Mailing List Archive

The reasons to abandon PGP for secure communications have been accepted in the security community for years. Here’s one security researcher explaining why (there are many others out there with similar sentiments):
https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/"]https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/
-Ryan McGinnis
http://www.bigstormpicture.com
PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD


Sent from ProtonMail Mobile

On Wed, Aug 12, 2020 at 13:07, Felix <felix@audiofair.de> wrote:

I'm not sure that there are solutions orders of magnitude more secure that are available readily.

Also people tend to get emails on the go as well that might be encrypted. It's convenient to decrypt emails on a smartphone and not really that insecure if you're using an external device for actual keystorage (such as a Yubikey).

I don't actually see what's so silly about the whole thing.
On 2020-08-12 18:57, Ryan McGinnis via Gnupg-users wrote:

Well yes I realize that it exists, what I'm saying is why would anyone use it for secure communications on a smartphone when there are solutions orders of magnitude more secure and simple to use. It'd be like buying a helicopter but deciding you'd still fly only 2 feet off the ground and stick to paved roads. On 8/12/20 11:46 AM, Stefan Claas wrote:

Ryan McGinnis via Gnupg-users wrote:

I guess the real question is: what are people using PGP for on mobile devices? If it's for communication, that's silly. There are at least a half dozen far, far, far better ways to securely communicate on a smartphone.

Well, it is listed by the OpenPGP experts: https://www.openpgp.org/software/openkeychain/"]https://www.openpgp.org/software/openkeychain/ Regards Stefan -- my 'hidden' service gopherhole: gopher://iria2xobffovwr6h.onion

_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users"]http://lists.gnupg.org/mailman/listinfo/gnupg-users

Ryan McGinnis via Gnupg-users wrote:

> The reasons to abandon PGP for secure communications have been accepted in the security community for years.  Here’s one
> security researcher explaining why (there are many others out there with similar sentiments): 
>
> https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/

He is working at Google and IIRC responsible for Golang crypto libs. Can you do me a favor, in case you have a Twitter
account? If so, please ask him what are his thoughts as a Signal user about Pegasus and if a factory reset and new SIM
card would be good enough?

Regards
Stefan

--
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

For example, in this message from Ryan, Enigmail says it has a bad
signature. I think that could be an issue too with it's adoption.

On 8/12/2020 11:29 AM, Ryan McGinnis via Gnupg-users wrote:
> The reasons to abandon PGP for secure communications have been
> accepted in the security community for years.  Here’s one security
> researcher explaining why (there are many others out there with
> similar sentiments): 
>
> https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/
>
> -Ryan McGinnis
> http://www.bigstormpicture.com
> PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
>
>
> Sent from ProtonMail Mobile
>
>
> On Wed, Aug 12, 2020 at 13:07, Felix <felix@audiofair.de
> <mailto:felix@audiofair.de>> wrote:
>>
>> I'm not sure that there are solutions orders of magnitude more secure
>> that are available readily.
>>
>> Also people tend to get emails on the go as well that might be
>> encrypted. It's convenient to decrypt emails on a smartphone and not
>> really that insecure if you're using an external device for actual
>> keystorage (such as a Yubikey).
>>
>> I don't actually see what's so silly about the whole thing.
>>
>> On 2020-08-12 18:57, Ryan McGinnis via Gnupg-users wrote:
>>> Well yes I realize that it exists, what I'm saying is why would anyone
>>> use it for secure communications on a smartphone when there are
>>> solutions orders of magnitude more secure and simple to use.  It'd be
>>> like buying a helicopter but deciding you'd still fly only 2 feet off
>>> the ground and stick to paved roads. 
>>>
>>>
>>>
>>> On 8/12/20 11:46 AM, Stefan Claas wrote:
>>>> Ryan McGinnis via Gnupg-users wrote:
>>>>
>>>>> I guess the real question is: what are people using PGP for on mobile
>>>>> devices?  If it's for communication, that's silly.  There are at least a
>>>>> half dozen far, far, far better ways to securely communicate on a
>>>>> smartphone. 
>>>> Well, it is listed by the OpenPGP experts:
>>>>
>>>> https://www.openpgp.org/software/openkeychain/
>>>>
>>>> Regards
>>>> Stefan
>>>>
>>>> --
>>>> my 'hidden' service gopherhole:
>>>> gopher://iria2xobffovwr6h.onion
>>>
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users@gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

That's a good article and I think it makes a lot of sense in the
context. I still think PGP is valid for sending encrypted emails if you
exchange public keys beforehand (as he also states he still uses it in
that manner). The web of trust also never did anything for me sadly.

