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Is this ALL good advise

[John Hasler]

Andrei writes:
> What is not explicitly mentioned there is that you should also somehow
> establish that a specific key belongs to the person, e.g. by meeting
> in person and comparing key fingerprints (and some photo ID if you
> don't know each other).

Only if you require identification (a slippery thing) rather than
authentication.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Is this ALL good advise

[Gene Heskett]

On Wednesday 04 December 2019 16:28:05 to...@tuxteam.de wrote:

> On Wed, Dec 04, 2019 at 12:49:53PM -0500, Gene Heskett wrote:
>
> [...]
>
> > IMO it needs far more educationally aimed discussion than the lists
> > in general have supported so far. Even a pointer to a good tut would
> > be appreciated at this campsite. A tut that is NOT written as a
> > commercial for a certain email agent, but simply specifies what
> > needs to be done.
>
> Go have a look for a crypto party [1], [2] near [3] you.
>
> Cheers
>
> [1] https://en.wikipedia.org/wiki/CryptoParty
> [2] https://www.cryptoparty.in/
> [3] https://www.cryptoparty.in/location
[3] nothing within 200 miles one way of me.
> -- t


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[Gene Heskett]

On Wednesday 04 December 2019 16:17:46 Andrei POPESCU wrote:

> On Mi, 04 dec 19, 12:49:53, Gene Heskett wrote:
> > Which bring me to the table to ask about protonmail. Who pays for
> > that supposedly secure service at the end of the month? Simple
> > TANSTAAFL, a law that can't be broken and have survivors, John.
>
> The free account is quite restricted (500 MB, 150 messages per day).
> This is more than enough for me for the stuff I don't want on GMail.
>
> If you need more than that you must upgrade to a paid account.
>
> > And an it follows question, how does it work with mailing lists such
> > as this one?
>
> What's the point in using something like ProtonMail with a publicly
> archived mailing list?
>
My point exactly.  That means two accounts at your isp, I think mine 
charges only after the 2nd one, and two active fetchmail/procmail 
sessions = more trouble than it worth. Me? I got the heck off gmail 
years ago for lack of privacy reasons, and I frankly don't understand 
why the rest of the planet hasn't bailed out for the same reasons.

> > Have had a fire it took an extinguisher to put out last Friday in my
> > main box, I've stuff coming that enough bigger/faster to consider
> > such an option, but I fail to see how it will work with a mailing
> > list which is probably 95+ percent of my email traffic here.  Much
> > of which is signed, but kmail, for the first time ever, confirmed a
> > good signature about 2 weeks back so that gives one an idea of how
> > many, including me, don't fully understand how to use a gpg
> > signature correctly.
> >
> > IMO it needs far more educationally aimed discussion than the lists
> > in general have supported so far. Even a pointer to a good tut would
> > be appreciated at this campsite. A tut that is NOT written as a
> > commercial for a certain email agent, but simply specifies what
> > needs to be done.
>
> In any case you will be needing key(s).
> See https://wiki.debian.org/GnuPG for how to generate and manage them.

And these are not the same keys used with an ssh -Y pi@rpi4 connection. I 
use those to operate the rest of the machinery here for maintenance.

> How to use the key(s) with a particular mail client depends on the
> mail client ;). I would expect most of the "traditional" mail clients
> on Linux[1] with GPG support to pick up the key(s) automatically if
> you use default locations.

I'd assume so too. Until proven otherwise.
 
> [1] (neo)mutt, Sylpheed, Claws Mail, Evolution, KMail, etc.
>
My kmail is TDE's, might not be new enough.

> What is not explicitly mentioned there is that you should also somehow
> establish that a specific key belongs to the person, e.g. by meeting
> in person and comparing key fingerprints (and some photo ID if you
> don't know each other).

Which for me is a bit complex, and if travel required, costly.

> Kind regards,
> Andrei

Thanks Andrei.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[tomas]

On Wed, Dec 04, 2019 at 12:49:53PM -0500, Gene Heskett wrote:

[...]

> IMO it needs far more educationally aimed discussion than the lists in 
> general have supported so far. Even a pointer to a good tut would be 
> appreciated at this campsite. A tut that is NOT written as a commercial 
> for a certain email agent, but simply specifies what needs to be done.

Go have a look for a crypto party [1], [2] near [3] you.

Cheers

[1] https://en.wikipedia.org/wiki/CryptoParty
[2] https://www.cryptoparty.in/
[3] https://www.cryptoparty.in/location

-- t


signature.asc
Description: Digital signature

Re: Is this ALL good advise

[Andrei POPESCU]

On Mi, 04 dec 19, 12:49:53, Gene Heskett wrote:
> 
> Which bring me to the table to ask about protonmail. Who pays for that 
> supposedly secure service at the end of the month? Simple TANSTAAFL, a 
> law that can't be broken and have survivors, John.

