Note: LucasForums Archive Project
The content here was reconstructed by scraping the Wayback Machine in an effort to restore some of what was lost when LF went down. The LucasForums Archive Project claims no ownership over the content or assets that were archived on archive.org.

This project is meant for research purposes only.

Online Privacy Loses a Battle

Page: 1 of 1
 SkinWalker
07-06-2004, 2:44 AM
#1
The 1st U.S. Circuit Court of Appeals upheld a lower court decision that ruled an ISP vice president did not violate federal wiretapping laws when he read customers' email.

http://news.com.com/Appeals+court+throws+out+ISP+snooping+case/2100-1028_3-5253782.html?tag=nefd.hed)

The ISP was apparently a bookseller and provided customers (dealers of rare books, etc.) with email service. The ISP then used a script to dump email messages from Amazon.com to the customers into a database for corporate intelligence purposes.

I'm here to tell everyone that email is not private. If you send a message to someone, don't do it thinking that the analogy is like US Postal Service mail. In that analogy, you write a letter, fold it up, place it in an envelope which is sealed, mail it to the recipient who then unseals and reads the message.

To use this analogy with computer email, you would have to imagine that your envelope is sealed and addressed, but at every stop it makes at each post office, mailbox, mail handler, and mail truck between you and the recipient, the envelope is unsealed and a copy is left at each.

That's not to say that everybody or even anybody reads it, but think about the temptation you would face if you were sitting next to an open letter. People are curious. They *DO* read emails.

About the only way to assure privacy is to use an encryption scheme such as Pretty Good Privacy (PGP) (http://web.mit.edu/network/pgp.html).
 toms
07-10-2004, 12:45 PM
#2
thats all well and good.. but i can't see my parents managing to cope with encryption and keys and whatever....

and i'd expect that using PGP would probably be grounds for the patriot act to be invoked to snoop on you... after all, what reason could you have to use it if you weren't up to anything bad...:rolleyes:
 SkinWalker
07-11-2004, 1:04 AM
#3
-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>)

qANQR1DBwU4DPe67B/mtZiAQCADA595qQyRoCnmkPobZyucMcfjh2Nzo+mfvbnvSphGO hnDTBSkj3BgxqEWKxpIxKQvDZn78RBaw72qKFtnbFnyjhJVtqh JqdzuMBgGsNJSPuoq0xhysVLlbgvs0kflHfmyOaacXQ4tIffW/F5d1nc1QbJUlxlFuGLhuhDdMma8TVsNJ5p5oUXIso/xoTOprz7t2XXw3lvu75gXPprj2nQerry5JZMQNlKutek6BJg1h yWoS+XcfxfJmj9pdVfmSY7aOVG9c/KoGPc11bo1nyytATYNQv/ooqWFfqK83bPucvzWHSUPSEWq6Y7B5G4breb9ow6v/8GXTe1vdKITRsDG+CADGN3XZISJ8m1kU4Sx/llEOMZrnAEx++AmQSpRDRpi2D+qLMRgkecELpOftU51K333qM/r6XY+/+CL0VfQmH5L44LFLRoD9IxdrwVUSpyU3nOntHptpfKsSVKObs1 gWhv6dFqNqfYtrbJHB7FsDfnIgEW6Zrd0higA0YiOv329pXbaE +ApdLpPhXE9FKlDkAHUSfH77CgHhZM4YSydHvUvukZzJBEA0Bx z4TYnccy3YAglcIpsnRWazU/ppOhBpcpxmRPMlas4hQKSAYUdWsSEPSBDJDInECC/3npkCftZbArRaAlBR4WXE9hZ9t6pDTqDt95PCIZUVfh44+g49T QT9ycJRGsX9Megqt11LZdVgceNzi5q8B6dDb8IN3nwz9GmL/vF+5+QEeMvwcpdhHbd3D6UWcmeh2pQGn3lMDf66riwFB1tqp9J VQZs+8OQ5V5FDsG/Q9lO6gUz4AMQy0eNIGPyQidg92IBI/hnvANkhaS5NqLqop6S/CcCfiSiArIFodU+Zt9qU/9+SEtt8LK4JTBWRSIHgaIB3DzP6qQ4rcUPK6pujpfdRJKYMgYh F3n2l4HOLXMeSxxksxzvsZrZFWBn0LGT/POCjXQ0xyGid8IphnPI/j2hYqhLvE8FBJ4JQtv06fpg0Beh7/Yo6AtSzpmp9JO+13PqYHvSjr+D72QoN5UwMDQon9F3Vg9DC+I3 XI1LiWR/ABeYs8HGPQvIOaXoH56+1NnZ4w2AdEkq6tNj1F6F0GS/OKucyQ+q8UPboxBHXP7ngJSmnaiykZNtMoWfBSTSL/IBHBxqoLeWT19Uj5UEB23cdMcP8LmlLV/P2Yx2OPWA/kTTc/JabCH8m+0cGfb1wiVD25wKiB9XvtTSSdAaHbbthv6JgzLjwI9f W9b/ShNBPmFjku2w/dEqZy0RkuhI/6AcwxBF1p08Af/b9Ncsv38JS+0fc8hTb1sTA0alh4f6XDOeqWCngKPemKBYWGXPh rpKyfwVy5VZ93ybDVuxDzMV/vVTwmOGQYIp71ZFKiP9AEO6/EjoZ979UDPZNujhEnHFQFuVOu9QUBG3evyl3mh0iv1iei1yszi YI9465xk3hsnKEgnInJlrV+JyxRf7oZ6SUEQAndC0L72+bcE4s dMVabSRgIeu7BzUCDLjS5V0VFVIaSon37oUMhA7nbfu12tm9WF 1s2MejLDRnC8a2ZOS13xUzkIVm2mStiAnYJKNk2+kpsNbyMz3B 04SMta5PzukcTkWS3foccJC+pTS3G6rwc4LPGfHcSzFVWlZUsY W0NjcsoPAl0zCHmgJGtpXZNsih508vTOy/fAoPjrD1PWDUpHcBmwyCzB4iCQdARAtQ/gOisgMzOQZb9DZ6Zfpdbb7E+/gRZXe2cSMinrg==a5XQ

