Re: [Trisquel-users] Is there a perfect method to guard our communication?
> learning to use correctly Endless+Onion browser, turning off/on > JavaScript, etc, by current only my device, iPhone. Also, more importantly: complain to websites that use any complex/non-trivial non-free --- or not labelled as non-free --- JavaScript. It's not enough to simply turn off the feature in your web browser if the 99% of average users will still be affected by the issue. > I did not know the Kontalk, XMPP, OTR. Thanks. I would say: stick with XMPP+OMEMO --- OMEMO is supported by XMPP standard itself, look for client software that supports "XEP-0384" or simply "OMEMO". XMPP is long-standing, stable, extensible, the standards setting is controlled by groups of people, the extensions rarely overlap --- so there is rarely a duplicated effort ---. XMPP also supports real-time person-to-person audio and video calls. At least in Trisquel 7, the Pidgin client is known for supporting audio and video calls --- if I'm not mistaken, by default. You can also send any file using XMPP, you can do so both directly with client-to-client file transfer, or by relying on the XMPP service provider that you use, through XMPP HTTP File Upload, a server-side and client-side extension. I don't know if Trisquel 7's Pidgin can request a HTTP File Upload, but I was told that the direct method works most of the time. > I am going to study those softwares. And I started to care the social > engineering. It sounds, how I say, danger? What a coincidence you mention this! :D I started watching and reading related studies about this, particularly on the social engineering caused by major stakeholders. For a great series of works related to free/libre software movement, and "network effects" caused by major stakeholders, and also to know why and how to use XMPP, see [1]. [1] https://libreplanet.org/wiki/XMPP . -- - https://libreplanet.org/wiki/User:Adfeno - Palestrante e consultor sobre /software/ livre (não confundir com gratis). - "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar instantaneamente comigo no endereço abaixo. - Contato: https://libreplanet.org/wiki/User:Adfeno#vCard - Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft Office, MP3, MP4, WMA, WMV. - Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF (apenas sem DRM), PNG, TXT, WEBM.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
しんぱいしないでください。いつも何も言わなくてもいいです。それから、他人は話を続けてもいいですね。何もスレを始めた人のせいではありません。ボスではないのですね。 There's no need to announce that you're not continuing. You can respond or not respond to messages as you wish; you don't gain any obligations simply because you started a thread. Please be at ease and don't worry about what others are doing. :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
なんで気分がそんなに悪くなったの?メンバーの喧嘩のせいですか?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
OK. I quit this discussion of this thread. I don't know what I do as a person who made this thread, so I state that here now. I started feeling a smell of general forums. I don't like a worldly forum as I said. I got the creap from some posts. I think that from beggining to a while, question and answer was formed normally. Now, I don't think so. Even if this is my fault or just I lack an ability of understanding, I think that the creepy atmosphere is real. I show you my thanks to reply my questions. I have thought that I become silent and leave slowly from here but I think I have some responsibility as the person. So I stated this. I reread those for a while but I am not sure that I can understand.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> The telemetry component does not report the pages the users visit. It does much more than that, including things like scrolls, clicks, your preferences etc: https://wiki.mozilla.org/Firefox/Data_Collection#Data_Collection_Categories > A victim of proprietary software, yes. No, he does not say "of proprietary software". You are putting your words in his mouth. > As written on the page I pointed to you: "Every nontrivial program has bugs, and any system, free or proprietary, may have security errors. To err is human, and not culpable." And I pointed to you that telemetry and deliberate data collection is not bug or error. It is a feature, deliberately created and enforced by default. > And anonymous. Bulshit. > FYI, IceCat has the telemetry component disabled. Yeah, how comforting. The snake is still there, just sleeping and waiting for the next release in which it may be awakened. How marvelous it is "not to be a victim" and to have "freedom". Gnulellujah.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
fsfeggsdgfsdfkjasdlnkjsadlvjnsadlvnsdlvsndvlsadvn!! ! Si, si...
Re: [Trisquel-users] Is there a perfect method to guard our communication?
You are twisting my words again and again. And you seem to twist even what your favorite authorities say. https://www.fsf.org/blogs/rms/20140407-geneva-tedx-talk-free-software-free-society Watch the video: 4:20-6:20 - Does that create the impression that it is possible to have that also in free software? - No. It is explicitly accenting on proprietary software, explaining how bad it is and there is not a single mention that free software (like Firefox/forks) can also report that you are "reading page 5" (through telemetry) to the "non-profit" organization Mozilla corporation. > But the free software movement does not believe that "free software implies safety": 6:20-6:32 - "How do you stop being a victim?... you can come join us in the free world we've built" Doesn't that say that in the world of free software you won't be a victim? - Yes, it does. So I don't pretend anything. I point out what I see. And I may be wrong, so as I suggested in another post - make a poll in a separate thread, show the video and ask people: Do you think that free software is safer than proprietary? a) Yes, because more people have checked it b) No, it is equally unsafe Then see the results. > It would be equally incorrect to compare proprietary software with a fictitious idea of free software as perfect. Every nontrivial program has bugs, and any system, free or proprietary, may have security errors. To err is human, and not culpable. Deliberately creating telemetry for continuous and detailed data collection is not a bug or inadvertent imperfection. > But proprietary software developers frequently disregard gaping holes, or even introduce them deliberately. So do free software developers (Mozilla), yet your favorite bible doesn't say a word about it. They would rather tell you "use IceCat and look no further". When someone talks about ethics but is not completely honest that is not ethics.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> 2. Any time both nodes are safe, the conversation is safe. Only if the transport and all devices involved in the whole process of computing and data transfer are safe. > Your attitude is "everyone else is doing things in a bad way, so what's the point?" No. My point is not that. I have already explained what it is in previous posts so I am not going to do it again. If you understand - good. If not - I don't have the time, sorry. > How inspiring you are. I am not here to inspire or depress anyone. If you feel bored find something else to do. This thread is not about global pollution or ecology, neither it is a personal consultation by me given at length to everyone who refuses to read carefully but chews me in all possible ways.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> No, it is not. Then why people want free software according to you? Because they like the licensing? Or because it is not paid? No - they want it because of the ability for community control which implies it safety. > ?? What I said means that I know better than you what I mean and why I use particular words, i.e. there is no need to correct me in a different context. I can't count how many times I have asked for that. > Does "your own network completely isolated from the Internet" crosses oceans? No. It is a little bigger than yours. > It is what I need to talk with my parents and I would like to try your solution since you apparently claim it is "practical". Show me a link to the exact post where I say "this is a practical solution". > So if we are objective we have to admit that both are equally possible."), I believe your conclusion is: both alternatives, "Snowden was only lucky" and "end-to-end encryption on a free software system helped him not being detected", are "equally possible". No, these are not alternatives. These are 2 unrelated things. The 2 possible alternatives are: - E.S. is honest - E.S. is not honest > I have just figured out another alternative: "aliens, protecting Edward Snowden, use their telekinetic powers to erase Snowden's messages before the governmental agencies catch them". You have no proof of the opposite, don't you? Does that mean it is an "equally probable" alternative? I will let you figure that out for yourself. I have no time for more nonsense. > Are you arguing that we should only use servers that are somehow democratically administrated? How does that work? Do we directly vote for the hardware/software that server administrators are allowed to use? Should there be a state agency that takes care of that? Should there then be inspectors who check that no unauthorized software is running? I think it would be good to have openness in that matter. Without it everything is just wishful thinking and trusting words. I don't know about inspectors - perhaps not because that involves authority and again trust. Ideally the system should be designed in a way which everyone can check them remotely. Don't ask me how it can be done within current technology. I don't have an answer. > Yes, it can. A sensible metrics would be the proportion of your emails that the NSA can read (in clear text). But you don't know what NSA can read, so you cannot measure it. > Once you sent your data to the service provider, that provider is in control of your data. You cannot know how it processes them. For all you know, they may be manually processed. Free software on the server side does not bring the control of the data back to the server's user. No management engine on the server side does not bring the control of the data back to the server's user either. You are mixing unrelated things: 1) free software 2) known vulnerability 3) user control of data. My questions were in a different context. In any case removing known vulnerability is surely better than having it. If you are arguing that it is futile it is in no way different from saying that having a virus on the server or removing it doesn't matter for the users. I say it does. The fact that the service provider can do other mischief with users' data is a separate thing. > It does not matter to the server's users. It matters to Google (or any other service provider), who wants to be in control of its computing. It wants the power over its servers. And it deserves that power: they are Google's servers. Using free software or not using any management engine is good for Google. It makes no difference to the server's users. You are making it sound as if those servers have absolutely nothing to do with the users who use the resources of those servers. Well, I disagree. Everyone prefers to use a healthy computer, not an infected one. Again - I am talking about technology only, not about the political mischief Google is involved in. (I know both are related but still) > I mean what I wrote: "your interlocutors who chose another provider, not part of the PRISM program, do not have privacy because of you". Straw man fallacy. Your favorite after the perfect solution fallacy. The majority of my (and everyone's) interlocutors use Mac OSX, Windows, Android, iPhone, Gmail, Yahoo, Facebook, Instagram, Skype, Snapchat and WhatsApp and have no idea what is BIOS, ME or JavaScript. And they would never move away from those systems because they give them convenience which they value more than security and privacy. That is not fallacy but a fact. I honestly don't think I can say anything more or new on the subject of this particular thread. So if you don't mind - that's enough. The OP already knows my answer.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Good one, maybe.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> There could also be the hidden vulnerabilities built-in to the encryption mathematical algorithms Very good point. That was what I meant with; [QUOTE] The real threat to encryption is somewhere else: (1) Key security and (2) Algorithm security. These two must be studied in great detail, I believe. [/QUOTE] https://trisquel.info/en/forum/freedom-security-technology-what-can-we-do#comment-127742