The free account is quite restricted (500 MB, 150 messages per day). 
This is more than enough for me for the stuff I don't want on GMail.

If you need more than that you must upgrade to a paid account.

> And an it follows question, how does it work with mailing lists such as 
> this one?

What's the point in using something like ProtonMail with a publicly 
archived mailing list?

> Have had a fire it took an extinguisher to put out last Friday in my main 
> box, I've stuff coming that enough bigger/faster to consider such an 
> option, but I fail to see how it will work with a mailing list which is 
> probably 95+ percent of my email traffic here.  Much of which is signed, 
> but kmail, for the first time ever, confirmed a good signature about 2 
> weeks back so that gives one an idea of how many, including me, don't 
> fully understand how to use a gpg signature correctly.
> 
> IMO it needs far more educationally aimed discussion than the lists in 
> general have supported so far. Even a pointer to a good tut would be 
> appreciated at this campsite. A tut that is NOT written as a commercial 
> for a certain email agent, but simply specifies what needs to be done.

In any case you will be needing key(s).
See https://wiki.debian.org/GnuPG for how to generate and manage them.

How to use the key(s) with a particular mail client depends on the mail 
client ;). I would expect most of the "traditional" mail clients on 
Linux[1] with GPG support to pick up the key(s) automatically if you use 
default locations.

[1] (neo)mutt, Sylpheed, Claws Mail, Evolution, KMail, etc.

What is not explicitly mentioned there is that you should also somehow 
establish that a specific key belongs to the person, e.g. by meeting in 
person and comparing key fingerprints (and some photo ID if you don't 
know each other).


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Is this ALL good advise

[Gene Heskett]

On Wednesday 04 December 2019 11:17:27 John Hasler wrote:

>  Brad Rogers writes:
> > And as has been mentioned, people continue to use the
> > google/yahoo/whoever surveillance webmail systems.  And let's face
> > it, they're not going to offer encryption that does not, at the very
> > least, have a backdoor in it.
>
> Not cynical.  Given that they must be able to scan the messages for
> business reasons[1] there is no way they can offer end-to-end
> encryption.
>
> [1] If the advertising agencies that offer those free Webmail
> services couldn't scan the messages for data to add to their databases
> how would they pay for them?  They aren't operating as charities.

Which bring me to the table to ask about protonmail. Who pays for that 
supposedly secure service at the end of the month? Simple TANSTAAFL, a 
law that can't be broken and have survivors, John.

And an it follows question, how does it work with mailing lists such as 
this one?

Have had a fire it took an extinguisher to put out last Friday in my main 
box, I've stuff coming that enough bigger/faster to consider such an 
option, but I fail to see how it will work with a mailing list which is 
probably 95+ percent of my email traffic here.  Much of which is signed, 
but kmail, for the first time ever, confirmed a good signature about 2 
weeks back so that gives one an idea of how many, including me, don't 
fully understand how to use a gpg signature correctly.

IMO it needs far more educationally aimed discussion than the lists in 
general have supported so far. Even a pointer to a good tut would be 
appreciated at this campsite. A tut that is NOT written as a commercial 
for a certain email agent, but simply specifies what needs to be done.

Thanks John.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is this ALL good advise

[John Hasler]

 Brad Rogers writes:
> And as has been mentioned, people continue to use the
> google/yahoo/whoever surveillance webmail systems.  And let's face it,
> they're not going to offer encryption that does not, at the very
> least, have a backdoor in it.

Not cynical.  Given that they must be able to scan the messages for
business reasons[1] there is no way they can offer end-to-end
encryption.

[1] If the advertising agencies that offer those free Webmail
services couldn't scan the messages for data to add to their databases
how would they pay for them?  They aren't operating as charities.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Is this ALL good advise

[John Hasler]

tomás writes:
> So what I do is... sign my messages. I'll soon add something to my
> signature recommending encryption (and offering help in setting that
> up).

Good idea.  I did that years ago and should start again.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Is this ALL good advise

[Brad Rogers]

On Tue, 3 Dec 2019 20:03:42 +0200
Andrei POPESCU  wrote:

Hello Andrei,

>In my opinion "never" is too strong here, especially with free services 

I take your point..

...however..
(you just *knew* that was coming, didn't you?   :-D)

.not everyone uses serves such as ProtonMail.  Even those that do
don't always take up all the options available.

Until, and unless, existing providers start doing encryption without
*any* user intervention (almost certainly not going to happen) I
strongly believe 'never' is the most appropriate word.  And as has been
mentioned, people continue to use the google/yahoo/whoever surveillance 
webmail systems.  And let's face it, they're not going to offer
encryption that does not, at the very least, have a backdoor in it.

