If
buy cheap ampicillin kidney stones block the tube that connects the kidney to
serevent pharmacy the bladder, urine may not be able to pass from
cephalexin prescription a person's body. However, if these levels become dangerously high
order kenalog from canada and the person begins to experience ketoacidosis, they need urgent
vibramycin sale treatment. They used bandages and would bind certain plant products,
toradol canada such as willow leaves, into the bandages to treat inflammation.
buy viagra no prescription required Seeking medical treatment as soon as there are concerns about
robaxin for sale breast cellulitis can help reduce the risk of complications. Most
cheap viagra pharmacy types of aspergillosis cause a cough and shortness of breath,
purchase amikacin best price professional except allergic Aspergillus sinusitis. These specialists will be able to
metronidazole gel online stores provide key information about what is causing symptoms and possible
buying cheap kenalog alternatives professional treatment options that may be beneficial. Diagnosing Alzheimer's disease involves
buy cheap xalatan a multi-faceted approach to distinguish cognitive decline from typical age-related
find no rx viagra memory changes or other cognitive disorders. There are different types of.
In Blown to Bits we spend all of Chapter 5 making the argument that (a) perfect secrecy is possible through public key encryption and (b) almost no one encrypts their email anyway. Why this would be the case is one of those small mysteries of the universe. Few of us actually know people who know that their email has been read, but most of the time we’d have no way to know that. If you are sitting in Starbucks and the guy with the double mocha latte is running a packet sniffer, you’d never know the difference.
Today’s New York Times has the kind of story that might lead more people to take the issue seriously. It seems likely that the NSA is snooping on more email than they’d like to admit. The simple fact that the cost of surveillance has plummeted in itself makes abuse more likely. (THe NSA doesn’t need to loiter at Starbucks. They can get access to ISPs’ switching equipment.)
If you use Google’s Gmail, you can encrypt all your mail. The preference setting is pretty obscure, and you have to opt-in: the default is no encryption. Chris Soghoian, I, and a number of other computer scientists and security experts have just called on Google to make encryption the default. Our letter explains it all: You can read it here.
This entry was posted
on Wednesday, June 17th, 2009 at 9:53 am and is filed under Secrecy and encryption, Surveillance.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.
June 17th, 2009 at 10:32 am
[…] here: Encryption is the answer Posted in News | Tags: actually-know, double, file-today, fine-but, one-answer, one-encrypts, […]
June 17th, 2009 at 11:00 am
This is inaccurate. Gmail does not have the option of encrypting mail that is being sent. HTTPS only encrypts communications between your browser and Gmail’s servers while you’re interacting with the Gmail web client. Once you hit send, your message travels across the Internet from Google’s mail servers to the recipient’s mail server. This happens over the SMTP protocol, in clear text.
Unless both you and your recipient use additional tools for encrypting and decrypting mail before it’s sent over SMTP, anyone who is listening in can read your messages in transit. This is what the NSA does.
June 17th, 2009 at 12:43 pm
I’ve had https setup on my gmail account for a long time. One minor irritation is that the igoogle gadget for gmail doesn’t work when you have https turned on- I wish they’d fix that.
As another poster has pointed out, using https only protects your email as it goes from your machine to google’s server. From there on, it’s sent unencrypted to the recipients server. The chances that some hacker will be listening in on your Wifi network are much higher than that they’ll be listening to the traffic between Google’s server and the destination mail server, so it really does make sense to use https. However, it certainly doesn’t protect your email from snooping by the NSA.
June 18th, 2009 at 2:39 pm
Konstantin and brian,
Sorry I wasn’t more specific; you are both correct. Both ends of the email communication have to to be using encryption for the communication to be secure along the whole path (plus the path between servers, if they are different). People have the same confusion about Blackberries — from the mobile device to the Blackberry server is encrypted, but of course if the mail is not destined for another Blackberry it will not be encrypted the rest of the way. But with Gmail, the most worrisome vulnerability is WiFi packet sniffing at the source, and using SSL solves that problem.
June 19th, 2009 at 12:55 pm
Thanks for those further clarifications. I feel much better about having used the https log-in since it became available. It’s unfortunate that google isn’t doing more to encrypt given that most of the known problems out there have viable solutions (ie, the wifi sniffing mentioned above, or preventing phishing attempts with extended validation ssl’s green url bar).
One question, though, from the non-expert: how does this change while accessing Gmail through, say, an iPhone 3G network rather than a wifi connection? Obviously https is still an option, but is its preventative power affected at all from the change?
June 20th, 2009 at 12:01 pm
Assuming Apple has implemented https correctly, you’re safe.