SkinWalker Posted July 6, 2004 Share Posted July 6, 2004 The 1st U.S. Circuit Court of Appeals upheld a lower court decision that ruled an ISP vice president did not violate federal wiretapping laws when he read customers' email. http://news.com.com/Appeals+court+throws+out+ISP+snooping+case/2100-1028_3-5253782.html?tag=nefd.hed The ISP was apparently a bookseller and provided customers (dealers of rare books, etc.) with email service. The ISP then used a script to dump email messages from Amazon.com to the customers into a database for corporate intelligence purposes. I'm here to tell everyone that email is not private. If you send a message to someone, don't do it thinking that the analogy is like US Postal Service mail. In that analogy, you write a letter, fold it up, place it in an envelope which is sealed, mail it to the recipient who then unseals and reads the message. To use this analogy with computer email, you would have to imagine that your envelope is sealed and addressed, but at every stop it makes at each post office, mailbox, mail handler, and mail truck between you and the recipient, the envelope is unsealed and a copy is left at each. That's not to say that everybody or even anybody reads it, but think about the temptation you would face if you were sitting next to an open letter. People are curious. They *DO* read emails. About the only way to assure privacy is to use an encryption scheme such as Pretty Good Privacy (PGP). Link to comment Share on other sites More sharing options...
toms Posted July 10, 2004 Share Posted July 10, 2004 thats all well and good.. but i can't see my parents managing to cope with encryption and keys and whatever.... and i'd expect that using PGP would probably be grounds for the patriot act to be invoked to snoop on you... after all, what reason could you have to use it if you weren't up to anything bad... Link to comment Share on other sites More sharing options...
SkinWalker Posted July 11, 2004 Author Share Posted July 11, 2004 -----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> qANQR1DBwU4DPe67B/mtZiAQCADA595qQyRoCnmkPobZyucMcfjh2Nzo+mfvbnvSphGOhnDTBSkj3BgxqEWKxpIxKQvDZn78RBaw72qKFtnbFnyjhJVtqhJqdzuMBgGsNJSPuoq0xhysVLlbgvs0kflHfmyOaacXQ4tIffW/F5d1nc1QbJUlxlFuGLhuhDdMma8TVsNJ5p5oUXIso/xoTOprz7t2XXw3lvu75gXPprj2nQerry5JZMQNlKutek6BJg1hyWoS+XcfxfJmj9pdVfmSY7aOVG9c/KoGPc11bo1nyytATYNQv/ooqWFfqK83bPucvzWHSUPSEWq6Y7B5G4breb9ow6v/8GXTe1vdKITRsDG+CADGN3XZISJ8m1kU4Sx/llEOMZrnAEx++AmQSpRDRpi2D+qLMRgkecELpOftU51K333qM/r6XY+/+CL0VfQmH5L44LFLRoD9IxdrwVUSpyU3nOntHptpfKsSVKObs1gWhv6dFqNqfYtrbJHB7FsDfnIgEW6Zrd0higA0YiOv329pXbaE+ApdLpPhXE9FKlDkAHUSfH77CgHhZM4YSydHvUvukZzJBEA0Bxz4TYnccy3YAglcIpsnRWazU/ppOhBpcpxmRPMlas4hQKSAYUdWsSEPSBDJDInECC/3npkCftZbArRaAlBR4WXE9hZ9t6pDTqDt95PCIZUVfh44+g49TQT9ycJRGsX9Megqt11LZdVgceNzi5q8B6dDb8IN3nwz9GmL/vF+5+QEeMvwcpdhHbd3D6UWcmeh2pQGn3lMDf66riwFB1tqp9JVQZs+8OQ5V5FDsG/Q9lO6gUz4AMQy0eNIGPyQidg92IBI/hnvANkhaS5NqLqop6S/CcCfiSiArIFodU+Zt9qU/9+SEtt8LK4JTBWRSIHgaIB3DzP6qQ4rcUPK6pujpfdRJKYMgYhF3n2l4HOLXMeSxxksxzvsZrZFWBn0LGT/POCjXQ0xyGid8IphnPI/j2hYqhLvE8FBJ4JQtv06fpg0Beh7/Yo6AtSzpmp9JO+13PqYHvSjr+D72QoN5UwMDQon9F3Vg9DC+I3XI1LiWR/ABeYs8HGPQvIOaXoH56+1NnZ4w2AdEkq6tNj1F6F0GS/OKucyQ+q8UPboxBHXP7ngJSmnaiykZNtMoWfBSTSL/IBHBxqoLeWT19Uj5UEB23cdMcP8LmlLV/P2Yx2OPWA/kTTc/JabCH8m+0cGfb1wiVD25wKiB9XvtTSSdAaHbbthv6JgzLjwI9fW9b/ShNBPmFjku2w/dEqZy0RkuhI/6AcwxBF1p08Af/b9Ncsv38JS+0fc8hTb1sTA0alh4f6XDOeqWCngKPemKBYWGXPhrpKyfwVy5VZ93ybDVuxDzMV/vVTwmOGQYIp71ZFKiP9AEO6/EjoZ979UDPZNujhEnHFQFuVOu9QUBG3evyl3mh0iv1iei1ysziYI9465xk3hsnKEgnInJlrV+JyxRf7oZ6SUEQAndC0L72+bcE4sdMVabSRgIeu7BzUCDLjS5V0VFVIaSon37oUMhA7nbfu12tm9WF1s2MejLDRnC8a2ZOS13xUzkIVm2mStiAnYJKNk2+kpsNbyMz3B04SMta5PzukcTkWS3foccJC+pTS3G6rwc4LPGfHcSzFVWlZUsYW0NjcsoPAl0zCHmgJGtpXZNsih508vTOy/fAoPjrD1PWDUpHcBmwyCzB4iCQdARAtQ/gOisgMzOQZb9DZ6Zfpdbb7E+/gRZXe2cSMinrg==a5XQ -----END PGP MESSAGE----- Just to demonstrate the ease with which PGP and other encryption programs work, I copied the first post in this thread, encrypted the clipboard then pasted in this new post above. The whole process took about .5 min and decryption is just as simple. What I'm suggesting, however, is that software like Outlook, Opera M2 mail, and the Mozilla email engines come with PGP or a like encryption program as a standard feature, with encryption/decryption occurring on-the-fly. I think that in order to get an interest in the subject by the browser/mail client manufacturers, a sincere interest has to be developed with users. Chat, P2P and the like are good examples of this "user interest" driving the application creators... Of course, PGP already has plug-ins and add-ons for Outlook, Outlook Depress, and Eudora. But the clipboard encrypt is just as easy to use. The problem is, nobody I know has a PGP key. Link to comment Share on other sites More sharing options...
MennoniteHobbit Posted July 13, 2004 Share Posted July 13, 2004 What I'm suggesting, however, is that software like Outlook, Opera M2 mail, and the Mozilla email engines come with PGP or a like encryption program as a standard feature, with encryption/decryption occurring on-the-fly. The prob is, if there isn't the default setting for it to be disabled, newbies might have troubles with it. More support forum posts. Link to comment Share on other sites More sharing options...
Doomie Posted July 13, 2004 Share Posted July 13, 2004 Ha! Another example of life beign betetr in Europe! Link to comment Share on other sites More sharing options...
toms Posted July 14, 2004 Share Posted July 14, 2004 maybe i'm being silly... but if i have PGP on my machine and send an email to someone else... what do they have to do to read it? Link to comment Share on other sites More sharing options...
