Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Tomer Altman
Thank you for your reply, Fabio. I read the example scenario in that link you provided. To play devil's advocate, what stops the adversary from testing all available PGP-related vulnerabilities against their targets of interest? In other words, just how much more expensive have you made targete

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Fabio Pietrosanti (naif)
Il 6/2/14, 6:43 PM, Tomer Altman ha scritto: > > Can you state precisely the threat model that you are concerned about? You are right, the subject is not directly related to "cryptography" but to "security" . The threat model is better described in the ticket that has been opened to various PGP em

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Tom O
As far as I was aware all of these could be turned off as an option in the interface. On Tuesday, June 3, 2014, Tomer Altman wrote: > Is this really a cryptographic leak? This seems more like metadata to me. > Your subject line makes it sound as if the cryptographic software itself is > leakin

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Tomer Altman
Is this really a cryptographic leak? This seems more like metadata to me. Your subject line makes it sound as if the cryptographic software itself is leaking information about the plain-text. If your concern is providing details that an attacker can use to crack your encryption, then this is se

[liberationtech] Contextual security

2014-06-02 Thread Seeta Peña Gangadharan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, A couple of us stateside have been thinking about why "Johnny can't encrypt" in relation to social justice organizing and movements, and here's a blog post that outlines a few thoughts. https://www.alliedmedia.org/news/2014/05/30/put-away-you

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Fabio Pietrosanti (naif)
Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: > Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: >> I just wanted to notice that the mostly used encryption software like >> GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages >> could represent a major risk.

Re: [liberationtech] Fighting Surveillance by Improving OpenSource Surveillance

2014-06-02 Thread Fabio Pietrosanti (naif)
Il 11/28/13, 7:21 PM, Fabio Pietrosanti (naif) ha scritto: > A frequent thinking is, how can we "troll" the surveillance industry > with unconventional methods? > > A very nice, yet controversial, way could be to improve Opensource > Surveillance Technologies. In reference to this post, i'd like t