On 12/08/2020 20:29, Ryan McGinnis via Gnupg-users wrote:
> The reasons to abandon PGP for secure communications have been
> accepted in the security community for years.  Here’s one security
> researcher explaining why (there are many others out there with
> similar sentiments): 
>
> https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/
>
> -Ryan McGinnis
> http://www.bigstormpicture.com
> PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
>
>
> Sent from ProtonMail Mobile
>
>
> On Wed, Aug 12, 2020 at 13:07, Felix <felix@audiofair.de
> <mailto:felix@audiofair.de>> wrote:
>>
>> I'm not sure that there are solutions orders of magnitude more secure
>> that are available readily.
>>
>> Also people tend to get emails on the go as well that might be
>> encrypted. It's convenient to decrypt emails on a smartphone and not
>> really that insecure if you're using an external device for actual
>> keystorage (such as a Yubikey).
>>
>> I don't actually see what's so silly about the whole thing.
>>
>> On 2020-08-12 18:57, Ryan McGinnis via Gnupg-users wrote:
>>> Well yes I realize that it exists, what I'm saying is why would anyone
>>> use it for secure communications on a smartphone when there are
>>> solutions orders of magnitude more secure and simple to use.  It'd be
>>> like buying a helicopter but deciding you'd still fly only 2 feet off
>>> the ground and stick to paved roads. 
>>>
>>>
>>>
>>> On 8/12/20 11:46 AM, Stefan Claas wrote:
>>>> Ryan McGinnis via Gnupg-users wrote:
>>>>
>>>>> I guess the real question is: what are people using PGP for on mobile
>>>>> devices?  If it's for communication, that's silly.  There are at least a
>>>>> half dozen far, far, far better ways to securely communicate on a
>>>>> smartphone. 
>>>> Well, it is listed by the OpenPGP experts:
>>>>
>>>> https://www.openpgp.org/software/openkeychain/
>>>>
>>>> Regards
>>>> Stefan
>>>>
>>>> --
>>>> my 'hidden' service gopherhole:
>>>> gopher://iria2xobffovwr6h.onion
>>>
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users@gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

vedaal@nym.hush.com wrote:

>
>
> On 8/11/2020 at 3:00 PM, "Stefan Claas" <sac@300baud.de> wrote:
>
> ...
>
> >As understood a Pegasus operator can do what ever
> >he likes to do remotely, anonymously with our (Android/iOS)
> >smartphone, without that we know that this happens.
>
> ...
>
> >in form of a best practice FAQ (cross-platform), to no longer use
> >encryption software on online devices and work out
> >strategies to use offline devices and how to handle this data
> >securely over to an online device, until proper and affordable
> >hardware encryption devices for online usage are available?
>
> =====
>
> There is already a simple existing solution.
>
> [1] Encrypt and decrypt on a computer that has internet hardware disabled.

I am thinking about this mobile one, once it hits the market.

https://pocket.popcorncomputer.com/#products

> [2] Use an Orbic Journey V phone that gets and sends *only text*

Seems not to be available in Germany, so I must look for a similar one.

Regards
Stefan

--
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas wrote:

> Andrew Gallagher wrote:

> > No, you should not stop using encryption software on online devices.
> > That would be insane. We should be adding more encryption at multiple
> > levels, so that compromise of one layer of encryption does not mean a
> > compromise of the entire system. Defence in depth is the only long-term
> > sustainable strategy.
>
> While I personally stopped using online encryption, long ago, after my
> Linux system was hacked, I like to mention (in case people do not know)
> that YubiKeys and Nitrokeys allow also login-in protection via 2FA and
> that than sudo usage requires also tapping on the YubiKey, besides pw
> usage. Not sure if it is the same procedure with a Nitrokey.

Hacking Tool to break into Linux computers.

