Well, the recently by Edward Snowden uncovered surveillance activities of many intelligent services I am now fed up enogh to leave the comfort zone and do something. Or better: want to do something. In fact pgp'ing my mails. But it seems to me it's not too easy with MorphOS. Am I right that pgp 5 is heavily outdated and should not used anymore? And am I also right that GnuPG is available in Version 1.4.2 for MorphOS as newest? And that YAM and GnuPG will not really team up?
Anyone ideas how to pgp mails on MorphOS except doing it manually via console and GPG 1.4.2?



[ Editiert durch Zylesea 06.11.2013 - 22:59 ]

Quote:

do you really have anything in your emails that needs protecting?

I know that it is just aggravating that anyone might be able to spy on your private life, but for myself, I don't think it is worth it for me to worry about any of that. I don't think I would put anything that needed protecting in an email in the first place.

@amigadave Do you lock your door and close your curtains?

The killers, thieves and liars doing business as 'the state' aren't dressing up their PR campaign very convincingly these days...

amigadave,
Quote:
Plain and simple answer: Yes.

Actually , I would like to take the opportunity to apologize for the actions of some of the intelligence agencies my government (sort of) controls.
Its not like these people have to answer to the electorate, guys.
And, if the Bush years did not convince you that our government has become somewhat irresponsible, well now you have a better idea of the scope of things.

BTW - I fail to see why anyone should question whether the content of my communications gives me anything to hide. Its MY private communication. No one should have the right to baselessly snoop through it.

Welcome to the new world order. Suffocating isn't it?

XDelusion,
Quote:

Is it really that new?

I for one hope someone reads every single mail from me and to me, every single one of them, especially the work emails. I send and receive minimum of 50 emails every single day and hope someone else but me also wastes his or hers time on them

Quote:

So, you have got something to hide, huh? Interesting...

Yes, I do lock my doors now and close my curtains, or blinds, if I want some privacy from anyone who might look through my windows, but knowing what I know about the insecure nature of electronic media and the Internet, I am careful not to put anything in any email that I think my life depends on it being private.

Too many examples of such communications being hacked have taught me that nothing "Online" is secure, or safe.

Like Jim, I am ashamed of the actions of the US government, but it will take something like a full scale revolution, or total mind shift of the American public, and an outcry so loud that our government will be forced to listen and change their ways. Our government has long ago ceased to be a government by the people and for the people. It has been run by the special interest groups, corporations, and greed of a few corrupt people in places of power for many, many years.

America may be one of the most guilty governments in the world, but I believe that all governments share the same problems and faults, to some extent.

Yasu,
Quote:
No, it's a few centuries old now, but getting closer and closer to that efficient, robot like, precision they've been selling us.
Good bye to the laws of the jungle, though I'm afraid not to the responsibility of breeding a culture that refuses to pay heed to is patterns.

Oh well, everyone's embracing it, they love the change, they love the U.N, and they love to blame the U.S. when in fact these changes come from those who's contracts control U.S. affairs as well as those of the majority of the rest of the world.
"The comfort you demanded is now mandatory" - Jello Biafra

[ Edited by XDelusion 07.11.2013 - 15:20 ]

Oh well, Chris.
As long as I don't live long enough to have my owners decide salvage me for useful parts, I'll be happy.
But I have an suspicion that this continuing trend to devalue humanity may, one day, get far uglier.
And by then...we will not have the power to resist it.

Think I sound grim?
Hey, I'm just glad life is finite.
If history is any proof, we are very good at taking advantage of and abusing our fellow man.
This is related to human nature and I can not see it changing.

Hey, I was born in 1960.
The chance for a new age of enlightenment and consideration, that died.
It ain't coming back.

Okay, while I also like discussing about the spying and all this stuff in general I'd like to focus again on my actual question:
How to use email with decent pgp on MorphOS? The best I found was gpg 1.4.2 and manually encrypt mails. But that is not very comfortable. Is that the best what's available, or have I overseen something?