SkinWalker Posted July 14, 2004 Author Share Posted July 14, 2004 Originally posted by MennoniteHobbit The prob is, if there isn't the default setting for it to be disabled, newbies might have troubles with it. More support forum posts. Good point. The way I envision it is like this: You install your new version of Outlook (or Eudora, Outlook Depress, PINE, etc.... well, maybe not PINE); During the install process you are guided through the key generation steps and a public/private key set is created; This creates a flag or attribute in your profile that other email clients will see and flag you as PGP capable. From there, let's switch perspective. You're receiving email from a friend or business that you plan to regularly respond to and want to save the email address in your address book. When you do, it gives a popup dialog that says, "This contact is PGP capable. Do you want to send him/her your public and place his/her public key on your ring?" Answering yes does those things and now all emails to/from this individual will be encrypted and signed automatically and will enter into your "trusted" domain. Of course, when creating a new email, you can choose to not encrypt it, but this would be an exception (suppose your friend has difficulties with his/her key, email client, etc.). This could allow all sorts of options in protecting against spam. I have several email addresses and would love to set one of them aside for just encrypted mail: all others trashed. If something like this took off, the Spammers would likely give up. Mass emails would no longer have the appeal they once did. In addition, Jethro and Clem pulling the mid-shift at the ISP couldn't get bored and read random emails (if it were me, I'd do a key word search for topis I was interested in ). Not to mention, email-spoofing wouldn't be a problem since your messages would be signed. As it is, I use PGP between my work/home to email case reports back and forth. I work in the Juvenile Justice field and confidentiality is important. For now, in order to send an encrypted text to someone, you have to do one of two things: 1) get their public key, which assumes that they have PGP and they have a key generated, then use it to encrypt the message -they then decrypt with their private key; 2) encrypt a text file with a password/passphrase that you can share with the intended party. I think you can create an executable so they won't need PGP installed, but I'm not sure. PGP will also allow the creation of an encrypted virtual drive that is accessed upon booting the computer. This is very handy for laptop users who keep sensitive client data on their machines. Needless to say, PGP is also a good friend to anyone that want's to hide "evidence" of illicit activity. There's always a downside. Link to comment Share on other sites More sharing options...
MennoniteHobbit Posted July 15, 2004 Share Posted July 15, 2004 Originally posted by SkinWalker If something like this took off, the Spammers would likely give up. Mass emails would no longer have the appeal they once did. ... PGP will also allow the creation of an encrypted virtual drive that is accessed upon booting the computer. This is very handy for laptop users who keep sensitive client data on their machines. I use web-based mail (GMail and Mailblocks) and sometimes Mozilla ThunderBird. I'm not a newbie to those, so as for me, if the encryption can be quick, and easily enough configured, I'm all for a built-in PGP/encryption scheme. But, my e-mails are really never too confidential. So that would lessen my need for PGP/e-mail encryption. But my needs obviously do not match those of other people. If you say everyone (speaking in conditional terms of course) decides to use PGP, ends up spammers may as well revert to PGP also. There could be a couple of forseen consequences, though I'm not really sure what their impact would be. Ha! Another example of life beign betetr in Europe! Yeah, that makes so much sense, being in Europe makes your emails safe and private enough not to need encryption. (unless... there's an exception to that... hmm... not that I know of...) Oh as a side note, my friend is trying out PGPfone, a program that allows you to talk over the internet. Link to comment Share on other sites More sharing options...
toms Posted July 15, 2004 Share Posted July 15, 2004 http://gmail-is-too-creepy.com/ a rebuttal Link to comment Share on other sites More sharing options...
MennoniteHobbit Posted July 16, 2004 Share Posted July 16, 2004 I've seen many people linking me those URL's. 1) I delete my emails, never archive them. 2) None of my emails contain confidential info ever. If they do, they're usually to my parents' email address. 3) Look at Yahoo's, Hotmail's, etc. policy. Pretty much the same thing. 4) Google's made up of good people. Though feel free to argue about this, I'm not going to reply about this! Link to comment Share on other sites More sharing options...
toms Posted July 21, 2004 Share Posted July 21, 2004 1) can you do that in gmail? 3) Who reads T&Cs anyway? If they do then who understands them? Even if you do understand them they are never in your favour and they change them every five days. 4) I kind of do believe that, but it doesn't mean it will always be that way. Look at what microsoft used to be (hero of home computing in a garage) compared to what it is now. Link to comment Share on other sites More sharing options...
MennoniteHobbit Posted July 22, 2004 Share Posted July 22, 2004 Originally posted by toms 1) can you do that in gmail? I'm not sure if that's sarcasm, but yes you can. And when there's nothing in the Trash, it says "no trash in here. why delete when you have 1000MB of space?!?!". Link to comment Share on other sites More sharing options...