<https://www.reuters.com/article/us-usa-cyber-russia/nsa-fbi-expose-russian-intelligence-hacking-tool-report-idUSKCN2592HY>

Regards
Stefan


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas wrote:

> vedaal@nym.hush.com wrote:
>
> >
> >
> > On 8/11/2020 at 3:00 PM, "Stefan Claas" <sac@300baud.de> wrote:
> >
> > ...
> >
> > >As understood a Pegasus operator can do what ever
> > >he likes to do remotely, anonymously with our (Android/iOS)
> > >smartphone, without that we know that this happens.
> >
> > ...
> >
> > >in form of a best practice FAQ (cross-platform), to no longer use
> > >encryption software on online devices and work out
> > >strategies to use offline devices and how to handle this data
> > >securely over to an online device, until proper and affordable
> > >hardware encryption devices for online usage are available?
> >
> > =====
> >
> > There is already a simple existing solution.
> >
> > [1] Encrypt and decrypt on a computer that has internet hardware disabled.
>
> I am thinking about this mobile one, once it hits the market.
>
> https://pocket.popcorncomputer.com/#products
>
> > [2] Use an Orbic Journey V phone that gets and sends *only text*
>
> Seems not to be available in Germany, so I must look for a similar one.

I did a bit research and purchased today the IMHO beautiful Doro Primo 413
dumb phone (for elderly people) and it includes a USB C to USB charger/data
cable, which then can be connected to an offline Notebook.

Once my batteries are charged, later today, I will try out the following:

Preparing a PGP message, converting it to JAB-Code and then transfer the
.png image( less than 300 KB, due to German Telefon Carrier specs.) to the
dumb phone.

Finally I will prepare an MMS and load the image and send the message for a
test to my smartphone, for later retrival, to see if everything went well.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas wrote:

> I did a bit research and purchased today the IMHO beautiful Doro Primo 413
> dumb phone (for elderly people) and it includes a USB C to USB charger/data
> cable, which then can be connected to an offline Notebook.
>
> Once my batteries are charged, later today, I will try out the following:
>
> Preparing a PGP message, converting it to JAB-Code and then transfer the
> .png image( less than 300 KB, due to German Telefon Carrier specs.) to the
> dumb phone.
>
> Finally I will prepare an MMS and load the image and send the message for a
> test to my smartphone, for later retrival, to see if everything went well.

Ok, worked! :-) SHA256 hashes matched from both devices.

Only thing I have to do is purchasing an sd memory card, because the regular
memory is to low.

Regards
Stefan


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 8/15/2020 at 1:02 PM, "Stefan Claas" <sac@300baud.de> wrote:

>Ok, worked! :-) SHA256 hashes matched from both devices.
=====
Great to hear!
-----

>Only thing I have to do is purchasing an sd memory card, because
>the regular memory is to low.
=====
If you can afford it, there are 1 TB microsd cards available:

https://www.amazon.com/SanDisk-Extreme-microSDXC-Memory-Adapter/dp/B07P9W5HJV/ref=sr_1_2?crid=LIUTHCJU5JEA&dchild=1&keywords=1tb+sandisk+micro+sd+card&qid=1597692282&sprefix=1+tb+sandisk%2Caps%2C507&sr=8-2:

I have the 1tb sandisk microsd for the phone (my smartphone is a sony xperia z2 premium. I'm in love with the camera and optics, and watch all my videos and amazon prime on the phone). Point is, official specs says it only accommodates a 250 gb microsd. This is not true. Even older galaxy androids that officially say accommodates a 64 gb card, also accommodated a sandisk 400 gb card. As long as there is a microsd slot, it accommodates any size.

*BUT*

The vast majority of 1 TB cards, are COUNTERFEIT, and don't ho;d more than a nominal minimal amount!
Even the Kingston ones, unless you get them from Kingston itself, are very convincingly appearing fakes.

I have been using sandisk since 64gb, then 128, then 400, and now 1 tb. and all of them worked, and got them all on Amazon.

If you know from people who actually used them, of other brands on Amazon that are trustworthy, maybe you can get a good card for less.

Even If you don't need more than 64gb, I would still recommend a Sandisk newer 64gb card, because of the much faster transfer rates.


vedaal


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

vedaal@nym.hush.com wrote:

>
>
> On 8/15/2020 at 1:02 PM, "Stefan Claas" <sac@300baud.de> wrote:
>
> >Ok, worked! :-) SHA256 hashes matched from both devices.
> =====
> Great to hear!