Btw.: Eventually iIt doesn't matter whether I have something to hide or not (my answer "yes" was a bit blunt though but the question literally asked for such a blunt answer). Maybe I have something maybe I haven't. It doesn't matter. Thing is: I don't want others than the receipent to read my mails. Nothing more, nothing less.

As a short and perfunctory answer, I don't see how you can safe guard against what you are worried about Zylesea.

I mean, how do you share the decryption key with your e-mail recipient, e-mail it too them...

Hmm, nah.

You could pop around to their place give it to them and hurry back home to send your e-mail...

Ah, nope.

Or, and this is my tactic, you could not worry about it because most of this surveillance is automated and never triggers anything that gets a real human being's attention unless certain triggers occur.

And even then, I don't think saying over the internet "That stuffs da bomb.." is going to have the NSA all over you anyway.

Plus, take it from someone that grew up around these paranoid morons. US intelligence agencies NEVER get anything right.
Hey, it was our CIAs brilliant idea to smuggled poisoned cigars into Cuba to kill Castro. Like he didn't have enough of his own cigars.

Actually, if you want to worry about competent espionage, pray the Israelis or the British are not watching you.
'Cause they aren't a bunch of fuck ups (like US agencies seem to be staffed by).

Jim,
Quote:
PGP works asymetrically woth two keys, the encryption keyand the decryption key. I own my_ private_ decryption key, but the encryption key is _public_. The sender encrypts a message with the receipents public encryption key, but _only_ the receipent owns the key to decrypt it again.
As long as the private decryption key doesn't get stolen pgp is actually pretty safe.

Quote:
At least GCHQ is spying massively in Germany which is IMHO even more irritating than the spying f the US authorities. The UK and Germany are both in the EU. I am really sad hearing from those UK spying activities against other European countries as I actually _really_ like that country and the ppl very much.

[ Editiert durch Zylesea 08.11.2013 - 09:59 ]

Quote:

No human is likely to read your e-mails or listen to your phone calls or peek on the websites you are visiting, not unless you are marked as an active threat of some kind. What they do is that they build a profile on you (and everyone else) based on the contents of our e-mail/phone/sms/web/etc and map our social networks by looking at whom you communicate with on any and all media of communication.

A few years ago, many countries introduced new laws (and changed old ones) making it perfectly legal for their respective "intelligence agencies" to listen in to *every single one* of all e-mail, data, phone etc traffic from and to *everyone*. The effectively put a tap on *everything*. They are profiling the entire population, constantly. And everything is orchestrated by NSA, who without doubt is the spider in the web, but the contributing countries gets a piece of the pie as payment. Snowden's revelations has been very enlightening in this, and for those who has followed what has been going on during the last 5 years, Snowden has made all pieces come together.

Osama bin Laden won. He may be dead, but everyone dies and he had most of his life behind him. No doubt he knew that he would eventually be killed, that was obviously a price he was willing to pay, like many of his kind. But the impact he made to the world will now live on forever. USA (and some European lapdogs, including my own country) has created the ultimate Orwellistic big brother society. They have opened pandora's box, and it can't be closed again.

What really makes me sad (and probably Snowden as well, considering he effectively sacrificed all chances of having a life to make these revelations) is that so few people actually cares. Those who say "I don't care if anyone looks in my e-mails or listen in to my phone calls, because I have nothing to hide" has clearly not understood what it's all about.

We are no longer free. And all it took to fundamentally change our core principles of society was to fly some planes into some buildings.

A very concise post by takemehomegrandma.

However, I am surprised at everyone's reaction to Snowden's "revelations".
Weren't any of you paying attention over the last several years while they passed the laws (some of them retroactive) which made it legal for them to do this?

It isn't a matter of the V for Vendetta voiced opinion that "People should not be afraid of their governments, governments should be afraid of their people", the fact is the populous has scared government officials who desire to remain in control pretty much as long as there have been governments.

And Zylesea, you still haven't explained to me how you securely get the key to your recipient, or how you prevent simple spying tools like key logging software from retrieving that code from you.

What amuses me most, is that many of you apparently think these 1984 like machinations are something new. They just have access to modern technology that is better able to do it.

