It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by VoidHawk
Now suppose we were to send our email as an image with those squiggles in the background!! This would prevent them from scanning the emails, they'd have to have a human to read each and every email sent.
Originally posted by XeroOne
Okay, the system as outline in the Channel 4 article isn't going to work, and here's why:
First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message.
Originally posted by 11235813213455
This capability has been around for a while. Educate yourself on CALEA
And take it from someone who used to set this up for ISP's. They got you if they want you. Encryption doesnt save you. You hook into your ISP's network your data is theirs the second it leaves the NID.edit on 30-6-2012 by 11235813213455 because: (no reason given)
This black box thing is only going to catch the low-hanging fruit - people who aren't using any encryption whatsoever.
Originally posted by ChaoticOrder
reply to post by XeroOne
This black box thing is only going to catch the low-hanging fruit - people who aren't using any encryption whatsoever.
Actually the article makes it sound like large companies such as Facebook and Google will be supplying the decryption keys to the UK Government.
Hmmm.... that is a good point.
That's a possibility, but the problem is SSL was designed to prevent this by randomly generating the keys at both ends while the connection's established, and then using that to exchange another key using public key encryption.
But that would defeat the whole purpose of a SSL certificate.
It's quite possible Google and FaceBook could provide the government with their SSL cerrtificates, so users think they're establishing a session with the servers themselves instead of a black box.
Originally posted by ChaoticOrder
reply to post by XeroOne
Hmmm.... that is a good point.
That's a possibility, but the problem is SSL was designed to prevent this by randomly generating the keys at both ends while the connection's established, and then using that to exchange another key using public key encryption.
But that would defeat the whole purpose of a SSL certificate.
It's quite possible Google and FaceBook could provide the government with their SSL cerrtificates, so users think they're establishing a session with the servers themselves instead of a black box.