Thanks. :-)

> >Only thing I have to do is purchasing an sd memory card, because
> >the regular memory is to low.
> =====
> If you can afford it, there are 1 TB microsd cards available:
>
> https://www.amazon.com/SanDisk-Extreme-microSDXC-Memory-Adapter/dp/B07P9W5HJV/ref=sr_1_2?crid=LIUTHCJU5JEA&dchild=1&keywords=1tb+sandisk+micro+sd+card&qid=1597692282&sprefix=1+tb+sandisk%2Caps%2C507&sr=8-2:

No, can't afford it. I already purchased a 32GB card, wich is more than enough for me.

Regards
Stefan



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas wrote:

> ?????? ?????? via Gnupg-users wrote:
>
> > Isn't the NSO group Israeli, not Russian as claimed in the video? https://en.wikipedia.org/wiki/NSO_Group
>
> Yes, as understood. I think it really doesn't matter where Pegasus does come from.

Sorry for being now probably completely off-topic, but when it comes to informations we find
on the Internet and/or are discussing if videos or informations are faked, or some people
like to guide us in wrong directions, I would highly recommend to watch Millie Weaver's
'Shadow Gate' documentary, which was released a couple of days ago and is already banned
on YouTube and Facebook.

https://banned.video/watch?id=5f37fcc2df77c4044ee2eb03

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

* Stefan Claas <sac@300baud.de> Aug 19, 16:31:
>
>videos or informations are faked, or some people like to guide us in wrong directions,

Oh, the irony...

>I would highly recommend to watch Millie Weaver's 'Shadow Gate' documentary, which was released a couple of days ago and is already banned on YouTube and Facebook.
No, it is not banned. Anyone with access to a web browser can see that.
It's a conspiracy theory produced by the well known misinformation and conspiracy website Infowars.
--
// Marcus

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Sorry for being now probably completely off-topic, but when it comes to informations we find
> on the Internet and/or are discussing if videos or informations are faked, or some people
> like to guide us in wrong directions, I would highly recommend to watch Millie Weaver's
> 'Shadow Gate' documentary, which was released a couple of days ago and is already banned
> on YouTube and Facebook.

Stefan, I'm not a list moderator and I have absolutely zero authority to
say this, but I'm going to say it anyway:

Please take this stuff elsewhere.

You're linking to a conspiracy theory video alleging a... look, I'm not
going to give these people credibility even by *summarizing* it. It
should be enough to say that InfoWars is backing it.

It has no connection to fact or even reality, and even less than no
connection to GnuPG or communications security.

Please, I'm begging you: take it elsewhere. It doesn't belong here.

https://www.usatoday.com/story/news/factcheck/2020/08/18/fact-check-shadowgate-spreads-misinformation-major-events/5601742002/


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Mittwoch, 19. August 2020 20:10:29 CEST Robert J. Hansen wrote:
> You're linking to a conspiracy theory video alleging a... look, I'm not
> going to give these people credibility even by *summarizing* it. It
> should be enough to say that InfoWars is backing it.

We need to stop calling such rubbish "theories". Better call it "conspiracy
myths" or "conspiracy tales" or "conspiracy stories" or anything else that
makes it clear that (unlike scientific theories) it is not supported by facts.

Sorry, for adding to this off-topic thread.

Regards,
Ingo

On 19-08-2020 23:28, Ingo Kl?cker wrote:

> We need to stop calling such rubbish "theories". Better call it "conspiracy
> myths" or "conspiracy tales" or "conspiracy stories" or anything else that
> makes it clear that (unlike scientific theories) it is not supported by facts.