For full disclosure, I should probably mention that I'm a very cynical
person.   :-|

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
It's a very small world in the middle of a crowd
Staring At The Rude Boys - The Ruts


pgpI02jWBKM0o.pgp
Description: OpenPGP digital signature

Re: Is this ALL good advise

[tomas]

On Wed, Dec 04, 2019 at 09:34:48AM +1100, Keith Bainbridge wrote:

[...]

> Several have commented on the usefulness of encryption. The people I
> will be a addressing will mainly fall under the group that wont
> bother trying.

That's my situation to: venturing a rough estimate, 95% to 99% of
those I correspond with don't bother.

Actually, that's everyone's situation. 

But... if you don't try to be in those 1 to 5 percent, you won't
help to make the world a better place, will you?

So what I do is... sign my messages. I'll soon add something to
my signature recommending encryption (and offering help in setting
that up).

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: Is this ALL good advise

[John Hasler]

Keith Bainbridge writes:
>Perhaps a more secure email provider is my best course?

Yes.  I suggest Newsguy or another for-pay email provider.  Do as I do
and configure Fetchmail to download all your new mail every five minutes
(and delete it on the server, of course).  The snoops rely on people
using IMAP or Webmail and leaving all their mail on the server forever.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Is this ALL good advise

[Keith Bainbridge]

On 4/12/19 1:19 am, Dan Clery wrote:


In a general sense, the more we encrypt communication,  the better we 
hide our source IP address, the safer we are, because if you only 
encrypt dangerous communications, it's a clear flag of what messages are 
dangerous. If they're drops in a sea of noise, it's harder to identify 
the important stuff.


There's another side of the coin though. You want to be careful doing 
mundane stuff over the same channel you would do dangerous things.


Dan

Am I correct to interpret you as the best protection sometimes backfires?

I was advised by a Government agency that I should get separate email. 
Hence my question earlier about safe email providers. My marginal 
Asperger's told me that, that meant safer email, including encryption. 
Perhaps a more secure email provider is my best course?



More food for thought.

I'll be back  later, with personal thanks for other responses. My 
typing speed is slower than I like to believe.



--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: Is this ALL good advise

[Andrei POPESCU]

On Ma, 03 dec 19, 12:50:24, John Hasler wrote:
> https://www.wired.com/2015/10/mr-robot-uses-protonmail-still-isnt-fully-secure/

Noting the article is more than 4 years old.
 
> Besides, most users will continue to use Gmail and the like.

Sure, but ProtonMail also allows to communicate fairly secure even with 
persons who don't have a GPG key. They would receive a link to access 
the message on the web with a password set by the sender.

I won't let the perfect be the enemy of good.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Is this ALL good advise

[Keith Bainbridge]

On 3/12/19 11:04 pm, Andrei POPESCU wrote:

Most appear to be quite sensible, but I'm not using Thunderbird.

Do note that encryption can work only if the other side supports it as
well and you have their public key.



Thanks everybody

One advantage of sleeping while most of you are wide awake is that so 
many replies to my questions are waiting for me over my morning coffee.




I was a little surprised with the strong suggestion for Thunderbird. But 
I have yo say that it is overall easy to use (and after >20 years) very 
familiar.


Several have commented on the usefulness of encryption. The people I 
will be a addressing will mainly fall under the group that wont bother 
trying.



Other responses follow


--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: Is this ALL good advise

[John Hasler]

https://www.wired.com/2015/10/mr-robot-uses-protonmail-still-isnt-fully-secure/

Besides, most users will continue to use Gmail and the like.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Is this ALL good advise

[Andrei POPESCU]

On Ma, 03 dec 19, 15:55:37, Brad Rogers wrote:
> On Tue, 3 Dec 2019 20:42:30 +1100
> Keith Bainbridge  wrote:
> 
> Hello Keith,
> 
> >Should I use it for ALL my mail, or just sensitive stuff, like lobbying 
> >politicians.
> 
> Ideally, all one's email should be encrypted because if it isn't, the
> ones that *are* encrypted simply SCREAM 'look at me, I'm interesting'.
> 
> Of course, as others have already said, it's never gonna happen because
> most people simply aren't going to have (not to mention _want_ to have)
> the necessary tool chain.

In my opinion "never" is too strong here, especially with free services 
like ProtonMail offering encryption out-of-the-box with minimal user 
input required.

Also in the corporate world encryption is (slowly) starting to see more 
use, due to GDPR or similar requirements.

As it sees more use the tools should also improve to make for a better 
user experience.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Is this ALL good advise

[Brad Rogers]

On Tue, 3 Dec 2019 20:42:30 +1100
Keith Bainbridge  wrote:

Hello Keith,

>Should I use it for ALL my mail, or just sensitive stuff, like lobbying 
>politicians.