MennoniteHobbit Posted July 22, 2004 Share Posted July 22, 2004 Originally posted by toms 1) can you do that in gmail? I'm not sure if that's sarcasm, but yes you can. And when there's nothing in the Trash, it says "no trash in here. why delete when you have 1000MB of space?!?!". Link to comment Share on other sites More sharing options...
SkinWalker Posted July 22, 2004 Author Share Posted July 22, 2004 I think he's being serious, because even when I choose "delete forever" in Gmail, I can go to the trash and see my messages... Also, what is the process of deletion? I'm betting that any messages, even if not showing in the trash directory, are still on the server and associated with your user name. This is how Google can crossref with advertisers and target your account for the right adds. Granted, I think that this is an entirely automated process and not one that is viewed by humans with possible malicious intent, but, nevertheless, the mail is probably still there. Link to comment Share on other sites More sharing options...
SkinWalker Posted July 22, 2004 Author Share Posted July 22, 2004 I think he's being serious, because even when I choose "delete forever" in Gmail, I can go to the trash and see my messages... Also, what is the process of deletion? I'm betting that any messages, even if not showing in the trash directory, are still on the server and associated with your user name. This is how Google can crossref with advertisers and target your account for the right adds. Granted, I think that this is an entirely automated process and not one that is viewed by humans with possible malicious intent, but, nevertheless, the mail is probably still there. Link to comment Share on other sites More sharing options...
toms Posted July 23, 2004 Share Posted July 23, 2004 I WAS being serious. As skin said, as far as i am aware it is impossible to delete mail from gmail. Even if it IS deleted it still hangs around. That was most of the arguement on the gmail is creepy site. Of course, if you sign up to gmail then you SHOULD know that and be willing to accept it. The problem is that any email I or my company sends to you will also be kept forever. Gmail can then basically become what doubleclick wants to be, it can build a highly detailed profile of every user, based on every message they have ever sent or recieved and every serach tehy have ever done. Of course, that is all fine as long as google are nice people. But they are also a business, and businesses get pressure put on them to make money, get people buying shares and controlling interests, change terms and conditions. Just look at cddb. We all thought they were great, making a free music database. Then, once they had all the info WE had provided, they started charging to access it. In a few years google will have a better profile of almost every user in the world than the cia or the fbi. They may well not DO anything bad with it, but there are going to be lots of people who would kill for that information... Link to comment Share on other sites More sharing options...
toms Posted July 23, 2004 Share Posted July 23, 2004 and of course there are other dangers of storing all that info in one place: Approximately 8.2 GB of data was stolen from Acxiom Corp, a company responsible for the storage of vast amounts of personal, financial and corporate data. http://yro.slashdot.org/yro/04/07/22/1338212.shtml?tid=158&tid=172 Link to comment Share on other sites More sharing options...
C'jais Posted July 25, 2004 Share Posted July 25, 2004 Originally posted by SkinWalker Granted, I think that this is an entirely automated process and not one that is viewed by humans with possible malicious intent, but, nevertheless, the mail is probably still there. Also, this is nothing new at all. Your hotmail account, for instance, is also stored on servers that can be perused by administrators at will. Gmail is just more up front about it. Link to comment Share on other sites More sharing options...
toms Posted July 28, 2004 Share Posted July 28, 2004 " The Stargate SG-1 Information Archive is reporting that the Feds filed charges against Adam McGaughey, creator of SG1Archive.com. The website is a fan site for the television show Stargate SG-1. The charges allege that Adam used the website to engage in Criminal Copyright Infringement and Trafficking in Counterfeit Services. Two interesting things about the charges are that they were apparently set in motion by a complaint by our friends at the MPAA and the FBI invoked a provision of the USA Patriot Act to obtain financial records from his ISP. Is copyright infringment now a terrorist act?" http://yro.slashdot.org/yro/04/07/27/129219.shtml?tid=153&tid=214&tid=129 I wouldn't go donating to the guys defence fund, as i think he probably was guilty of hosting episodes on his site (low res eps for catching up on missed episodes, but still illegal), but the fact that the patriot act was used is what is worrying. (and not the first time either, as it was apparently used in a case of embezzlement as well...) Odd how these laws can get out of hand... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.