You mean like the conspiracy myth that the NSA was eavesdropping on
everyone, whether they were allowed to or not? Yes, that was not
supported by facts (before the Snowden revelations) so it must have been
utter rubbish.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Thu, 20 Aug 2020 00:36, Johan Wevers said:

> You mean like the conspiracy myth that the NSA was eavesdropping on
> everyone, whether they were allowed to or not? Yes, that was not
> supported by facts (before the Snowden revelations) so it must have been

There have been technical facts around for a long time. Examples are
the Interception Report 2000 to the European Parliament and later a
testimony from an AT&T employee. Checkout cryptome.org ;-)
Snowden then provided internal NSA documents as final evidence.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Robert J. Hansen wrote:

> > Sorry for being now probably completely off-topic, but when it comes to informations we find
> > on the Internet and/or are discussing if videos or informations are faked, or some people
> > like to guide us in wrong directions, I would highly recommend to watch Millie Weaver's
> > 'Shadow Gate' documentary, which was released a couple of days ago and is already banned
> > on YouTube and Facebook.
>
> Stefan, I'm not a list moderator and I have absolutely zero authority to
> say this, but I'm going to say it anyway:
>
> Please take this stuff elsewhere.
>
> You're linking to a conspiracy theory video alleging a... look, I'm not
> going to give these people credibility even by *summarizing* it. It
> should be enough to say that InfoWars is backing it.
>
> It has no connection to fact or even reality, and even less than no
> connection to GnuPG or communications security.
>
> Please, I'm begging you: take it elsewhere. It doesn't belong here.
>
> https://www.usatoday.com/story/news/factcheck/2020/08/18/fact-check-shadowgate-spreads-misinformation-major-events/5601742002/

Hi Robert,

at least you may agree that Millie's documentary shows viewers that since a long time private contractors
play an important role for Intelligence Agencies.

<https://www.seattletimes.com/nation-world/private-contractors-play-key-role-in-us-intelligence-work/>

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> at least you may agree that Millie's documentary shows viewers that
> since a long time private contractors play an important role for
> Intelligence Agencies.

Yes. Obviously. As everyone has known since the day the CIA was
established. There's even a website for contractors with security
clearances: https://www.clearancejobs.com. This nonsense video of
conspiracy delusions revealed nothing factual.

Please, I'm begging you: stop hyping this madness. At the very least,
do it elsewhere.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Robert J. Hansen wrote:

> > at least you may agree that Millie's documentary shows viewers that
> > since a long time private contractors play an important role for
> > Intelligence Agencies.
>
> Yes. Obviously. As everyone has known since the day the CIA was
> established. There's even a website for contractors with security
> clearances: https://www.clearancejobs.com. This nonsense video of
> conspiracy delusions revealed nothing factual.
>
> Please, I'm begging you: stop hyping this madness. At the very least,
> do it elsewhere.

As you wish, I will now no longer reply to this part of this thread.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Generally when something is "banned from Youtube" and the reason for the
ban wasn't that it was outright pornography, copyrighted content, or
illegal content, you can rest assured that the "banned video" is some
Grade A Prime Whackadoo McCrazy Bullshit and that you will become dumber
if you watch it. 

On 8/19/20 9:31 AM, Stefan Claas wrote:
> Stefan Claas wrote:
>
>> ?????? ?????? via Gnupg-users wrote:
>>
>>> Isn't the NSO group Israeli, not Russian as claimed in the video? https://en.wikipedia.org/wiki/NSO_Group
>> Yes, as understood. I think it really doesn't matter where Pegasus does come from.
> Sorry for being now probably completely off-topic, but when it comes to informations we find
> on the Internet and/or are discussing if videos or informations are faked, or some people
> like to guide us in wrong directions, I would highly recommend to watch Millie Weaver's
> 'Shadow Gate' documentary, which was released a couple of days ago and is already banned
> on YouTube and Facebook.
>
> https://banned.video/watch?id=5f37fcc2df77c4044ee2eb03
>
> Regards
> Stefan
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

--
-Ryan McGinnis
http://bigstormpicture.com
PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD

Calling that a documentary is like me tattooing angel wings on my back
and trying to pass as an attack helicopter.

