I censor myself online because I do not wish to be pulled into arguments that will only piss me off.
No. But they don’t need my permission.
We can already encrypt and I don’t bother. I’m not doing anything especially sensitive. If they really want to see my naughty pictures, I’m flattered.
The more open people are about things, the less those things will be stigmatized, and the less power other people will have over us for knowing things.
Bolding mine:
Again, not that we know of. At this time.
I continue to be re-disappointed by my country, I should stop reading news.
How is that link relevant? Because XKeyScore isn’t the collection program, just the interface to the collected data? That doesn’t mean that data hasn’t been collected. In fact, quite the opposite. From your link:
It’s like you’re telling me “Google.com doesn’t crawl the internet, it’s just an interface to search already collected data”. Well, that’s technically true, but it doesn’t change the fact that the google.com homepage would be useless without bots crawling the web gathering data.
The NSA gathers bulk data, including content, from a variety of sources, often directly from the physical layer, and then offers their analysts an easy way to search it. That’s even worse, when you think about it. Google wasn’t necessary when the internet was small. Something like that only becomes necessary when users are drowning in a deluge of information, and need help sorting through it. That data is our lives. And NSA analysts are searching through it daily like we’re just so many unwieldy websites.
I don’t have anything in my email that is particularly private or of interest to anyone else, but I still have a strong belief in privacy nonetheless. Just because I don’t have anything private in my email doesn’t mean I may not in the future or even if it’s not something I that is particularly private doesn’t mean I want the government to know about it.
The whole idea of “if you’ve got nothing to hide, why does it matter?” is just an awful place to start with. Privacy should be the default and anyone, government, business, or individual, should need good reason to violate someone else’s privacy. So, hell no, I won’t give my passwords up to anyone without a court order.
As far as encryption goes, I do use basic encryption on my email. I don’t see the point on doing more than that though. There’s no guarantee that the recipients will protect it and sure there are unbreakable and nearly unbreakable methods of encryption out there, but it’s a lot more effort to use those over more readily available options. Thus, it only needs to be good enough to deter anyone who would specifically target me. It’s not that much different from locking my car. A locked car will deter a car hopper, but if someone specifically sees goodies in my car or specifically targets my car for some other reason, they’ll put in the effort to pick the lock or just break the window. None of my messages are private enough to warrant the extra hassle of using more advanced encryption and it’s ridiculous to believe that even if the NSA is collecting all the data that they’ll also spend the effort to crack everything. It’s many orders of magnitude more computationally intensive to crack the data than it is to just scan unecrypted data and/or classify it based on the metadata, so I can only imagine they’d go through that, even if they’re willing and able to without a warrant, if they actually think it’s worth that effort.
It also doesn’t mean it has been collected, and based on the way the story is being reported and discussed, people keep making the leap from what the program could do to what it’s used for. People keep describing it as a program that goes through everything anybody sends online. While it might be technically capable of that, there’s no evidence that’s how it is used. For example in your last post you said the NSA can and does collect everything you send on the Internet. You can just jump from “they have the technical capacity to do go through everything” to “they are doing it.” They’re just not the same claim, and what’s actually going on is troubling enough.
I know what they mean, perhaps your knowledge is limited.
It could be used for that, and there’s no evidence either way whether it is or isn’t being used for that.
Absence of evidence of wrongdoing is not, in this case, evidence of absence of wrongdoing.
NSA is on probation in my mind and in the minds of many, and does not get the usual ‘innocent until proven guilty’ because they’ve already been proven guilty.
Perhaps it is. I am not an expert.
I’m used to public key/private key being two sides of the same coin. Not two different, competing systems. Anyone can encrypt a message using my public key, but only I can then decrypt it using my private key.
Are you talking about certificate authorities or something? Fight my ignorance, please.
But the debate ought to be based on what’s going on, not guesswork about what might be going on based on shaky (or flat-out wrong) interpretations of things like the Snowden power point presentation. Perhaps you’ve noticed how many people seem to believe the NSA is listening to all of their phone calls?
To answer the OP.
NO and NO.
To the OP… If there were a way to check spelling and grammar would YOU use it?
So the existence of Google isn’t evidence that the web is large? Are you saying they’ve built this giant fancy search tool just in case? Just in case what?
How about this, from the Guardian article linked above:
That’s the NSA coming right out and admitting it. Sure, not 100% of emails are collected. There are holes in the dragnet, though we can be sure the NSA is trying to fill them ASAP. But out of a confirmed 1.7 billion a day, 20 trillion a year, do you think you’re one of the lucky ones to escape the dragnet? Or should we rely on something other than luck to protect us?
Or are you saying just because our information is sitting on a server somewhere, that doesn’t count as a privacy invasion until an analyst actually looks at it? Because that’s the semantic game the executive branch is trying to play, and I’m not buying it. Perhaps you’d like me to set up a webcam in your shower, as long as I don’t watch it unless I deem it is necessary to do so?
TriPolar is perfectly capable of defending his own words, I know…
…but if I could take a guess at it:
The concept of public and private keys is a bit different from public key infrastructure. The latter term implies a centralized directory of “published,” for lack of a better word, public keys. A “private key system” still involves two keys, but even the “public” key is shared only with the sender, as opposed to the world at large. To illustrate this, we can imagine Alice and Bob wishing to exchange secret messages. Bob gives Alice his encryption (“public”) key and Alice gives Bob her encryption key.
Now Bob’s messages to Alice are encrypted with Alice’s encryption key and decrypted when she receives them, using her decryption key. But the entire scheme is “private” in the sense that no one else has access to any of the keys.
Yes?
Ok. You said earlier that that’s what was happening, and I said it wasn’t. I’m pretty sure that means I was right. That doesn’t mean this is nothing to worry about and it’s all fine, because it isn’t. But if what’s really happening is that big a concern we might as well get the facts straight. So far the phone metadata thing seems to have seeped into the popular imagination as “the NSA is listening to everyone’s phone calls,” which it isn’t, and when you want to fix the system, doing so based on accurate information is the way to go.
There is in fact no way to have 100% secure communications. I don’t think I’m being pedantic to point that out. An encryption scheme requires an algorithm and key security (and other considerations). Going to a one-time pad isn’t actually solving any real problem, because current encryption algorithms are not the weakest point of attack.
Slight shift of goalposts. I was responding to:
You seem to agree that the encryption scheme is not the issue.
I took “encryption scheme” to mean the whole system. Not just the algorithm. I made that explicit in my last comment, pointing out that a “scheme” entails both an algorithm and a key security model.
Ok, fair enough.
But you and I can agree to exchange e-mails, and I can physically hand or mail you a USB fob with one of my 8192-bit key pair. So far as I am aware, there is no legal way for the NSA or anyone else to intercept such a package and no allegation that they are doing so.
So while I grant it’s not literally a 100% secure scheme, would you care to estimate how secure you believe that method of key exchange would be?