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I understand that there are plans to improve the Trisquel forum/mailing list, but I would imagine that wrapping up Trisquel 8 is more of a priority at the moment. There is another solution to it (other than trisquel implementing its own nntp server): Gmane! One Lars Ingebrigtsen had come up with the idea of mirroring a zillion of email lists on a news server. That was the birth of news.gmane.org (also www accessable through gmane.org) It is a proper news server, but it doesn't get news feeds from USENET (worlwide distributed news groups), it just works as "email-list to news-group" gateway, for many mail lists. For instance "debian-user" is a Debian mail list. Someone kindly asked gmane.org to include debian-user in their gateway, and gmane kindly started tracking debian-user too. From then on, any mail sent to the debian-user mail list is automatically mirrored to the news group (nntp://news.gmane.org/gmane.linux.debian.user) and any message sent to the news group (via a newsreader) is automatically forwarded to the mail list. I.e. a complete bilateral list-to-news gateway. If trisquel management just sends a kind request to gmane.org of gatewaying "trisquel users" list, and if they accept that, then voi-la! We have a "nntp://news.gmane.org/linux.trisquel.users; newsgroup linked to "trisquel users" mail list which, in turn, is linked to the web-forum. You can try gmane with a news reader (e.g. claws-mail). Add a new account (NNTP), set server name as "news.gmane.org". It should show up in the newsreader normal UI. Right click on the server, select "subscribe to news groups", and you will see all the email lists Gmane mirrors. Why not add (i.e. ask Gmane to add) trisquel-users to news.gmane.org?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
There could also be the hidden vulnerabilities built-in to the encryption mathematical algorithms, I'm especially suspicious about the crypto highly approved by the N S A as the public standards everyone should follow
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I agree 100%, very well spoken. We live in an imperfect world, but we are progressing. There were always people advocating for the right thing at times when it actually seemed hopeless, and we owe them a better life than back then. Let's also contribute what we can.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
quantumG, an freddit user! Such a disappointment.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
safjafhkehafoheaohaofashflaheah! que pasa?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> You seem to ignore the most common scenario (which I already explained but again:) host A is perfectly clean/libre system communicating with host B which is PRISM'ed (= all communication is tapped). Now consider that hosts like A are very few and hosts like B are almost all other computers and (currently) all mobile phones. So this "much better" is really wishful thinking. And you're showing destructively pessimistic thinking. What you don't seem to understand is: 1. You're not communicating with only a single other party; and 2. Any time both nodes are safe, the conversation is safe. Your attitude is "everyone else is doing things in a bad way, so what's the point?" Well, the point is that if you're doing the right things (encrypting, self-hosting, not sharing with the NSA, etc), that's one more person doing so, and it increases the chances of any two people's communication being uncompromised. It's like the flu vaccine; just because it doesn't affect you personally that much (flu vaccines are often ineffective), that doesn't mean you should abandon it (flu vaccines save millions of lives if everyone gets them). That's the ecological impact Magic Banana has been talking about for this entire time. You don't live in a vacuum. > As long as there are infected hosts in the whole network, capable of spying on others, the whole network is unhealthy. Great. So let's just abandon everything because what we can do isn't perfect. How inspiring you are. Just give up on everything. Why even bother trying to stop pollution? Just throw your smoke into the atmosphere, screw it! Take a look at history, dude. Do you know how horrendous pollution used to be? Smog used to be such a major problem in cities that you couldn't even see your own feet some days. So rather than throwing up our hands and saying the atmosphere is hopelessly polluted, we took measures to reduce the pollution. We still have smog today, so should we go back to unregulated smoke production, just throw it all into the atmosphere like they did in the 1800s? No! Just because the atmosphere is "unhealthy" doesn't mean we take action to make it even worse.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
>The above makes me believe that either heyjoe is just a troll, or he refuses to think in a logical manner, or perhaps he just refuses to admit when he is wrong. Why would you think that? I believe Joe is just a guy with lots of free time and energy, energy he could and should spend in more proficient ways, but then again I can relate and I can understand. I believe he's passionate about the privacy matter. I also believe from having just skimmed through his 'endless posts' that he likes to discuss and argue. That does not make him a troll though. And really, if you are really passionate and learn a lot about the privacy issue related to modern computing you will probably get to the point of being very pessimistic and 'demotivating'. Tx for the positive mention, I like you too (now let's all smoke the magic pipe and make out \o/)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Oh,sorry. My current concern is increasing Linux users. It relates to question 2. OK, I like free direct oration rather than free indirect oration in discussion.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I use procmail to filter incoming mail, and each mailing list is sent to its own mailbox. That alone is enough to make it more convenient than a forum. This is automatically done in a newsreader: e.g. left pane is hierachically structured (in tree view) with news servers and subscribed forums under each server. The right pane is split into two: top part lists threads and - in tree view - messages in correct nesting under each thread. Right-bottom pane displays the selected message in the right-top pane. Just like a pop3 email client. One major drawback of using email lists is that, all the messages in all the threads get accumulated in your hard disk. Whereas with a news reader only the headers accumulate, and just the read messages are fetched and stored in hard disk (they can be set to expire after a given period). Also, with a mail list, each new message in subscribed forums are read one by one as separate emails. Whereas with NNTP (news reader), not the messages themselves but their headers (shorter than a typical email header) are fetched in one lump as a digest. The savings on bandwidth and hard disk usage can be enormous (depending on your subscription scope). > It's true that I don't need to see every thread, but I can easily remove the unread flags from a thread that is unimportant to me. In a news reader it is also possible to prioritize individual threads (even messages) in various ways. E.g. you can assign different importance levels to threads, "watch" them, etc. I have never used such features (seem to recall toying with them, but forgot what the effects were) but they can be useful in this regard. > I understand that there are plans to improve the Trisquel forum/mailing list, but I would imagine that wrapping up Trisquel 8 is more of a priority at the moment. Actually it is rather easy and straightforward to set up a news server. But integrating it with the web-forum is another story, of course. http://www.tldp.org/LDP/LG/issue09/newsserver.html
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I was answering some questions and concerns raised by others.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
So why are you still discussing?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Didn't your main question already receive an answer?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Why do you let me fight alone as you are just watching? Come on! new user! Let's make the experts have a hard time!
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Nobody here says that "free" is synonymous with "safe" (again: good work at not "putting words into other people's mouth"!). I said: >> You should make a difference between demotivating and disagreeing to blind faith in "free" as a synonym of "safe". Where do you see me say "person X is saying free is synonymous to safe"? Yet it is undoubtedly a common assumption that it is so. Otherwise we wouldn't be here and this thread wouldn't exist. > No, it is not "absolutely necessary". And I say it is, in the context of the particular things I was answering to. Would you mind please stopping that word for word dissection? It is starting to sound like censoring. I wonder if you will ever stop. > Do you have "your own network, completely isolated from the Internet" (as you wrote)? Of course not: it is not a practical solution. Yes, I have such network. And it is not the first one I have had. So kindly keep your "of course not" to yourself. > I very much doubt is different from "I have facts proving it". > Perfect security does not exist. We all agree. I don't know who is "we" but I don't agree. Yet I agree that in current technology it is impossible. > You cannot know what the service provider runs or does. It is impossible to know that. It may lie. And it may *directly* provide data to the NSA, e.g., through the PRISM program. Which is yet another fact supporting that switching providers does not give "much better" things. It can't be measured. BTW it is possible. My internet provider is in our building and we are friends. I know what they run. For some of the things I have even helped them personally. > And you do not deserve the control of the servers you do not own. Well, this is proprietary thinking in its most direct form. Of course I deserve that control. Everyone does. The server is something which serves me, you and everyone else. We must be able to inspect how it works for us, just like we must be able to see how the governments spend our money. Security is possible only through transparency and verifiability. > It makes no difference for the users of Google servers. How do you know that? Who is the entity who has checked it? Why should they care if it doesn't matter? Why would they create anything like NERF and share it as free software? > So what? Users should keep on using GMail like you do? Doing so, your interlocutors who chose another provider, not part of the PRISM program, do not have privacy. Because of you. How is that good? Because of me? You mean I am the one because of which the mass surveillance exists and I am going to fix it by switching from Gmail to someone who "still learns to ride the bike" and meanwhile throws dust in my eyes with "free software"? LOL
Re: [Trisquel-users] Is there a perfect method to guard our communication?
