It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

All Email is Under Surveillance - Testimony of an Owner of an Email Service

page: 2
27
<< 1   >>

log in

join
share:

posted on Aug, 11 2016 @ 02:48 PM
link   

originally posted by: JIMC5499
In the days that the telegraph was only way to transmit information over long distances, some companies used codes. The purpose of the code wasn't to hide what was being sent, it was to reduce the number of characters that were sent. Telegrams used to bill by the number of words that were in the message. A word consisted of five alpha numeric characters. Why pay for three words to say "John Copeland" when you could make ZXCVB stand for it and only pay for one.

The reason that I bring this up is that if you used a telegraph code, by law you had to give the Federal Government a copy of your code book.


Another piece of trivia to add on to this. The government successfully argued in the 1800's (I forget when exactly) that listening in on telegram lines did not constitute a violation of the fourth amendments search and seizure provisions, because the constitution only applies to physical rather than electronic documents.

Sound familiar?

That ruling was eventually overturned, then it was brought back, then overturned again. It's something that has been going on for close to 150 years now.



posted on Aug, 11 2016 @ 05:31 PM
link   

originally posted by: intrptr

Someone explain to me again how secure data is if your emails travel on the internet?

What was the device the government wanted attached to his server?

Is it that he had over a certain number of subscribers or that his server was secure?



Email isn't secure. Most mail has a tls certificate, so that gives you a little bit of security from your average joe. It does nothing for the NSA. All the major ISP's intercept and funnel traffic through NSA datacenters. The device that was installed would likely be specific to the service, as in whatever measures were being taken to try and get around state-surveillance, well this device likely nulled all of it.

When we're talking about security, we're dealing with throwing resources against attackers, building up layers of defense that's ultimately penetrable, depending on how much resources the attack has. From here, it's basically a risk/reward equation. If you take basic measures, who exactly are you hiding from? Probably just having to deal with alphabet agencies, but does that really matter for your porn fetish and petty crimes? For most people they are of no interest to the agencies that are listening in. If you do get noticed, you'll likely soon be un-noticed, because the majority of us are a nobody.

So at the end of the day, I stick to basic security measures, and realize that it's good enough. For years I've stated the only fear I have here is in the fact that this data doesn't go away, it sits in a datacenter, and while with the current tech and law in place as is, it makes little sense to be worried in 2016... but lets say laws change, the govt becomes a hell of a lot more corrupt, and the state of tech advances to a degree that all can be surveiled in depth by AI overlords... yea, the things that seem inconsequential right now, might just add up to a bad judgement in say 20 years time. That's my concern here.



posted on Aug, 11 2016 @ 05:43 PM
link   
a reply to: pl3bscheese

You can make email secure. If you encrypt your message before emailing it, and decrypt it on the other side, there's not much the NSA can do unless they can break your encryption (and most indications are that they can't do this yet if you use the right one).

That does nothing for metadata though, because that's all on the email providers side and meta data is what they're interested in more than anything else.
edit on 11-8-2016 by Aazadan because: (no reason given)



posted on Aug, 11 2016 @ 05:46 PM
link   
a reply to: Aazadan

That's pretty standard for most mail, but I seriously doubt that does anything for the NSA. I would tend to think they have chips that are specifically engineered to get around this technology.... but for right now this is just a guess.

I don't know how knowledgeable you are here, but from your comment it appears you're not really considering MITM attacks, dns poisoning, server misconfigurations, or even malware on your host machine.

It's a bit more complicated than you put, but I don't care to get into this all.
edit on 11-8-2016 by pl3bscheese because: (no reason given)



posted on Aug, 11 2016 @ 06:40 PM
link   
a reply to: pl3bscheese


qje0UuM8-OU

Thanks for the rundown. I agree, little people don't matter yet. Theres a time and demise though in gubments where they become so paranoid they develop a police state akin to 1984 , where everyone is a suspect. I'm writing this book of my thoughts on line for the last few years on a place called ATS. If the controllers become so paranoid my ravings against the machine are deemed a threat, then I don't want to live in that state anymore.

They can have my body, I'll be revolting somewhere in the spirit world.



posted on Aug, 11 2016 @ 07:18 PM
link   

originally posted by: lordcomac
I used to be in charge of a mail server cluster responsible for ~50,000 email addresses.
The goobers can essentially demand you give them 24/7 access to anything and everything, and also put you under a gag order- so if you say anything you get buried under a prison.

10 out of 10 people will just bow their head in shame and let the corruption keep on keeping on. It's the only way to get on with life.