-----END PGP MESSAGE-----


Just to demonstrate the ease with which PGP and other encryption programs work, I copied the first post in this thread, encrypted the clipboard then pasted in this new post above. The whole process took about .5 min and decryption is just as simple.

What I'm suggesting, however, is that software like Outlook, Opera M2 mail, and the Mozilla email engines come with PGP or a like encryption program as a standard feature, with encryption/decryption occurring on-the-fly.

I think that in order to get an interest in the subject by the browser/mail client manufacturers, a sincere interest has to be developed with users. Chat, P2P and the like are good examples of this "user interest" driving the application creators... Of course, PGP already has plug-ins and add-ons for Outlook, Outlook Depress, and Eudora. But the clipboard encrypt is just as easy to use.

The problem is, nobody I know has a PGP key. :cool:
 MennoniteHobbit
07-13-2004, 4:12 PM
#4
What I'm suggesting, however, is that software like Outlook, Opera M2 mail, and the Mozilla email engines come with PGP or a like encryption program as a standard feature, with encryption/decryption occurring on-the-fly.

The prob is, if there isn't the default setting for it to be disabled, newbies might have troubles with it. More support forum posts.
 Doomie
07-13-2004, 4:15 PM
#5
Ha! Another example of life beign betetr in Europe!
 toms
07-14-2004, 10:41 AM
#6
maybe i'm being silly... but if i have PGP on my machine and send an email to someone else... what do they have to do to read it?
 SkinWalker
07-14-2004, 2:07 PM
#7
Originally posted by MennoniteHobbit
The prob is, if there isn't the default setting for it to be disabled, newbies might have troubles with it. More support forum posts.

Good point. The way I envision it is like this:

You install your new version of Outlook (or Eudora, Outlook Depress, PINE, etc.... well, maybe not PINE); During the install process you are guided through the key generation steps and a public/private key set is created; This creates a flag or attribute in your profile that other email clients will see and flag you as PGP capable.

From there, let's switch perspective. You're receiving email from a friend or business that you plan to regularly respond to and want to save the email address in your address book. When you do, it gives a popup dialog that says, "This contact is PGP capable. Do you want to send him/her your public and place his/her public key on your ring?"

Answering yes does those things and now all emails to/from this individual will be encrypted and signed automatically and will enter into your "trusted" domain. Of course, when creating a new email, you can choose to not encrypt it, but this would be an exception (suppose your friend has difficulties with his/her key, email client, etc.).

This could allow all sorts of options in protecting against spam. I have several email addresses and would love to set one of them aside for just encrypted mail: all others trashed.

If something like this took off, the Spammers would likely give up. Mass emails would no longer have the appeal they once did.

In addition, Jethro and Clem pulling the mid-shift at the ISP couldn't get bored and read random emails (if it were me, I'd do a key word search for topis I was interested in :cool: ). Not to mention, email-spoofing wouldn't be a problem since your messages would be signed.

As it is, I use PGP between my work/home to email case reports back and forth. I work in the Juvenile Justice field and confidentiality is important.

For now, in order to send an encrypted text to someone, you have to do one of two things: 1) get their public key, which assumes that they have PGP and they have a key generated, then use it to encrypt the message -they then decrypt with their private key; 2) encrypt a text file with a password/passphrase that you can share with the intended party. I think you can create an executable so they won't need PGP installed, but I'm not sure.

PGP will also allow the creation of an encrypted virtual drive that is accessed upon booting the computer. This is very handy for laptop users who keep sensitive client data on their machines.

Needless to say, PGP is also a good friend to anyone that want's to hide "evidence" of illicit activity. There's always a downside.
 MennoniteHobbit
07-14-2004, 9:19 PM
#8
Originally posted by SkinWalker
If something like this took off, the Spammers would likely give up. Mass emails would no longer have the appeal they once did. ... PGP will also allow the creation of an encrypted virtual drive that is accessed upon booting the computer. This is very handy for laptop users who keep sensitive client data on their machines.