It looks the intention of one of your current discussion about trisquel is a minor change of this forum. It looks your intention is how support a user (especially a new user). I think that might necessary measure, but I think you or we should prioritize thinking about more major issues. I think the primary issue is how to increase Linux users. It looks above measure has not strong effective. Surely, they will be able to stay in the forum easier than before, but how many users get that boon? 100? 1000? 1? It is not enough to change this situation, I think. As first, I think we should increase Linux users. Why do they keep using proprietary hardware and software? I think that the first reason is they don't still understand the benefit which given from using free devices and software. Why they should use free hardware and software, what is that merits for them, All of free communities, hardware vendors, software vendors, and users should have a common primary purpose, I think. And I think the purpose is telling them the benefit. Preventing surveillance to use free matters will not become their main motive. Why do we should use free matters? You should show them that actual benefit. I think all of you should cooperate with all of free communities more actively. It looks this is like 1960's French revolutions.They had not the common purpose. If I have misunderstood about that discussion, you can say just...Mind your own business. Then I will say just... Oh, sorry monkey man. Good luck.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> It is much better than doing nothing. You seem to ignore the most common scenario (which I already explained but again:) host A is perfectly clean/libre system communicating with host B which is PRISM'ed (= all communication is tapped). Now consider that hosts like A are very few and hosts like B are almost all other computers and (currently) all mobile phones. So this "much better" is really wishful thinking. > Privacy, like pollution, is an ecological issue. Privacy is not issue. The issue is surveillance and yes - it is ecological. But you won't stop it by securing one or 10k hosts. As long as there are infected hosts in the whole network, capable of spying on others, the whole network is unhealthy. > Mozilla is a non-profit foundation that promotes Free Software and open standards. https://en.wikipedia.org/wiki/Mozilla_Corporation https://en.wikipedia.org/wiki/Mozilla_Corporation#Affiliations > They are not perfect, but their business model is not to surveil you. https://www.youtube.com/watch?v=qMALm1VthGY > Of course, Mozilla respects your privacy better than Google. Based on what is that "of course"? What evidence do you personally observe? Please stop speaking based on random articles around the web. Bloggers need traffic, I don't. > If you want to argue the opposite, please provide proof, particularly proof that Mozilla is purposely abusing my privacy, and in a worse way than Google, to boot. I don't want to argue. I have already provided enough info in the web browsers thread. And I don't claim that this info is complete and final because I haven't used (or tested) each and every product and service by both companies. Still it is first hand info unlike the articles by bloggers who never tested anything. > Just like when you say Edward Snowden may have been a plant. The burden of proof is on you heyjoe. If you have no proof then you are just libeling a person and an organization both of whom seem to be on the side of a more just world. If one wants to find out the truth about anything one must be objective. I have no proof of that and you have no proof of the opposite. So if we are objective we have to admit that both are equally possible. The fact is that media can highly influence people to think something without a proof and there are people who use that lever. Another fact is - well, he worked for NSA, so he agreed to do nasty things. Why should he not do another even nastier thing? I admit that it as possibility and I admit the other possibility too. It is an open door. Personally I find Wikileaks a more reliable source of factual info. Don't ask me why. > Nobody is disregarding their technical expertise. That is precisely what makes them such a dangerous company. For the last time, their business model is to surveil you. This is not up for argument. I don't think their business model is mere surveillance. It is much bigger than that. Also it is not their expertise that makes them dangerous but how they use that expertise. > I believe all people should care about the freedom of their computing, so I would never recommend somebody to run Windows... You are presenting a false dichotomy. I was answering your questions from your previous post: >> Meanwhile you are so worried about what happens in ring-3? Again, where is the logic? so that you can understand. But you don't. You simply see the word "Windows" and jump into the "Gnullelujah, I believe". Nobody asked you what you think is better or not. You asked me about the logic and I gave you my answer. What's the point of asking someone what he thinks if you don't really care about anything but yourself? If you do that you are not looking for a dialog, you are merely preaching your own thing. Don't waste my time please. > I think I understand well enough what ME is. You speak of Intel ME as if it were a sentient being. Who, precisely, has full access to every single bit of my data...etc. etc. even while my system is shut down? Who is simultaneously spying on all of us like this? Microsoft? Google? The NSA? The local mobster? All of them? Do you have any proof that this is happening? Intel ME is a potential backdoor. Spectre and Meltdown are security vulnerabilities. I doubt that if I decide not to use Gmail, Google's employees are going to start collecting data on me thrugh ME, or Spectre or Meltdown or any other vulnerability in the hardware of my computer. https://www.blackhat.com/eu-17/briefings/schedule/index.html#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668 Spectre and Meltdown are yet to be exploited by malicious hackers. These are separate. > I do not mind that you think what you wish and that you make a case for what you think. I do mind that you conflate issues, confuse others, and make it sound as though using free software has no purpose. I do mind
Re: [Trisquel-users] Is there a perfect method to guard our communication?
>that communication involves other hosts too and that changing your mail >server is not enough as a measure to ensure privacy of communication. It is much better than doing nothing. By your logic: Why should I stop throwing trash in the street if other people are still doing it? Privacy, like pollution, is an ecological issue. >These are generalizations. Just like saying that Mozilla respects your >privacy better than Google. Google's business model is to surveil its useds. The chairman of Google has openly said Google's goal is to know what you want before you know you want it (or what you are looking for before you know you are looking for it). Mozilla is a non-profit foundation that promotes Free Software and open standards. They are not perfect, but their business model is not to surveil you. Of course, Mozilla respects your privacy better than Google. If you want to argue the opposite, please provide proof, particularly proof that Mozilla is purposely abusing my privacy, and in a worse way than Google, to boot. Just like when you say Edward Snowden may have been a plant. The burden of proof is on you heyjoe. If you have no proof then you are just libeling a person and an organization both of whom seem to be on the side of a more just world. >And "at least" it is from a provider who understands security down >to the chip. I am completely against the large scale mischief of >Google but it would be unfair to disregard the excellent technical >expertise of people who work there. Nobody is disregarding their technical expertise. That is precisely what makes them such a dangerous company. For the last time, their business model is to surveil you. This is not up for argument. >It is no different from running Windows, installing LibreOffice on >it and feeling relaxed that in this way your computer won't leak data through >your office package. I believe all people should care about the freedom of their computing, so I would never recommend somebody to run Windows. However, if somebody is running Windows and they have the choice between a proprietary word processor, spreadsheet or presentation maker, and a freedom respecting one such as LibreOffice, I would recommend LibreOffice. I would also say they are doing better than the person using the proprietary software. You are presenting a false dichotomy. >You don't seem to understand that something like Intel ME has full access >to every single bit of data (including every key stroke) and can modify >and transmit it while you are running your favorite Trisquel and Tor, >using non-US based mail service with E2E encryption and thinking that you >are safe in that setup. It can even do that while your system is shut down >as long as the power cable is plugged in. I think I understand well enough what ME is. You speak of Intel ME as if it were a sentient being. Who, precisely, has full access to every single bit of my data...etc. etc. even while my system is shut down? Who is simultaneously spying on all of us like this? Microsoft? Google? The NSA? The local mobster? All of them? Do you have any proof that this is happening? Intel ME is a potential backdoor. Spectre and Meltdown are security vulnerabilities. I doubt that if I decide not to use Gmail, Google's employees are going to start collecting data on me thrugh ME, or Spectre or Meltdown or any other vulnerability in the hardware of my computer. - I do not mind that you think what you wish and that you make a case for what you think. I do mind that you conflate issues, confuse others, and make it sound as though using free software has no purpose. I do mind that you seem so paranoid about security, privacy, surveillance, and yet use the services of at least one of the surveillance giants. You can't have it both ways heyjoe. And if you wish to libel others, particularly those who are in service of a more free society, those who have dedicated their lives to it, even risked their lives for it, I suggest you cough up some hard evidence or stop complaining when you are called up on your unsubstantiated libels.