On 8/20/20 10:23 AM, Stefan Claas wrote:
> Robert J. Hansen wrote:
>
>>> Sorry for being now probably completely off-topic, but when it comes to informations we find
>>> on the Internet and/or are discussing if videos or informations are faked, or some people
>>> like to guide us in wrong directions, I would highly recommend to watch Millie Weaver's
>>> 'Shadow Gate' documentary, which was released a couple of days ago and is already banned
>>> on YouTube and Facebook.
>> Stefan, I'm not a list moderator and I have absolutely zero authority to
>> say this, but I'm going to say it anyway:
>>
>> Please take this stuff elsewhere.
>>
>> You're linking to a conspiracy theory video alleging a... look, I'm not
>> going to give these people credibility even by *summarizing* it. It
>> should be enough to say that InfoWars is backing it.
>>
>> It has no connection to fact or even reality, and even less than no
>> connection to GnuPG or communications security.
>>
>> Please, I'm begging you: take it elsewhere. It doesn't belong here.
>>
>> https://www.usatoday.com/story/news/factcheck/2020/08/18/fact-check-shadowgate-spreads-misinformation-major-events/5601742002/
> Hi Robert,
>
> at least you may agree that Millie's documentary shows viewers that since a long time private contractors
> play an important role for Intelligence Agencies.
>
> <https://www.seattletimes.com/nation-world/private-contractors-play-key-role-in-us-intelligence-work/>
>
> Regards
> Stefan
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

--
-Ryan McGinnis
http://bigstormpicture.com
PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD

Stefan Claas wrote:

> vedaal@nym.hush.com wrote:
>
> >
> >
> > On 8/11/2020 at 3:00 PM, "Stefan Claas" <sac@300baud.de> wrote:
> >
> > ...
> >
> > >As understood a Pegasus operator can do what ever
> > >he likes to do remotely, anonymously with our (Android/iOS)
> > >smartphone, without that we know that this happens.
> >
> > ...
> >
> > >in form of a best practice FAQ (cross-platform), to no longer use
> > >encryption software on online devices and work out
> > >strategies to use offline devices and how to handle this data
> > >securely over to an online device, until proper and affordable
> > >hardware encryption devices for online usage are available?
> >
> > =====
> >
> > There is already a simple existing solution.
> >
> > [1] Encrypt and decrypt on a computer that has internet hardware disabled.
>
> I am thinking about this mobile one, once it hits the market.
>
> https://pocket.popcorncomputer.com/#products
>
> > [2] Use an Orbic Journey V phone that gets and sends *only text*
>
> Seems not to be available in Germany, so I must look for a similar one.

Thinking about another option smart phone users can try (I currently
have no second smart phone).

Since I am new to smart phone usage, I figured out that one can use
a second smart phone without a SIM-Card and with WiFi disabled. :-)

This means to me, regardless if people would use Android with Termux
and GnuPG or a Linux smart phone that they simply create the messages
on the IMHO not (so easy?!) compromisable second offline smart phone and
then transfer securely the encrypted messages to the compromised online
usage smart phone.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas wrote:

[...]

> > (btw,
> > There is, [afaik], no protection available in GnuPG
> > against a Clairvoyancy attack vector on an encrypted file even in an air-gapped computer,
> > and there is a rumour that any Witch or Wizard can instantly behold the plaintext of an encrypted message
> > by flicking a wand at it, and using the simple charm 'Revelato' )
>
> I think I know what you mean. But I think it does not scale well for the masses due to manpower shortage.
>
> > but not really in my threat model 8^))))
>
> Mine neither. :-)

I think I sell my smart phone and recommend not to keep it one the same room with an offline computer.

<https://cyber.bgu.ac.il/advanced-cyber/airgap>

Regards
Stefan


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas wrote:

> Stefan Claas wrote:
>
> [...]
>
> > > (btw,
> > > There is, [afaik], no protection available in GnuPG
> > > against a Clairvoyancy attack vector on an encrypted file even in an air-gapped computer,
> > > and there is a rumour that any Witch or Wizard can instantly behold the plaintext of an encrypted message
> > > by flicking a wand at it, and using the simple charm 'Revelato' )
> >
> > I think I know what you mean. But I think it does not scale well for the masses due to manpower shortage.
> >
> > > but not really in my threat model 8^))))
> >
> > Mine neither. :-)
>
> I think I sell my smart phone and recommend not to keep it one the same room with an offline computer.
>
> <https://cyber.bgu.ac.il/advanced-cyber/airgap>

Sold it. Now I can take my tinfoil hat off, in regards to smart phone usage. :-D

Regards
Stefan



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas wrote:

> While I personally stopped using online encryption, long ago, after my
> Linux system was hacked, [...]

https://thehackernews.com/2020/10/finfisher-spyware-raid.html

Regards
Stefan

--
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
The computer helps us to solve problems, we did not have without him.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users