[tor-talk] PGP fiddly-diddly - action required

Sangy sangy at riseup.net
Wed May 16 01:00:09 UTC 2018


I feel you, Druida.

Sadly, the EFF is now full of w****s and sillicon-valley technocrats
that can't see beyond California. I find it chuckle-worthy that every
single one of the authors pleading for moving past pgp only list their
pgp keys in the staff pages[1][2][3]*. On the signal side, it only takes
less access than the EFail attack and an IMSI catcher for the govt to
whack you, physically.

Stay safe.
-S

* And all encoded differently, oh my! Imagine, they still think that gpg
  defaults to SHA1 for signing. 

[1] https://www.eff.org/about/staff/william-budington
[2] https://www.eff.org/about/staff/david-grant
[3] https://www.eff.org/about/staff/soraya-okuda

On Tue, May 15, 2018 at 08:37:19PM -0400, panoramix.druida wrote:
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> 
> El 15 de mayo de 2018 3:01 AM, I <beatthebastards at inbox.com> escribió:
> 
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
> 
> I respect the EFF for all of its work, but I don't understund this one. So if I have PGP to protect my email, their solution is to stop using PGP because someone could read my encripted mails. So now everyone would be able to read all of may emails. Wouldn't be better to ask people to disable HTML on email and to upgrade their email clients to stay protected.
> 
> I know PGP is not perfect, but it is the best we have for email. I know email is not perfect but it is more or less descentralize. Why should be stop using email in favor of something such as Signal (recomendation from EFF article) that is centralize and we should trust the guys running the server are good guys. I understund that Signal has great security features like foreward secrecy that PGP doesn't. I know it is open source, but you are forbid to installed from free repostiories such as Fdroid.
> 
> Also you can not use Signal if you don't have a phone number. How great is that for anonymity. In the country where I am living you can not activiate a mobile phone number without your national id. 
> 
> I am writing this email from Protonmail wich I only connect from Tor. I don't really trust  Protonmail, but I can be anonymouse to them thanks to Tor. 
> 
> Is Signal the replacement to email? I do like the way the Signal protocol negociate offline the keys and that each message is encrypted with a different key. That idea of encryption for asynchronous communication can actually be a good replacement for email, but in a distirbuted network.
> -- 
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


More information about the tor-talk mailing list