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> What logic is this? I have already explained it. If you can't understand it I don't think I can explain it any better. You should really try to look beyond your own computer and understand that communication involves other hosts too and that changing your mail server is not enough as a measure to ensure privacy of communication. > Almost any provider is less abusive than Google. These are generalizations. Just like saying that Mozilla respects your privacy better than Google. > At least choose one that promises you privacy and has to breach their promise to abuse you. I already have that. And "at least" it is from a provider who understands security down to the chip. I am completely against the large scale mischief of Google but it would be unfair to disregard the excellent technical expertise of people who work there. Let's not forget who announced the Spectre and Meltdown (hint: it wasn't FSF). And before you jump at me with another "Gnullelujah, you will rot in hell as a sinner" - I am not recommending anything here. I am just saying what I do in a time of searching for better alternative, not that you should do the same (especially when you don't know what you are doing, as it seems). > Meanwhile you are so worried about what happens in ring-3? Again, where is the logic? Again: how many times? It is no different from running Windows, installing LibreOffice on it and feeling relaxed that in this way your computer won't leak data through your office package. > My house can be broken into with a sledgehammer so I should get rid of the door? That is not a correct metaphor. Nobody is destroying your computer. A correct metaphor would be: who cares about the super lock of your door when your key can be accessed by someone else at any time without you even knowing about it? You don't seem to understand that something like Intel ME has full access to every single bit of data (including every key stroke) and can modify and transmit it while you are running your favorite Trisquel and Tor, using non-US based mail service with E2E encryption and thinking that you are safe in that setup. It can even do that while your system is shut down as long as the power cable is plugged in. > As you yourself show, you are not serious in your approach to privacy. What is your approach? To simply tell others that their approach is wrong? You didn't even know what a protection ring is before it was mentioned, yet you tell another that he doesn't understand, you speak about PhD's and what not. Does that make you serious? Or the fact that you object to anything which you fail to even look at?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
>> * Meanwhile, heyjoe has just written on another post in this thread that he uses Gmail... >Yes, I have written that but I have also written that I am >looking for better alternative. This means: a service >provide who can proof that their systems are free from >malware on firmware level (at least to the currently >possible level) and for which there is a verifiable proof >that their systems don't use any software whatsoever which >may indirectly provide data to NSA. Without that just a note >on someone's site "we use only free ethical software" is >just marketing through wishful thinking. What logic is this? What is your threat model? Why would you use the service of a company that surveils you as its business model? Read the license you agreed when you chose their service. Almost any provider is less abusive than Google. At least choose one that promises you privacy and has to breach their promise to abuse you. Meanwhile you are so worried about what happens in ring-3? Again, where is the logic? My house can be broken into with a sledgehammer so I should get rid of the door? As you yourself show, you are not serious in your approach to privacy. You also seem not to understand, or not to want to understand, the practical underpinnings of free software. There is no commenting about the topic because you systematically bring down every topic with spurious logic.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I also agree that heyjoe's posts are for the most part defeatist and demotivating. You should make a difference between demotivating and disagreeing to blind faith in "free" as a synonym of "safe". Otherwise you are merely singing Gnulellujah. > I'm not sure what threat model he is thinking about or what he wants to achieve. Because you don't read in order to understand but in order to argue. > * Every attempt at privacy, security and computer freedom is moot because hardware is insecure. I don't think I have ever said that. The word "moot" is not even part of my vocabulary. Taking every possible precaution is absolutely necessary. But one should remember that this includes also going down to the lowest level, not merely installing a distro which is considered free. And because you cannot control things down to the hardware level your security and freedom is always limited by that. You can still live with that level of (in)security but if you don't get "tracked" it is because you are lucky, not because you are really safe. And lucky means - not specifically targeted. Once you become a target (which is not impossible) - good luck with your "free software recommendations". > * We should not try to do "the best we can" because that is not a measure of anything (?!). No, we should always do the best we can. And yes - it cannot be measured because there is no number which can express how close you are to expunging all threats, especially including an unknown number of unknown ones of unknown nature. And it is important to note that the OP is asking about a perfect method of guarding one's communication which excludes the possibility of any imperfection at any level. I maintain that currently this is impossible and there are technical facts proving it. >* Firefox is no good because a tcpdump showed that it sends packets to other servers. Prove me wrong. Show something, don't just "distill". > Chromium did not send packets using that same, very limited test (as Magic Banana has explained). Therefore Chromium is better even though it contains obfuscated code and non-free licenses. The obfuscated code was shown much later than the tcpdump test. I have never said that I have complete ultimate trust in Chromium. All I am saying (or rather - all the test is showing) is that Chromium does not chatter like Firefox and is easier to configure so that it does not chatter. Is it a complete test showing that Chromium never contacts Google under any circumstances? - I have never claimed that. The tcpdump test is a simple one (yet useful) and can be used a basis for further in-depth testing. > * Meanwhile, heyjoe has just written on another post in this thread that he uses Gmail, a "service" whose main function is data mining and surveillance, made by a company whose main business model is data mining and surveillance, and who have been shown to belong to the PRISM NSA surveillance program, among many other possible privacy and security related red flags. Yes, I have written that but I have also written that I am looking for better alternative. This means: a service provide who can proof that their systems are free from malware on firmware level (at least to the currently possible level) and for which there is a verifiable proof that their systems don't use any software whatsoever which may indirectly provide data to NSA. Without that just a note on someone's site "we use only free ethical software" is just marketing through wishful thinking. Re. Google in particular I have also shown specific video which shows that they do care about removing Intel ME. That of course does not excuse them for their other mischief but be fair: Which other online service provide have you seen working on that? Kolabnow who "learn to ride the bike"? I also explained that switching the mail server doesn't really add any privacy as long as on the other side of the wire you are communicating with someone who is part of the PRISM or who uses a system with security issues explained above. These are all actual irrevocable facts. > The above makes me believe that either heyjoe is just a troll, or he refuses to think in a logical manner, or perhaps he just refuses to admit when he is wrong. That is your problem - you believe in things, you don't look at facts. And you make conclusions about "logical manner" based on the illusions you believe in. > What I am sure about is that he does not want to contribute to anything positive to any discussion I have so far witnessed, except by complaining and shooting down solutions when they are given to him (as the empty github repo and Magic Banana's unused contributions prove). Oh really? And how do you contribute? By analyzing me? How marvelous. > Frankly, all the threads I have seen heyjoe participate in, have become onanistic and meaningless, including the web
Re: [Trisquel-users] Is there a perfect method to guard our communication?
>I disagree and let anybody who cares (probably nobody) judge. I care. I also agree that heyjoe's posts are for the most part defeatist and demotivating. I'm not sure what threat model he is thinking about or what he wants to achieve. This is what I distill from the hundreds of posts: * Every attempt at privacy, security and computer freedom is moot because hardware is insecure. * We should not try to do "the best we can" because that is not a measure of anything (?!). * Firefox is no good because a tcpdump showed that it sends packets to other servers. Chromium did not send packets using that same, very limited test (as Magic Banana has explained). Therefore Chromium is better even though it contains obfuscated code and non-free licenses. * Meanwhile, heyjoe has just written on another post in this thread that he uses Gmail, a "service" whose main function is data mining and surveillance, made by a company whose main business model is data mining and surveillance, and who have been shown to belong to the PRISM NSA surveillance program, among many other possible privacy and security related red flags. The above makes me believe that either heyjoe is just a troll, or he refuses to think in a logical manner, or perhaps he just refuses to admit when he is wrong. What I am sure about is that he does not want to contribute to anything positive to any discussion I have so far witnessed, except by complaining and shooting down solutions when they are given to him (as the empty github repo and Magic Banana's unused contributions prove). Frankly, all the threads I have seen heyjoe participate in, have become onanistic and meaningless, including the web browser thread which included heyjoe's interesting tcpdumps, but which he later turned into agressions against Magic Banana to cover for his inability or unwillingness to collaborate with others to create solutions to the problems he discovered. There are several people here that have made this forum a worthwhile place for me to read, some for the past few months, others over the years, and who I will stand up to defend if I feel they are being wronged (Magic Banana, Jxself, Quantumgravity, Mason, Supertramp and many others, such as Lembas, who btw I no longer see), many of whom I have been able to count on throughout the years to help solve problems, either my own or those of other trisquelians. So I care. And I judge. I hope heyjoe will stick around if he can contribute to making this forum a better place. For now, I see the very opposite of that happening. So far, heyjoe keeps going out of his way to create polemic and turn any discussion into a pointless thread that never ends. I am usually against moderators and control over the flow of thoughts and ideas in forums. These past few weeks I have, for the first time as far as I remember, found myself wishing that this forum had more moderation.