There is no privacy on the internet- or anywhere else anymore.


All true but the situation is not due to nefarious government agencies its due to the economic costs of distributing keys safely. There are plenty of small homebrew cryptographic modules that use secure channels for distributing keys. Key file maintenance is more difficult etc etc.



posted on Aug, 11 2016 @ 09:26 PM
link   

originally posted by: pl3bscheese
a reply to: Aazadan

That's pretty standard for most mail, but I seriously doubt that does anything for the NSA. I would tend to think they have chips that are specifically engineered to get around this technology.... but for right now this is just a guess.

I don't know how knowledgeable you are here, but from your comment it appears you're not really considering MITM attacks, dns poisoning, server misconfigurations, or even malware on your host machine.

It's a bit more complicated than you put, but I don't care to get into this all.


I'm not overly knowledgeable on security but I do know some. Honestly, the best security these days is to hide in plain sight, especially if the NSA is your concern. The NSA has a problem where they're sucking up so much data that the noise ratio is very high, they have everything but they have no idea what they have, and they have no idea where to start looking. If your emails don't set off any warning bells and it looks like the standard unencrypted junk everyone else has, they'll never find it.

It's only when you start taking actions deemed suspicious (emailing certain contacts, encrypting your messages, etc) that you set off warning bells that make them take a closer look.



posted on Aug, 14 2016 @ 10:15 AM
link   
Knowing the security risks of using any email, I'm sure there are ways to encrypt that would take them a while to break.

Someone could use the email conversation to communicate other information, ie. a conversation about the health of a family pet could relate to another situation, like a police investigation or an on going court case let's say.

Then there are old school encryption methods where you encrypt the message by hand using a Vigenere table or other alphabet substitution codes. That would be an obviously encrypted message and red flagged for sure and if they got your key, then they have the decryption.

Actual hand written communications that are delivered by a private courier might be best, esp. if that message is encrypted a couple of layers by hand with no single person having all the keys for decryption.
edit on 14-8-2016 by MichiganSwampBuck because: typo



posted on Aug, 14 2016 @ 12:04 PM
link   

originally posted by: pl3bscheese
Yea well we've known this for years. Anyone approaching a significant size gets the talk and gets all the mail sniffed.

Solution is easy. Set up your own mail server. I had a thread a while back on mail-in-a-box. It's dummy proof mail server.


Your own mail server does not protect you from the network sniffing of POP, SMTP and IMAP packets inbound or outbound.
The only protection you have is encryption.



posted on Aug, 14 2016 @ 01:02 PM
link   

originally posted by: MichiganSwampBuck
Someone could use the email conversation to communicate other information, ie. a conversation about the health of a family pet could relate to another situation, like a police investigation or an on going court case let's say.


This is a popular fallacy, they're not scanning for keywords. What they're scanning for is certain words or phrases that often times appear in conjunction with other words and phrases combined with who you're talking to and how frequently you speak to them. From there they can establish if a code is taking place.



Then there are old school encryption methods where you encrypt the message by hand using a Vigenere table or other alphabet substitution codes. That would be an obviously encrypted message and red flagged for sure and if they got your key, then they have the decryption.


The problem here is twofold. First, no one knows if the NSA has broken encryption. The rumor is that they haven't, but it's a grey area. Them not breaking it is only the least of your concerns though. Precisely because the NSA doesn't know what's in encrypted conversations, they store all of them so that they can scan and break them in the future when they're able to. So encryption is only short term security.



Actual hand written communications that are delivered by a private courier might be best, esp. if that message is encrypted a couple of layers by hand with no single person having all the keys for decryption.


Hand written encryption is too error prone, and too simplistic for anything other than a Vernam Cipher (which is the only unbreakable encryption known) and those have serious limitations.



posted on Aug, 14 2016 @ 01:17 PM
link   
a reply to: charlyv

Of course it doesn't, but in the context of this thread it's better than sticking with a standard mail provider.



posted on Aug, 14 2016 @ 09:18 PM
link   
a reply to: Aazadan

Your critique is certainly welcome, it is good to know the weaknesses of the potential solutions I came up with off the top of my head. Perhaps you could elaborate on your "hide in plain sight" idea more or offer some other potential solutions.

I thought that my suggestion of talking about unrelated subjects in relation to secret ones wasn't likely to "set off any warning bells" as you put it. Talking about mundane things that are secretly relating to other subjects seems to me to cover the idea of hiding in plain sight as it were.




top topics



 
27
<< 1   >>

log in

join