During
order zofran without prescription a vaginal birth, the person must actively participate in the
order viagra delivery and respond to verbal cues from the healthcare professional.
artane Opioids, also known as narcotics, are medications healthcare professionals prescribe
buy viagra from india to treat persistent or severe pain. The nasal administration route
celexa involves spraying or sniffing a drug through the nose, where
buy asacol without prescription it quickly absorbs into the bloodstream. If the screening test
order no rx (ovral is positive, doctors usually order further tests to help determine
order tetracycline online which condition the individual has. The specific type of surgery
purchase vibramycin online depends on where the carcinoma is and how deep it
compare prednisolone prices online reaches into the skin. However, if the symptoms suggest that
discount compazine there may be a more serious infection, lab tests are
(ovral online cheap an option. The following section provides additional answers to questions
buy zithromax without prescription people often ask about gestational diabetes. Antipsychotic medications can help
order cheapest viagra dose provide some relief from these symptoms, but they come with the.
In Blown to Bits we spend all of Chapter 5 making the argument that (a) perfect secrecy is possible through public key encryption and (b) almost no one encrypts their email anyway. Why this would be the case is one of those small mysteries of the universe. Few of us actually know people who know that their email has been read, but most of the time we’d have no way to know that. If you are sitting in Starbucks and the guy with the double mocha latte is running a packet sniffer, you’d never know the difference.
Today’s New York Times has the kind of story that might lead more people to take the issue seriously. It seems likely that the NSA is snooping on more email than they’d like to admit. The simple fact that the cost of surveillance has plummeted in itself makes abuse more likely. (THe NSA doesn’t need to loiter at Starbucks. They can get access to ISPs’ switching equipment.)
If you use Google’s Gmail, you can encrypt all your mail. The preference setting is pretty obscure, and you have to opt-in: the default is no encryption. Chris Soghoian, I, and a number of other computer scientists and security experts have just called on Google to make encryption the default. Our letter explains it all: You can read it here.
This entry was posted
on Wednesday, June 17th, 2009 at 9:53 am and is filed under Secrecy and encryption, Surveillance.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.
June 17th, 2009 at 10:32 am
[…] here: Encryption is the answer Posted in News | Tags: actually-know, double, file-today, fine-but, one-answer, one-encrypts, […]
June 17th, 2009 at 11:00 am
This is inaccurate. Gmail does not have the option of encrypting mail that is being sent. HTTPS only encrypts communications between your browser and Gmail’s servers while you’re interacting with the Gmail web client. Once you hit send, your message travels across the Internet from Google’s mail servers to the recipient’s mail server. This happens over the SMTP protocol, in clear text.
Unless both you and your recipient use additional tools for encrypting and decrypting mail before it’s sent over SMTP, anyone who is listening in can read your messages in transit. This is what the NSA does.
June 17th, 2009 at 12:43 pm
I’ve had https setup on my gmail account for a long time. One minor irritation is that the igoogle gadget for gmail doesn’t work when you have https turned on- I wish they’d fix that.
As another poster has pointed out, using https only protects your email as it goes from your machine to google’s server. From there on, it’s sent unencrypted to the recipients server. The chances that some hacker will be listening in on your Wifi network are much higher than that they’ll be listening to the traffic between Google’s server and the destination mail server, so it really does make sense to use https. However, it certainly doesn’t protect your email from snooping by the NSA.
June 18th, 2009 at 2:39 pm
Konstantin and brian,
Sorry I wasn’t more specific; you are both correct. Both ends of the email communication have to to be using encryption for the communication to be secure along the whole path (plus the path between servers, if they are different). People have the same confusion about Blackberries — from the mobile device to the Blackberry server is encrypted, but of course if the mail is not destined for another Blackberry it will not be encrypted the rest of the way. But with Gmail, the most worrisome vulnerability is WiFi packet sniffing at the source, and using SSL solves that problem.
June 19th, 2009 at 12:55 pm
Thanks for those further clarifications. I feel much better about having used the https log-in since it became available. It’s unfortunate that google isn’t doing more to encrypt given that most of the known problems out there have viable solutions (ie, the wifi sniffing mentioned above, or preventing phishing attempts with extended validation ssl’s green url bar).
One question, though, from the non-expert: how does this change while accessing Gmail through, say, an iPhone 3G network rather than a wifi connection? Obviously https is still an option, but is its preventative power affected at all from the change?
June 20th, 2009 at 12:01 pm
Assuming Apple has implemented https correctly, you’re safe.