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Since I started using mailing lists, I've found them to be far preferable to forums, especially in Trisquel's case. I use procmail to filter incoming mail, and each mailing list is sent to its own mailbox. That alone is enough to make it more convenient than a forum. I can do everything in that mailbox I could do in the forum, but I don't have to open up a web browser, don't have to click around to navigate, and can easily find new messages with read/unread flags. It's true that I don't need to see every thread, but I can easily remove the unread flags from a thread that is unimportant to me. At least I don't have to load a page in a web browser listng all of those threads. > OTOH, web forums are, while being convenient for casual skimming, Yes, the advantage of a forum is that is is easily accessible without having to subscribe, which is great for Trisquel users who can find answers to their questions by searching through past threads and avoid making an account to ask a new question. That's why I like that Trisquel mirror's the forum and mailing list. > I wish trisquel.info had an nntp server (e.g. news.trisquel.info) > so that we could use newsreaders to read/participate in the forums. > > NNTP is the way to go. I was not familiar with NNTP until I read your post, but after looking into it does seem like a good idea. I understand that there are plans to improve the Trisquel forum/mailing list, but I would imagine that wrapping up Trisquel 8 is more of a priority at the moment.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> If you were referring to me Quantum is probably referring to the individual who has made exactly two posts in this forum, the first after joining with the express purpose of cheering on heyjoe, and the second just now doing the same thing. > As for heyjoe's messages, I did upvote a few of them to neutralize > an unfair downvote. That's exactly how upvotes should be used. I've said before that instead of up/down votes we should have "flag as inappropriate" which prompts you to identify which community guidelines have been violated before advancing, after which the flag can br removed if enough users click "not inappropriate." This would make it more clear that the voting system has more important function than expressing approval or disapproval of what someone has said.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
heyjoe if you keep replying the this none sense this thread will keep getting bigger and bigger please stay on topic we want useful info ignore the ignorant thanks
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> If you were referring to me, by any chance I wasn’t and I have no idea why you would think that. I never used your name anywhere - ever. On top of that, I think we barely even talked. So why did you have this thought?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
And actually why wouldn't you want to get the headers of threads you are not participating in? Possibly because you draw analogy between newsgroup messages and emails? If the "unwanted" messages were emails, then I would have thought the same way. But they are just headers. Their existence in your newsreader can be considered as aesthetic clutter, then again each thread only consumes a single line in your newsreader's "messages" pane. It is in tree structure. You expand only the threads you follow.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> A classical simple system for auto subscribing for email notifications for the thread one posts to is much simpler. Being a protocol, it is not possible to embed custom / arbitrary logic into NNTP. It is so with any protocol. Web based forums can include any number of convenience logic, such as voting, custom subscription logic, editing[*], etc. OTOH, it is web interface after all, with its own inconveniences. It is like POP3 mail vs. web-mail. [*] In nntp there is only a short duration in which you can edit your post, and in some cases even that is not possible. As for NNTP / SMTP / HTTP integration, it is possible indeed. E.g. trisquel-users (web interface) is integrated with a mail list. Any combination is possible. But such integrations depend on custom service a specific server offers, i.e. cannot be generalized or standardized.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Sounds like too much hassle to be honest. A classical simple system for auto subscribing for email notifications for the thread one posts to is much simpler. BTW I have been part of some discussions (IIRC on Google's community groups) in which it was possible to still post by sending an email as a reply, or through the page of the thread and there was no need to get updates for all other discussions.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> But can NNTP resolve the issue with mail lists sending all the threads (including those one doesn't participate in)? I am not aware of whether subscription resolution can be set down to threads. So far I have always used it in resolution based on "groups" (e.g. trisquel-users). As you subscribe to groups in a news client, that means you subscribe to all the threads in that group. I think there may be a workaround like this: Killfiles usually work on blacklisting basis. I.e. all the messages pass through, except the ones that match your filter. If you can change it to white listing (may depend on the particular newsreader you use), and allow only the threads (subject lines) you are interested in, then all the messages will be filtered (killed), except the thread(s) you are interested in. While this is a hack, and all the message headers still got fetched, it is still an efficient method. Because (1) only the headers are fetched (then discarded), and (2) since pending headers are fetched in a single lump, network bandwith waste is kept to a minimum. Still, we need to research whether NNTP itself supports finer resolution than newsgroups (individual threads).
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Thanks for explaining the technicalities. But can NNTP resolve the issue with mail lists sending all the threads (including those one doesn't participate in)? If not - then it probably has value only as an optimized version of lists rather than UX improvement.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> However I don't see it as anything different from mail lists, i.e. I still see all of the threads inside the particular forum/newsgroup I subscribe to. One difference is that, in mail lists you get the whole mail (header and the body) of each post, whereas in newsreader you get just the headers. So, listing is similar to a mail reader. When you click on a subject, only then the message is fetched from the nntp server. Also, killfiles work on headers, so you don't download a whole message just to kill it. Another differevce is that, NNTP is a distributed protocol. E.g. a forum may be mirrored on many nntp servers distributed throughout the world. You can use any nntp server (that hosts a particular newsgroup) to subscribe to a newsgroup). This may not be relevant for trisquel forums as it is really useful for rather large newsgroups such as "comp.os.linux.*" etc.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> what a coincidence... heyjoe, you sure have a lot of fans here. maybe it was this one guy who suddenly showed up in the other thread just to show his loyality to you...who knows. If you were referring to me, by any chance, I never downvote (seldom upvote) anyone in any forum unless it is something really awful, and I didn't downvote any single message in this thread. And I don't remember if I did so *ever* in any thread in trisquel-users. I believe I didn't. As for heyjoe's messages, I did upvote a few of them to neutralize an unfair downvote.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Thank you, this will be good memory. Posting after understanding. Or this is my jelousy. I should train myself instead criticizing other people...
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Thanks. I already configured it in claws mail. However I don't see it as anything different from mail lists, i.e. I still see all of the threads inside the particular forum/newsgroup I subscribe to. Perhaps it won't be quite different from what we already have here?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I have absolutely no idea. I don't use these +/- buttons at all. It is a silly function to me.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
It is all OK. Don't worry and feel yourself at home please.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> openSUSE's forum have that too but I haven't explored into it (I still need to learn about how to use NNTP): It is no more difficult than using a POP3 mail reader. All you need to do is; Install a newsreader like Thunderbird[*] (it is a dual purpose software - both mailreader and newsreader). Get into nntp or newsgroups setup, enter the server address (usually starts with "news" e.g. news.suse.com), for moderated newsgroups you need to enter your userid and password to relevant fields, port numbers etc. are usulally left to defaults (unless a particular news server uses non-default port numbers). When you correctly defined your news server, you usually download the "groups" (forums and subforums) that news server serves, then all the groups available and visible to you. Select which groups you want to subscribe to, and all the message headers (but not message bodies) in that group(s) will be downloaded. From now on it is no different than a POP3 email reader. Whenever you click on a header, relevant message body is downloaded and stored permanently in your computer (unless you set a timeout limit or delete them manually in the reader - just like an email client) [*] I would definitely *not* recommend a behemoth of a newsreader like Thunderbird. There are much much simpler and leaner ones. Just search with "newsreader" and "nntp" keywords in your package manager to see them. Better if it is a dual purpose mail (POP3) and newsreader (NNTP). > Thank you for your earlier advise about claws-mail. You are welcome. :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
And now all of my and MBs posts got exactly one downvote, and all of heyjoes replies got exactly one upvote... what a coincidence... heyjoe, you sure have a lot of fans here. maybe it was this one guy who suddenly showed up in the other thread just to show his loyality to you...who knows.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I was just caring about "if this is miss shot...". Really. So I am not offende, Perfectly. But I don't still understand well that. But I can understand later probably. I hasten to send this. I did really care about it. You do understand that atmosphere? やっぱ書かなきゃ良かったよ( ' ^ ' ) 。こちらこそすっごい色々考えて悩んだんですから勘弁して下さいね。恥ずかしいやら気まずいやら複雑な心境です。This might shyness. My bad habit.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Although I guess there is a slight atmosphere of when one missed a shot of jest... I believe that has deep meaning as his usual way... But what is sewing? 誰か古株がツッコミ入れる所なんじゃないの? or was it my misreading? Dear MSuzuqi San, It was an innocent joke (jest, humor). Sewing is when you mend a shirt with needle and some thread (yarn, thin cord). Houseviwes and maids mend garments by sewing them. It is a maid's job. I asked whether you are looking for someone to sew (mend) your shirts. Ofcourse it is not my business why you are looking for a maid. I was just joking. Sorry if I offended you. I didn't mean to be offensive. Best wishes
Re: [Trisquel-users] Is there a perfect method to guard our communication?
