[opendtv] Re: F.C.C. Proposes Privacy Rules for Internet Providers - The New York Times
- From: Craig Birkmaier <brewmastercraig@xxxxxxxxxx>
- To: opendtv@xxxxxxxxxxxxx
- Date: Sat, 19 Mar 2016 20:46:46 -0400
On Mar 19, 2016, at 8:09 PM, Albert Manfredi <albert.e.manfredi@xxxxxxxxxxx>
wrote:
No. So here's a clue, Craig. The ONLY credible purpose for
encryption-in-the-middle, provided either by ISPs or by your iCloud, is to
protect the network.
Bull.
Not the user's data. For example, if provided by ISPs, it protects the ISP's
routing tables, it protects the configuration of their nodes, and so on. For
Apple, it protects their iCloud servers. That's the purpose.
Not true. At this time Apple can decrypt data stored on iCloud servers, as they
did for the backups of the San Bernardino iPhone. But any ISP or hacker needs
the keys or to hack the users iCloud password, which did happen to some
celebrities a few years ago. He security has since been enhanced and it is
reported that soon even Apple will not be able to decrypt end user iCloud data.
What you should learn from this is that we are living through an evolving
security environment. New defenses are being developed all the time.
It is not protection for the user! In your case, all you have to do is tap in
somewhere outside this iCloud, and with DPI, any packet from the iCloud
traveling outside that iCloud can be read, if it hasn't been encrypted end to
end. The iCloud is not the entire Internet, Craig. If you knew what you were
doing, you'd never trust iCloud encryption alone for your online bank
transactions, for example. That would be foolish.
Any data leaving the cloud is encrypted.
I've repeated this point countless times.
And you. Have been wrong each time.
Repeating this again. This is false. As long as the decryption of that iCloud
email is occurring at an ISP's mail server, and not at my own PC, it means
that the ISP can read the email.
Yup.
That's why you need to use an e-mail service, as I do, where the day is
encrypted all the way to my devices.
You would know if your email client was set up for encryption, Craig. Because
you would be the one having to acquire and renew certificates, and you would
be the one having to figure out what type of encryption certificates are
needed by whoever it is you need to communicate securely with.
Those capabilities are native to iOS.
So here's the deal, Craig. As long as my email client is not decrypting that
email, and I know this because I have not enabled encryption for the email,
it means that the ISP's mail server is decrypting it, before sending it on to
my PC.
Yup.
You have chosen NOT to use encryption.
Everybody knows that simply knowing how an encryption algorithm works does
not mean you can decode encrypted messages, Craig. The point is, if YOUR OWN
client is not doing the decrypting, that message is going to be plaintext
going from server to client. The ISP *has* to be able to decrypt the email,
in short, when it's using encryption in the middle only.
So choose an e-mail client that is encrypted end-to-end.
Here are the main points that (as usual) are taking way too long to get
across:
1. To protect user data, the protection must be end to end. Like, between
your PC and the bank's internal server. Or between your email client and the
email client of the other guy. If it's not end to end, then it's not
protected as far as the user is concerned.
Correct.
2. An individual user typically has *no control* over what gets encrypted end
to end. Bank transactions do, as well as anything requiring payment. Other
than that, very little indeed.
That depends entirely on the OS and the applications you use.
3. If ISPs can use deep packet inspection, for WHATEVER reason, it's exactly
the same thing as wiretapping your phone. The user can protect against that,
sure, WITH END TO END ENCRYPTION. It doesn't matter whether the wiretapping
is done to "sell" the information, or for any other reason. Your information
is not private.
This is true, although you are assuming the ISPs have the resources and desire
to inspect everything. They do not.
Regards
Craig
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
Other related posts:
