[Crypto-chi] Follow up on March 14 crypto meeting at PS1

ME TOO electromechanical at gmail.com
Thu Apr 23 21:57:02 CDT 2015


I thought someone made it clear. No fucking picture!

On Sat, Apr 11, 2015 at 12:10 AM, joe fuentes <joseph.fuentes at live.com>
wrote:

> hello All
>
> The problem as I see it with using POP3 and stuff like this is that it
> will clutter up your hard drive.  I recall whilst I was an Outlook user, my
> PST file was approaching its max file size limit. Also there were limits on
> the size of the mailbox at the server side. When using Earthlink I had to
> delete a bunch of files on the server simply cuz I was running out of space.
>
> These drove me in part to move to webmail.  Plus if you download via POP
> your emails to your email client, such as Outlook or Thunderbird, the
> messages will disappear from the server, thus inaccessible via webmail.
> The downloaded emails will only be visible on the device you downloaded it
> to, most likely a PC.  So you want to see those messages from another
> laptop, a tablet or smartphone - you're out of luck. You'll have to dig up
> those downloaded messages on the very device you downloaded them to.
>
> Making things worse, if you start downloading messages to your tablet or
> worse yet your smartphone, you'll max out its storage capacity lickety
> split like  if you use K-9 or another email client.  on my Asus phablet I'm
> already facing space issues and I'm not even downloading emails.
>
> So for practical terms looks like open source PGP plugins may be our only
> solution for now unless someone builds a secure webmail system from the
> ground up that has no opt out for encryption. The trick there for its
> widespread adoption is that is must be easy to use.
>
> Thoughts anyone?
>
> Joe
>
> Crypto-chi] Follow up on March 14 crypto meeting at PS1
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > "Whilst usingplug ins like enigmail for Thunderbird is great and
> > everything , we need to be cognizant touhhat quite often we are using
>
> > webmail of one sort or another."
> >
> > Most, if not all web-mail providers give you mailbox access via
> > POP3, or IMAP protocols which you can use with Thunderbird keeping the
> > content both plaintext and encrypted on your local system which is more
> > secure then browser based applications.
> >
> > "Especially for those of on our mobile devices."
> >
> > On Android, there is K-9 Mail and OpenKeyChain-- both work
> > quite well, but as I said in my talk mobile platforms are severely
> > broken in many ways. I would not store my private keys on a mobile phone
> > ever. Mobile devices are very easy to loose too.
> >
> > "Fortunately there are various bowser extensions that facilitate this.
> > For gpg we can count on the following..."
> >
> > Counting on software that has not passed community audits by security
> > professionals or professional cryptographers is dangerous and should
> > be avoided for sensitive use.
> >
> > "Google has yet to release its own Chrome plug in"
> >
> > I'm looking forward to this project, however I do wonder what Google
> > will do to continue scanning your email to serve you ads based on the
> > content so they can make money.
> >
> > "It's alpha not yet ready for prime time.."
> >
> > Don't trust early stage software especially new crypto to sensitive
> > needs, it may harm you.
> >
> > "..don't know wot's taking them so long."
> >
> > Strong cryptography, and good code is not a rush job as any oversight
> > can possibly compromise the security of the project in turn your safety.
> >
> > "Even Windows has support for GPG through VisualGPF."
> >
> > "..Windows app that does key management stuff like sign, decrypt
> > and key maintenance. It's GUI based so you don't have to use the CLI to
> > perform these tasks."
> >
> > GPG4Win has a nice interface and support for Windows.
> >
> > http://www.gpg4win.org/
> >
> > "...even MS Outlook has its own GnuPG plugin. Though there are some
> > grumblings about Outlook being closed source, I think this can overcome
> > that objection."
> >
> > Just using a plug-in that is open source does not make the client less
> > susceptible to compromise. This plug-in is also not written by Microsoft.
> >
> > ".. let's not forget our smartphones. Chatsecure, Textsecure, Redphone.."
> >
> > Yes, you should use all of these! They use strong crypto and have been
> > audited by professionals. 10/10!
> >
> >
> >
> > All the best,
> >
> > - -Brian
> > -----BEGIN PGP SIGNATURE-----
> >
> > iQIcBAEBCgAGBQJVH5qgAAoJEFjBjkteF9VaY7kP/jmh7EG+wLsLuf+uk+mvgpfT
> > vbYP++JktbhrXKXrcgqNdgLvHFyaLkMlVQ8Gp84ixTWIrkYJ77wi414hV5k7E8cF
> > NnznQ0En0Z3GEJ5FlajvQQ3PE7cPBBcB6hqb8toU+ZKsduIwLqNAN1LYuJ65UgiV
> > 3SWTn8DO8ZImiJ6cFsT3qY15X0+lqendmczyclBnsGt2+nYe38vT9i1Ksgtjo49B
> > aiwkmWJZlF8OFtXQw8oFCF9KlJPscR+TmceC/80h8sI4gpSqaOx9j5f4CKz843tj
> > BRVZjnC8/+p2eN6MfxE7fGQLlNRR3Tmr8dr2bPNMOuNpAHNVqsXa5S9e2cKwMWgC
> > fRt2spug/GVD5OGQAaQ+VIyxRA4SZlJDqG+03+/mK7AFLgf2qOfrAb/hB+ZwZZFF
> > LX+HCqwZuvIZsaPZLIldmYDAp91aPhIpIXuv6jhrmEGkDhqbIj4TZIHUgygH34DS
> > AJ2GYdAQd5HVNx0puAmbmuF532L7fC9W4PK53pYByZ5gaEAEliJVlS96BpcP58tD
> > rmRfKJMI363S649Oekx14PjOwXZ5M4/4ousoqcaP6MLSvp+jBj9hcomxyfv79MLz
> > B/zdzxoFvMdk7z6rK2LzY6XdCKviklo2tq6C88Nqp3ZhK3sqSbLGjL69NInZaihm
> > qXMwkZLzsbnJhT3dxv46
> > =VNmV
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > cryptoparty-chi mailing list
> > cryptoparty-chi at groups.sshchicago.org
> > http://groups.sshchicago.org/listinfo/cryptoparty-chi
>
> _______________________________________________
> cryptoparty-chi mailing list
> cryptoparty-chi at groups.sshchicago.org
> http://groups.sshchicago.org/listinfo/cryptoparty-chi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://groups.sshchicago.org/pipermail/cryptoparty-chi/attachments/20150423/922f1832/attachment.html>


More information about the cryptoparty-chi mailing list