openSUSE's forum have that too but I haven't explored into it (I still need to learn about how to use NNTP): https://forums.opensuse.org/faq.php?faq=novfor#faq_nntp Perhaps that could be part of the request (if one is to be made). I am not quite sure how this site is maintainted though. A little after I joined I sent an email to https://trisquel.info/en/contact about https://securityheaders.io/?q=https%3A%2F%2Ftrisquel.info=on but I never received a reply and it is obviously not fixed. BTW (another little off-topic): Thank you for your earlier advise about claws-mail. It is an excellent mail client. I like highly customizable programs :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I'm glad. You don't how many experts of various worlds have been ignored me. A few have courage. I have been thinking that it is born temperament. I don't want to think so though... But eigher way, it needs a lot of effort and particulary experience of tying to close death ( by Just oneself, like a big wave surfer. ) and many factors, I think. Probably you guys were being jealoused by many people... I don't like them ( moderate expression ) . But I don't want to divide them and us decisively. I want to believe their possibility. Maybe it is enough for us that we say just " I never betray you. " each other. And keep it until the end of the day. It is simple but very difficult, even for us. But if they can do it, they don't have to leave from e.g. a folum like here. This is the " do it yourself " . We can just do like : You can do nothing about my computer, except encouraging me, educating me, questioning me about my security precautions. If you decide that I'm not secure enough, you can decline exchanging important emails with me. ( Although I guess there is a slight atmosphere of when one missed a shot of jest... I believe that has deep meaning as his usual way... But what is sewing? 誰か古株がツッコミ入れる所なんじゃないの? or was it my misreading? ) If I decide that they are not sincere enough, I decline to associate with them, because that is danger to us.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Mailing lists are a pain to me. While a bit off-topic, I think this is an important issue to address. AFAIK the best discussion platform is "newsgroups" (NNTP protocol) as a newsreader only downloads the headers of each post, and downloads the message body only when you request so (click on it). Has perfect nested threading support (which can go awry in email sometimes), good killfile support just to name a few advantages over mail lists. This is only normal, because NNTP protocol and newsgroups are custom designed solely for the purpose of online discussions. Using mail lists instead of NNTP is analogous to using a screwdriver to stir a cup of tea. Eventually does the job, albeit very awkward. OTOH, web forums are, while being convenient for casual skimming, very clumsy as a discussion platform. I wish trisquel.info had an nntp server (e.g. news.trisquel.info) so that we could use newsreaders to read/participate in the forums. NNTP is the way to go.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> 2) Not mirrored to list archives; (I don't know whether there is a mailing list for it in the first place) Mailing lists are a pain to me. It seems when I am subscribed I get all the messages, even those from threads I am not taking part in. This is spammy. I would rather prefer it like in openSUSE forums: to get an email only when someone posts a reply in a thread I am following and only once (even if there are more posts after it). Otherwise if I am offline for a few days and I open my mailbox after that its a nightmare.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> - Talk in troll lounge Troll lounge has 3 drawbacks for serious debates: 1) Expulsive naming; 2) Not mirrored to list archives; (I don't know whether there is a mailing list for it in the first place) 3) Cream gets mixed up with the crop. > - Ask someone to create separate general tech-talk forum I think this would be the best solution. This is also what mason has suggested, if I understood correctly.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I agree too. So what shall we do? - Talk in troll lounge - Stop talking - Ask someone to create separate general tech-talk forum ?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
If she realized what is it, she will escape from me. That is always their one of main intentions.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I believe the main underlying reason of frictions is that trisquel-users is rather a community support and advocacy sub-forum. Technical debates in such a forum comes across as out of context, or inappropriate. The solution is already proposed by mason (and I agree 100%) in this message: https://trisquel.info/en/forum/there-perfect-method-guard-our-communication?page=2#comment-128205 [mason] I think this is partially related to having many discussions that while relevant to many Trisquel users do not belong in a forum/mailing list for tech support. I think that these discussion are very worthwhile, but need to heppen in a separate forum on the same site. The closest we have is the troll lounge, but that has negative connotations and also contains a lot of threads that are jokes. [/mason]
Re: [Trisquel-users] Is there a perfect method to guard our communication?
No, I am not. That "here" is something you tailored from different parts of my post, again - extracting a detail and missing the whole and turning it into something else. Ok, enough. Stay on topic please. That is not helpful to anyone.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps because of the parts full of wonderful and polite communication of useful information.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> a perfect multilingual blonde... I have a vague hunch that you might be referring to a lady/maid? > some first-class skills... Linux knowledge is not needed - you can teach her Cooking is done by various eateries outside Dishes and laundry are left to machines Cleaning and ironing are luxuries anyway That leaves... hmmm... I believe you meant "sewing skills"? Nowadays it is quite difficult to find a lady with first-class sewing skills. I wish you good luck. ツ Note: If you find a lady with good "sewing" skills, please inform me about your search strategy. I have a lot of garments that need some sewing too. :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Identify what threats there are and which ones can and cannot be addressed, how to address the ones that can and what is missing to address the ones that can't. Stress the importance of doing what is possible while acknolwedging current limitations. This sums it up better than I or others have put it down. > I think that these discussion are very worthwhile, but need to happen in a separate forum on the same site. I think the same way. It is indeed a good idea to split trisquel-users into two: One for community support and casual user interactions, the other for technical discussions. > I don't think there's anything wrong with the way you've been communicating. Some recent threads have become very difficult to follow and it has been difficult to keep track of who said what, but everything I recall reading from you has been thoughtful and interesting. Thank you mason, for your kind words. :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Sure there is; doves and pigeons! Although there's a chance nature might still loose your message by actions of hawks and eagles.. although you could try to solve that by sending an armed drone as it's escort.. I guess relativity indicates 100% is impossible.. There's just no (hu)man-made product that functions in a way that it would exclude influences of other humans.. no human can build a vault that can not be cracked or hacked by other humans.. although sometimes it might take a few hundred years.. and then, there are ways to put it in such a process it would disintegrate/destroy/delete itself when opened the wrong way.. Maybe only send out message's you'd like everybody to read.. that would be a way.. no, it's still not safeguarded the intended way, but at least now you'll be happy when your message gets read by someone else than the intended receiver, maybe even address the possibility by writing something in it like: Dear unintended reader, I am still so f-ing curious to, I get that you'd like to read message's not addressed to you; it wouldn't be the first time someone grew aware of a frame or plot against them by opening and reading a letter not meant for them, but, there is no such conspiracy to you from my end! So! When you're finished reading and have confirmed to your self enough, there is no such thing in this letter, or my life for that matter, please be so kind as to send this message through to the intended receiver!? Thank you dearly! Haha, for real though: I hope ya had a good laugh! I did when I read the question.. don't take that as making fun of/at the human posting the original post, in all honesty I really do think it is a legitimate question to ask..!!! It's just the 'unintended set-up' such a questions posses to whatever answers follow on it, that's where the humor takes over and I have a good laugh following because of it, not at it! So yeah; thanks for that! Yo!
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Hmm you casually skipped the inconvenient part of my post... figures.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> you just did some tcpdumps, which provided some nice info, That "just" is what nobody else did and it is not based on "helpful" articles and recommendations. > but you make it sound as if you revolutionized the whole webbrowser market... Where do you read any claims of that? Please stop putting words into other people's mouth. > Unlike heyjoe, who produces mostly big words with not much to them, Glad to see that you produce something much more, in all threads. > magic banana gives excellent help to the trisquel community for years and years. Yet another out of context thing. What has that to do with anything? Here he is throwing accusations (in a softened language) that someone is trying to demotivate others by explaining instead of assuming and praising. Meanwhile he himself is actually discouraging any exploration into anything different from the established pattern of "say free software and don't look any further". If you find this as part of an excellent help my BS detector shows something different. > and even contributed to the very same thread you mentioned by writing two scripts. And how come the one who demotivates others actually motivated another to do what you point out? Or perhaps that contribution came out of nowhere, unrelated to the "big words" of the demotivator? Maybe also the thanks he received in that thread are some kind of abuse to those sacred 20 lines? FWIW: There are also other people like SuperTramp who shared useful info in that thread yet they don't twist other's words. > you're accusing rhetorially fluent members and analytical thinkers like magic banana of twisting words. You should probably check the difference between accusing and pointing out how others accuse. I am not the one who puts words in other people's mouth or takes words out of context and starts meaningless off-topic argumentation over that. > And now you're really wondering why nobody wants to join your disussion in the troll hole? Seriously? The fact that only one person actually joined is a proof that people here would rather ignore seriousness and escape into superficiality. And BTW it is not "my discussion", I don't own anything. It is open to everyone who is interested in something more in-depth than merely comparing licenses and linking to articles from gnu.org.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> heyjoe is the person who showed something practical in investigating and improving security of web browsers. you just did some tcpdumps, which provided some nice info, but you make it sound as if you revolutionized the whole webbrowser market... > heyjoe is the person who showed something practical in investigating and improving security of web browsers. What did you do about it? Unlike heyjoe, who produces mostly big words with not much to them, magic banana gives excellent help to the trisquel community for years and years. He also wrote free software (check out his website) and even contributed to the very same thread you mentioned by writing two scripts. You, on the other hand, keep twisting words to no extent and a lot of times you're unable to read and/or understand the most basic statements, like here: https://trisquel.info/en/forum/free-email-providers#comment-127963 Instead of being embarrassed about this and correcting your mistake, your self confidence seems to accelerate even more and you're accusing rhetorially fluent members and analytical thinkers like magic banana of twisting words. And now you're really wondering why nobody wants to join your disussion in the troll hole? Seriously?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I actually wrote two scripts to help you You are not helping me but the community. I am not a helpless person asking for your help. > In contrast, the only "advice" from you is "create your own network, completely isolated from the Internet" That is the only valid answer to the OP's question because perfect means complete not "99.%" (which is really just another random number creating a false sense of high security). I am not going to dissect previous posts yet again and I am not interested in your endless juggling with rhetorical tricks.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