For example, it is still a widely held belief, that our phone system used to render call tracing difficult. Our government apparently finds it useful to perpetuate myths like that.
The fact is, calls made via phone tied to our Western Electric designed networks were completely traceable and have been since before I was born.
"Anonymous phone calls", that one has always been a hoot.

>> PGP works asymetrically woth two keys, the encryption keyand the decryption
>> key. I own my_ private_ decryption key, but the encryption key is _public_. The
>> sender encrypts a message with the receipents public encryption key, but
>> _only_ the receipent owns the key to decrypt it again. As long as the private
>> decryption key doesn't get stolen pgp is actually pretty safe.

> you still haven't explained to me how you securely get the key to your recipient

I think he has explained quite well that there is no need to securely get the public key to the recipient. You may want to read there in more detail:

http://en.wikipedia.org/wiki/Public-key_cryptography

> or how you prevent simple spying tools like key logging software from retrieving
> that code from you.

Even if there is keylogging software for MorphOS, and we know that the security measures provided by MorphOS are abysmal, I think Zylesea is in full control of his MorphOS system so that it wouldn't be easy to remotely install a keylogger on his system without him noticing. Apart from that, you don't have to enter your private key by keyboard everytime you want to decrypt a mail.

>>but _only_ the receipent owns the key to decrypt it again

Yes, I definitely glossed over that, all apologies to Zylesea.

This, however, is a curious assertion "I think Zylesea is in full control of his MorphOS system so that it wouldn't be easy to remotely install a keylogger on his system without him noticing"

Are you under the impression that such software makes its presence known when installed?

And I think we might have an advantage over say older Windows versions that simply ran ActiveX code when displaying messages (you have to wonder what genius thought that was a good idea).

>> I think Zylesea is in full control of his MorphOS system so that it wouldn't be easy to
>> remotely install a keylogger on his system without him noticing.

> This [...] is a curious assertion
> Are you under the impression that such software makes its presence known when installed?

No, but such software (after it got remotely and silently installed on a MorphOS system, that alone should be a hurdle, especially considering the obscurity of MorphOS) must be automatically started from somewhere after or during each boot. Inherited from AmigaOS, the MorphOS file structure and startup process are so clear and easy to understand that the few places where this can happen are well known. I'd bet that an expert user like Zylesea would quickly spot any anomalies occuring in SYS:WBStartup, SYS:S or MOSSYS:S.

>Zylesea would quickly spot...

Yes, probably more likely than I would as you know that narrowly focusing on something is not one of my strong point.

And MorphOS' low profile does help insulate it from malicious attacks.

[ Edited by takemehomegrandma 09.11.2013 - 00:22 ]

Quote:

You are wrong there. It is quite easy to auto launch software without using the places you mentioned. The easiest way is to replace a command like Assign by the virus/trojan command. This could simply be done by renaming Assign and launching the renamed version with the given arguments after hacking the system.

I demoed that once on a hardware meeting, where I replaced the loadwb command on a system by a tool that opened the CDROM tray on each 20th window close :D

By doing things smart like using a plausible date from other tools to hide the recent touched files. Renaming the old command to some plausible name like AssignLink this change gets quite unnoticed unless you compare files with the MorphOS CD contents.

So in the end you could implant a script which does nasty stuff without even having any additional programming skills.

The users system i "hacked" was driving the owner mad, as if he simply waited for the tray to open, nothing happend and when starting using the system again the 20th closing window triggered it again. It took him several hours to find the hack and he only found it because I was to lazy to set proper date information. His former my system is unhackable illusion was blown away instantly. Even if this happened around 12 years ago, the problem is still unchanged for all systems.

Geit

[ Edited by geit 09.11.2013 - 00:45 ]

> You are wrong there. It is quite easy to auto launch software without using the
> places you mentioned. The easiest way is to replace a command like Assign by
> the virus/trojan command. This could simply be done by renaming Assign and
> launching the renamed version with the given arguments after hacking the system.

Indeed, I didn't think of this way of infiltrating a MorphOS system. I stand corrected then.

geit

Simply stated, that is scary. Leave it to a developer to know how to do this.