|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Reasonably secure email
|
On Mon, Dec 22, 2008 at 12:20:13PM -0500, brent timothy saner wrote:
> Alex Valentine wrote:
>
> > http://www.gnupg.org/
>
>
> i'd really have to second GnuPG. it's a bit more work to set up the web
> of trust since it reeeeeaaally should be done in person, but you
> shouldn't have much problems if your organisation is around 50 members
> or less.
>
> i've not heard of hushmail but being the paranoid person i am, i don't
> trust third party developers/services when it comes to security. :)
To a point, you must trust other developers. After all, you
(probably) didn't write every line of code on your computer, and many
of those bits of code can subvert your security just as well as a
malware security application. (i.e. Why bother to trojan GnuPG, when
I can intercept keystrokes from the keyboard driver?)
It is very wise to be cautious about services, though. Even if a
service is well intentioned and correctly implemented, you cannot know
that it will remain that way forever. At least code that runs on your
own box remains basically static and can't change its behavior after a
subpoena:
http://www.itnews.com.au/News/65213,hushmail-turns-out-to-be-anything-but.aspx
http://www.privacydigest.com/2007/11/19/hushmail+warn+users+law+enforcement+backdoor
http://blog.wired.com/27bstroke6/2007/11/pgp-creator-def.html
Nothing against Hushmail - they run a good system, and it's secure
from what it is intended to be secure against. Users should be aware,
though, of what it is not intended to be secure against.
David
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|