かなり自然ですけど。 >貴方と僕、喋らないとダメです OK. I believe you. Hey! Is there a perfect multilingual blonde who has blue eyes, under 167cm, some first-class skills, and live in Japan and don't care about the man has a lot of persistent peepers?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> But then it is a delicate balance between lulling into false sense > of security and discouraging into abandoning security. I > acknowledge that new users might not be able to differentiate the > subtleties and can get over- or under-optimistic (both being > equally bad) rather easily. I think the solution is actually the one you proposed a few messages ago. Identify what threats there are and which ones can and cannot be addressed, how to address the ones that can and what is missing to address the ones that can't. Stress the importance of doing what is possible while acknolwedging current limitations. > OTOH, old users need to discuss things somehow, while not > inadvertantly causing a false impression (+ or -) on new users > about security and privacy. I think this is partially related to having many discussions that while relevant to many Trisquel users do not belong in a forum/mailing list for tech support. I think that these discussion are very worthwhile, but need to heppen in a separate forum on the same site. The closest we have is the troll lounge, but that has negative connotations and also contains a lot of threads that are jokes. > I believe in "beating it up", as I believe it *is* the natural > evolution path of FOSS. Exactly, there is no silver bullet. > Well, it may work well in dedicated circles, but in a general forum > where there are people from every walks of life, perhaps some > healthy dose of euphemism would be a more suitable approach. The > thing is, I'm not that type, and if I try that way, it will simply > not stick on me (because it is not me), rather it will stick out > like a sore finger. I don't think there's anything wrong with the way you've been communicating. Some recent threads have become very difficult to follow and it has been difficult to keep track of who said what, but everything I recall reading from you has been thoughtful and interesting.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
修正ありがとうございます。 落ち込まないでください... そんなに頑張るのは見事だと思います。 ドイツ人として日本語はめっちゃむずかしい、然も自然な日本語は一番むずかしいです。 時々無理だとおもいます... 絶対消してできません。 日本語喋ると、のろまな像みたいな感じ^^"。 でも諦めるわけではないね。読んだり、喋たり、勉強したり、こうして必ず上手になりますね...貴方と僕. 喋らないとダメです. 間違えたら全然大丈夫です。メンバーは大抵優しい人ですから。 じゃ、一緒に頑張りましょう。よろしくおねがいします。
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> What about the subliminal message "our computers and networks are owned, securing our communications is moot, give up"? Nobody said "give up". You should really stop putting words into other people's mouths. I have asked you to stop it so many times, yet you keep doing it. > If I was a conspiracy theorist (I am not), I would suggest heyjoe and you infiltrated the Trisquel community to demotivate those who want to secure their communications. heyjoe is the person who showed something practical in investigating and improving security of web browsers. What did you do about it? You criticized him from the very beginning, posted various inflammatory, confusing and time wasting off-topic remarks and at the end you started licensing your forum posts. Do you really think what you did helps anyone to improve the security of their communication? Or you are just throwing mud at others, so that your perfect knowledge can shine? Would you rather prefer the info about browsers not to have been shared, so everyone can live an illusory life in the fancy words of ideologies and motivational talkers? heyjoe also opened a thread to discuss ideas about a new network model. What did you do? - You posted in it just to explain that because it doesn't fit in what you know, it is inefficient, anti-ecological and what not, when the whole idea was to discuss a possible new approach, share other ideas etc. You simply dump everything which doesn't conform to what you stick to. Yet you say that others are demotivators. Great, hats off. Maybe we should all sit together in a church and sing motivational Gnulellujahs which would be the ultimate security of communication? heyjoe is also the person who invited everyone into an in depth discussion about what we could actually do to optimize security of current systems and to create new truly secure systems, considering (and _not_ neglecting) the actual issues which currently exist. How many people joined and showed real interest? Just look at your only post in that thread and how "motivating" it is. As Abdullah explained - creating a false sense of security and safety is much more dangerous than facing actual insecurity.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps an interesting article: https://aeon.co/essays/your-brain-does-not-process-information-and-it-is-not-a-computer
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> What about the subliminal message "our computers and networks are owned,... *Potentially* - so that we would have a healthy dose of awareness and would develop preventive measures. > ...securing our communications is moot, give up"? I hope I haven't given *that* impression. > If I was a conspiracy theorist (I am not), I would suggest heyjoe and you infiltrated the Trisquel community to demotivate those who want to secure their communications. Hmmm yes, you may have a subtle point there. I get your message. I might have come across a bit discouraging in my attempt to "be on the safe side". But then it is a delicate balance between lulling into false sense of security and discouraging into abandoning security. I acknowledge that new users might not be able to differentiate the subtleties and can get over- or under-optimistic (both being equally bad) rather easily. OTOH, old users need to discuss things somehow, while not inadvertantly causing a false impression (+ or -) on new users about security and privacy. What would you suggest? Perfect compromise may not be easy, but opinions matter. As for me, I have always thought along the lines of "Bazaar Dynamics" in FOSS. I believe that exposing bugs, discussing weaknesses, "beating it up" serves as part of hardening and excelling process. E.g. while closed source vendors try "security by obscurity", FOSS goes the exact opposite way of "security by pornography" i.e. overly and close-up exposure of bugs and issues. And at the and of the day, FOSS strategy wins over that of CSS! So I believe in "beating it up", as I believe it *is* the natural evolution path of FOSS. Well, it may work well in dedicated circles, but in a general forum where there are people from every walks of life, perhaps some healthy dose of euphemism would be a more suitable approach. The thing is, I'm not that type, and if I try that way, it will simply not stick on me (because it is not me), rather it will stick out like a sore finger. What would you suggest?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Animals with dual-core sound processors? Am I missing the humor or some deep meaning in that? :) Err I was referring to their dual brain lobes. Yes, hearing center should either in this lobe or the other, so it's not true dual-core. But I'm innocent, Intel started it all with their pseudo-multi-core hacks in their processors. > So you don't have cable TV and you have deliberately limited your internet quota. There are dish antennas. Why should I limit myself? Even if I get cable TV, I won't subscribe to pay-to-view channels and programs. So there is next to no difference between dish and cable as far as I'm concerned. As for quota, I am simply keeping away from active content as much as possible (but still work with them when I have to). I find it worthwhile both security-wise, and information quality / density wise. It really enhances my productivity (or efficiency of internet usage).
Re: [Trisquel-users] Is there a perfect method to guard our communication?
思ったよりみなさんやりますね。変な気ィ使わなくて済むぜ!フゥー楽ぅー!!
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> It *was* their dual-core signal processors that is developed Animals with dual-core sound processors? Am I missing the humor or some deep meaning in that? :) So you don't have cable TV and you have deliberately limited your internet quota. That reminds me of the monks who always look at the ground because there could be a woman out there which they must not see (even though they may be walking in deep woods). :P This is worse than panopticon.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps. But I don't assume easily :P
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I guess you guess my guesses about it. :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> If that was true animals with high sensitivity to sound would have glass windows inside their ears :) It *was* their dual-core signal processors that is developed, while their -ahem- "microphones" are still bound by laws of physics. In contrast, a glass panel of several meters in size should be at least as good in picking up sound as an organic membrane (if not better), so it largely revolves around whose signal processing is better. No animal's lowly dual-core sound processor could dream of competing with an octa-core RISC-V chip possibly tamed by Trisquel, could it? (So this is related to Trisquel, after all) > Speaking of multimedia: do you have cable TV? Your TV provider can know which channel you are watching and when :P Most of my neighbors and friends use either cable TV or IP-TV (I don't) and they don't give a heck about their privacy, as long as their bedroom windows are curtained. :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
No. Using the word as a marketing tool implies that.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I don't know if anyone has ever considered the possibility of E.S. being a deliberately created figure (for various purposes). To me it seems quite possible. NSA surely knows his location and can expunge him at any time. But they don't.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
The video is a short presentation by Trammel Hudson who talks about securing the boot process through replacement of proprietary BIOS/UEFI with https://www.linuxboot.org/ > Well, a glass window is the best membrane one can think of. There is no better. If that was true animals with high sensitivity to sound would have glass windows inside their ears :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
If you can't measure it "best" and "least" have no meaning. A goal is not merely a direction of movement.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
いや文法ほぼ完璧です。たまにすごい自分の英語の能力に恥ずかしくなったりします。今もアブドゥラさんの文を読んでて、もう辞書引きっぱなしみたいな感じになって少し落ち込んでました。書いた事に後悔する時もありますし。ちょっとオレでかい面し過ぎなんじゃないの?みたいな感じです。でも皆さん良くしてくれて楽しかったです。 参加が嬉しいですと言われると本当に嬉しいです。良かったです、スレッド立ててみて。 ちっちゃなお礼として、量子重力さんの文を、自然な感じにすると、 フォーラムにようこそ。 残念ながら日本のメンバーが少ないものですから、貴方がご参加下さった事を嬉しく思います。 それほど日本語がうまくはありませんが、お手伝いさせて頂ける事がございましたら、全力でサポートさせて頂きたいと思っております。 文法を間違えておりましたら、恐縮です。 これは、極めてフォーマルではないですが、十分フォーマルで、普通のビジネスマンが使う敬語並みという感じの表現です。 なんかここら辺、日本語使える人多いですね。 ありがとうございます。心強いです。よろしくお願いします。