Ideally, all one's email should be encrypted because if it isn't, the
ones that *are* encrypted simply SCREAM 'look at me, I'm interesting'.

Of course, as others have already said, it's never gonna happen because
most people simply aren't going to have (not to mention _want_ to have)
the necessary tool chain.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Buy some love at the five and dime
You Have Placed A Chill In My Heart - Eurythmics


pgpn_DqeKeAQL.pgp
Description: OpenPGP digital signature

Re: Is this ALL good advise

[Dan Clery]

Any security advise without consideration of your threat model is less than
ideal.

As others have said, if you send me an encrypted email, and I'm not
prepared to deal with it, your message won't be recieved (your great aunt
Tilly isn't going to be able to read your encrypted emails without a bunch
of support)

In a general sense, the more we encrypt communication,  the better we hide
our source IP address, the safer we are, because if you only encrypt
dangerous communications, it's a clear flag of what messages are dangerous.
If they're drops in a sea of noise, it's harder to identify the important
stuff.

There's another side of the coin though. You want to be careful doing
mundane stuff over the same channel you would do dangerous things.

An example - I use a VPN for whenever I torrent stuff I don't want to point
at my home. My browser talked to Facebook enough to trigger their
suspicious activity bot, making me change my password. So the IP I was
using to do secret stuff could theoretically be tied to an IP I was using
at the same time for mundane stuff. If my personal safety was a risk over
what I was doing, I'd be worried.

On Tue, Dec 3, 2019, 07:05 Andrei POPESCU  wrote:

> On Ma, 03 dec 19, 20:42:30, Keith Bainbridge wrote:
> > Good evening All
> >
> >
> > Just wondering if this is ALL good advice?
> >
> > Should I use it for ALL my mail, or just sensitive stuff, like lobbying
> > politicians.
>
> Most appear to be quite sensible, but I'm not using Thunderbird.
>
> Do note that encryption can work only if the other side supports it as
> well and you have their public key.
>
> I believe opportunistic signing and/or encrypting of e-mails should be
> the default in all e-mail clients.
>
> Kind regards,
> Andrei
> --
> http://wiki.debian.org/FAQsFromDebianUser
>

Re: Is this ALL good advise

[Andrei POPESCU]

On Ma, 03 dec 19, 20:42:30, Keith Bainbridge wrote:
> Good evening All
> 
> 
> Just wondering if this is ALL good advice?
> 
> Should I use it for ALL my mail, or just sensitive stuff, like lobbying
> politicians.

Most appear to be quite sensible, but I'm not using Thunderbird.

Do note that encryption can work only if the other side supports it as 
well and you have their public key.

I believe opportunistic signing and/or encrypting of e-mails should be 
the default in all e-mail clients.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Is this ALL good advise

[Keith Bainbridge]

Good evening All


Just wondering if this is ALL good advice?

Should I use it for ALL my mail, or just sensitive stuff, like lobbying 
politicians.


Thanks

Enhance your email security

Encrypt your mail! For enhanced message security use Encrypted Email.
There are many vulnerabilities with how secure connections work. If 
you need high security, you should always connect to Riseup services 
using the Riseup VPN. This will prevent a long list of potential attacks 
against your communication.
To enhance connection security you can use Tor to connect to 
Riseup’s .onion services for IMAP and SMTP. Look for the onion address 
for mail.riseup.net and smtp.riseup.net addresses and use those instead. 
Note: * SMTP port 465 is often blocked by exit nodes, but port 587 is 
less frequently blocked. If you have a problem sending mail, try port 
587 or configure your client to use Riseup’s email hidden service in 
place of the regular mail.riseup.net domain. This is better than sending 
traffic through a Tor exit as it is MITM resistant, but it will generate 
certificate errors on the client side.


Add some extensions

We suggest these extensions for Thunderbird:

Enigmail: get started in no time encrypting and decrypting emails 
and verifying that emails you receive are from the people who you expect 
them to be.
Display Quota: This extension will display the current status of 
your IMAP quota in Thunderbird’s statusbar and will warn you when you 
reach a configurable limit.
TorBirdy: This extension configures Thunderbird to make connections 
over the Tor anonymity network.


Use hidden options to speed up Thunderbird

Per default every time you open a mail or change the status Thunderbird 
connects to the mail server. For slow connections or when Riseup’s 
servers are busy this can be pain.


Luckily there is a fix: Thunderbird has some hidden options, that a does 
a complete sync when connecting the server. This will speed up your work 
flow and makes your day better.


To set this, go to the menu Edit > Preferences > Advanced > General > 
Config Editor


set use_status_for_biff to false
set mail.server.default.autosync_offline_stores to true


Keith Bainbridge

ke1th3...@gmail.com
0447 667 468