I use web-based mail (GMail and Mailblocks) and sometimes Mozilla ThunderBird. I'm not a newbie to those, so as for me, if the encryption can be quick, and easily enough configured, I'm all for a built-in PGP/encryption scheme. But, my e-mails are really never too confidential. So that would lessen my need for PGP/e-mail encryption. But my needs obviously do not match those of other people.

If you say everyone (speaking in conditional terms of course) decides to use PGP, ends up spammers may as well revert to PGP also. There could be a couple of forseen consequences, though I'm not really sure what their impact would be.

Ha! Another example of life beign betetr in Europe!

Yeah, that makes so much sense, being in Europe makes your emails safe and private enough not to need encryption. :rolleyes:

(unless... there's an exception to that... hmm... not that I know of...)

Oh as a side note, my friend is trying out PGPfone, a program that allows you to talk over the internet.
 toms
07-15-2004, 11:35 AM
#9
 MennoniteHobbit
07-15-2004, 10:28 PM
#10
:rolleyes:

I've seen many people linking me those URL's.

1) I delete my emails, never archive them.

2) None of my emails contain confidential info ever. If they do, they're usually to my parents' email address.

3) Look at Yahoo's, Hotmail's, etc. policy. Pretty much the same thing.

4) Google's made up of good people. Though feel free to argue about this, I'm not going to reply about this! :D
 toms
07-21-2004, 12:28 PM
#11
1) can you do that in gmail?
3) Who reads T&Cs anyway? If they do then who understands them? Even if you do understand them they are never in your favour and they change them every five days.
4) I kind of do believe that, but it doesn't mean it will always be that way. Look at what microsoft used to be (hero of home computing in a garage) compared to what it is now.
 MennoniteHobbit
07-22-2004, 12:48 PM
#12
Originally posted by toms
1) can you do that in gmail?


I'm not sure if that's sarcasm, but yes you can. And when there's nothing in the Trash, it says "no trash in here. why delete when you have 1000MB of space?!?!".
 SkinWalker
07-22-2004, 1:38 PM
#13
I think he's being serious, because even when I choose "delete forever" in Gmail, I can go to the trash and see my messages...

Also, what is the process of deletion? I'm betting that any messages, even if not showing in the trash directory, are still on the server and associated with your user name. This is how Google can crossref with advertisers and target your account for the right adds.

Granted, I think that this is an entirely automated process and not one that is viewed by humans with possible malicious intent, but, nevertheless, the mail is probably still there.
 toms
07-23-2004, 10:11 AM
#14
I WAS being serious.
As skin said, as far as i am aware it is impossible to delete mail from gmail. Even if it IS deleted it still hangs around.

That was most of the arguement on the gmail is creepy site.
Of course, if you sign up to gmail then you SHOULD know that and be willing to accept it. The problem is that any email I or my company sends to you will also be kept forever.

Gmail can then basically become what doubleclick wants to be, it can build a highly detailed profile of every user, based on every message they have ever sent or recieved and every serach tehy have ever done.

Of course, that is all fine as long as google are nice people. But they are also a business, and businesses get pressure put on them to make money, get people buying shares and controlling interests, change terms and conditions.

Just look at cddb. We all thought they were great, making a free music database. Then, once they had all the info WE had provided, they started charging to access it. In a few years google will have a better profile of almost every user in the world than the cia or the fbi.

They may well not DO anything bad with it, but there are going to be lots of people who would kill for that information...
 toms
07-23-2004, 12:11 PM
#15
and of course there are other dangers of storing all that info in one place:
Approximately 8.2 GB of data was stolen from Acxiom Corp, a company responsible for the storage of vast amounts of personal, financial and corporate data.

http://yro.slashdot.org/yro/04/07/22/1338212.shtml?tid=158&tid=172)
 C'jais
07-25-2004, 9:59 AM
#16
Originally posted by SkinWalker
Granted, I think that this is an entirely automated process and not one that is viewed by humans with possible malicious intent, but, nevertheless, the mail is probably still there.

Also, this is nothing new at all.

Your hotmail account, for instance, is also stored on servers that can be perused by administrators at will.

Gmail is just more up front about it.
 toms
07-28-2004, 12:19 PM
#17
" The Stargate SG-1 Information Archive is reporting that the Feds filed charges against Adam McGaughey, creator of SG1Archive.com. The website is a fan site for the television show Stargate SG-1. The charges allege that Adam used the website to engage in Criminal Copyright Infringement and Trafficking in Counterfeit Services. Two interesting things about the charges are that they were apparently set in motion by a complaint by our friends at the MPAA and the FBI invoked a provision of the USA Patriot Act to obtain financial records from his ISP. Is copyright infringment now a terrorist act?"

http://yro.slashdot.org/yro/04/07/27/129219.shtml?tid=153&tid=214&tid=129)

I wouldn't go donating to the guys defence fund, as i think he probably was guilty of hosting episodes on his site (low res eps for catching up on missed episodes, but still illegal), but the fact that the patriot act was used is what is worrying. (and not the first time either, as it was apparently used in a case of embezzlement as well...)

Odd how these laws can get out of hand...:D
Page: 1 of 1