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Laura Poitras is not an agent. She was on the watch list of the Department of Homeland Security before she even knew Snowden existed. And Glenn Greenwald, who is not an agent either, You raise a valid point here. That people singled out by and under scrutiny of NSA were *apparently* able to communicate securely, under the nose of NSA, by just using a hardened GNU/Linux (Tails) and PGP. For one, as I have already stated in one my posts above, I don't take examples as precedents. Second, I am not assuming anything. It could be due to luck, it could be due to the plan, it could be something else. It (the whole lot of the story) could still be some kind of theatre. I can't guarantee that it was *not* a premeditated scenario by the Big Brother. There are already a couple of reasons coming to my mind, and there may be much deeper reasons than those. E.g.; * Such an incident would intimidate people to self-censoring. * It indirectly implies that: "All these security fuss is really much ado about nothing. Just use Linux and PGP and you are good to go - even against NSA even when they single you out. Relax people, already!" A substantial and subliminal message to all. We can't assess the stakes involved, the greater plan. We can't talk for the Big Brother. So neither assertion, nor rejection (of such shenanigans) would make sense. That carries me to my starting point: That I don't make assumptions, and I don't take examples as precedents.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
このフォーラムにようこそ。 残念ながら、日本のメンバーが少ないですから貴方の 参加が嬉しいです。 私の日本語の能力が足りないですが多少なりとも手伝えたら, 一生懸命手伝いたいです。 文法間違いましたらすみません。
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I call that Master/Dog system. But over 99% people live under the system. The master is someone's dog. ( I don't dislike dogs. ) So I hate classes. I think the important thing is how people use the merchant for their happiness. Why do you work for libre? You just like ilibre is the best healthy answer, I suppose. The merchant concerns people's happiness. Most people cannot even normal talking as you guys know. But their talking level was improved quite well. I think the primary reason is computer exist. They are learning how to speak by a device. They can see others's chat, they can send sns very cheap, they can learn e.g. what is informed-consent, where is a good seller, even a bad seller. So many bad companies would have bankrupted by information on the internet. People is the strongest, they are ruling the economy as economy class. If most them become to dislike a product, they bankrupt. Even public system cannot ignore that rule. People have been learning what they are doing quite fast. Sooner or later, people understand that system. Even if they tryied to control that by surveillance, it must just delays that except they erase whole internet infrastructure. Their child will be mixed up that. They should have noticed that living is too risky when they know the being of the internet. The time comes literal "sooner or larer". So I don't think they are clever. Those mean why they should sell their product sincerely. I know that is very difficult in this environment. >In such environmantal honestly is impossible. If you state "... is very difficult." , I agree. Surely, that would almost impossible. But I desire my works will be both theirs and mine benefit. I don't want to cheat them. I don't buy goods from cheats basically, and there are a few really sincere and passionate productors.( e.g. they make excellent organic vegitables. very cheap and unique method) I can search them by this iPhone. But then, it looks not a big profit though... I like them. Do you separate your taste and business?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> This was also what he had the journalists he talked to use. I knew about Snowden, but didn't know about his correspondents. So they too were on Tails. It makes sense now.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> But all these doesn't explain his correspondents' security weaknesses, namely PGP on Windows. Edward Snowden has *got to* know better than to fall into that. Snowden used Tails, not Windows. This was also what he had the journalists he talked to use.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I would estimate that 99.% of the people have a lower profile than a NSA contractor with top-level permissions... Yes I agree with that. I have used "low profile" as in "not singled out" and have explicitly stated that. > For those people, GPG on a free software operating system (such as Trisquel) is apparently sufficient or more than sufficient. I think on the contrary, an agent using encrypted communications would be less suspect arising than average people doing the same, as it is only normal and natural for an agent to use encryption. But all these doesn't explain his correspondents' security weaknesses, namely PGP on Windows. Edward Snowden has *got to* know better than to fall into that. I have a vague feeling that all this "either get PGP or I won't communicate" thing might well be a theatrical act. Smells curiously fishy to me. > 1. using GPG would not raise a flag (assuming it still does), if the vast majority of GPG users only encrypt uninteresting messages; Agreed. Mass penetration stays as a major issue with PGP. 2. to the best of our knowledge, even the most powerful agencies can only afford the computing power to decrypt a tiny number of such messages (probably uninteresting ones given the previous point), if good-enough ciphers are used. Providing all the other holes and cracks are sealed. Then again, tactical attack (mass surveillance) and strategical attack (targeted surveillance) are quite different things. Once they single you out, somehow, then you are faced with a whole new dimension of security challenges. Regarding the other holes and cracks, if they can read my private key through a backdoor embedded e.g. in the CPU (no, I am not necessarily talking about meltdown and spectre) then they wouldn't have to crack it. How many holes do we have in hardware and software we use? We never know.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
It's not just Microsoft. I saw an ad about a month ago advertising this feature for Apple devices.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Then please define clearly and unambiguously "best compromise" Simply having the least vulnerabilities relative to a given functionality. It is a goal, not an accomplishment.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> As you can see in the video I linked there is some research going on. Perhaps you can join that approach if you feel going down to the oscilloscope level... Unfortunately I was unable to watch the video as I don't (can't) do multimedia on internet, because of my deliberate low quota plan. The reason being; (which also happens in line with my way of dealing with security and privacy) https://trisquel.info/en/forum/vulnerable-meltdown#comment-126742 Your mentioning of oscilloscope suggests me that the video might be about targeted / side channel attacks. Well, if you are targeted, then there is really not much options to escape it. There are zillion ways of targeted attacks and it is virtually impossible to defend against all of them. To give an example, let me steal a line from the security thread in troll lounge. > 9) Targeted attacks (bugging, window listening, etc.) There is an interesting targeted attack vector that few people knows: Window listening by laser Everyone knows the working principle of a microphone: A membrane that vibrates along sound waves in the environment, and an electrical rig (resistance that varies with membrane position) to convert mechanical vibration of the membrane to electrical fluctuation. Well, a glass window is the best membrane one can think of. There is no better. But how to pick the vibrations of your lounge window and convert that to electrical signals? An invisible laser beam is directed to the center of your window from hundreds of meters away. Reflected beam vibrates in sync with your window. Vibration of this reflected beam is converted to electrical signal. (E.g. shed on a fluorescent surface sensitive to laser's wave length, then the illuminated surface taken in by camera, and then digitized by an image processing software. Many other methods are possible.) No microphone as sensitive as this (1-meter membrane!) is ever produced. They would hear the foot steps of a mosquito in your lounge. I can think of no defense against this one, except injecting synthetic mechanical "white noise" (a "hiss" sound with frequency spreading characteristics of natural human voice) onto your windows () or walling all your windows. (Moving to basement would equally do) This is just one (targeted attack) vector. So, > ...but it seems to me reverse engineering (mouse) will never beat evil engineering (cat) and its legislation at mass scale (tiger). I agree as far as *targeted* attacks go.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
For some it is simply staying Ecuador's embassy.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> The goal is to strike the best compromise Then please define clearly and unambiguously "best compromise" explaining: - why it is best (and can't be any better) - what exactly is compromised (and cannot be otherwise) Otherwise without actual measures it is really heading for the horizon which is not a goal.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Because I just guessed that those are the basic factors, if e.g. Swiss or Cuba etc 's government tries to realize that philosophy. It looked there is the possibility just on a satellite.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Approaching things step by step surely makes sense but only when there is a clear plan and a possible goal. In case of security in current technology it is known beforehand that absolute security is impossible and there is no real plan. The goal is to strike the best compromise, based on one's security model. So, the fact that absolute security is impossible, shouldn't automatically translate into there is no goal and no real plan. > So it is a stepping towards nothing. Towards the best (or at least, better) compromise. > This is not security but a perpetual escape from insecurity. Security is a never ending race, between the cat and the mouse :) where the predator can also simultaneously be a prey, and vice versa.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I dare to say that E.S. seems to me not quite thoughtful of the lower ring issues. In his Twitter feed he merely says "Use Tor, use Signal" which is meaningless considering the former. This makes me question the actual competence of the guy as these are really superficial statements (even more considering what you say - windows etc). > And the fact that he managed to not get caught in spite of *that* security flop is still more interesting. Well, let's not forget that just because we consider that something is possible (a low lever back door) doesn't mean it is necessarily easy, especially in particular circumstances, e.g. accessing the machine behind a firewall, or having it online for too short time to perform an attack. Additionally as an NSA employee he surely knows how his colleagues would proceed, so he may be able to avoid certain attacks through that info, at least in a certain time span until they develop new strategies. So that may be a factor of "luck" as well. > A separate topic to discuss vulnerabilities, possible attack vectors and defenses would have been nice, and I had hoped that of the security thread in troll lounge, albeit it has diverged into something else. We still have that but perhaps it deserves a thread of its own. But what more/new could we really say about it? As you can see in the video I linked there is some research going on. Perhaps you can join that approach if you feel going down to the oscilloscope level but it seems to me reverse engineering (mouse) will never beat evil engineering (cat) and its legislation at mass scale (tiger).
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Frankly, I'm skeptical that anyone would benefit from this kind of conversation, or that anyone here could (or should) provide useful advise beyond what you qualify as "Commercial grade tactical security." Would discussing about security not benefit anyone? Well, I think otherwise. As for advises, yes you are right, and I don't believe in giving and taking advises through public forums either. But Mr. MSuzuqi seemed to be in need of one, so I made a limited exception. I would generally rather peer discussions than giving/taking advises.