SoylentNews is people
SoylentNews
Submitted via IRC for AndyTheAbsurd
UPDATE, March 23, 2018: President Donald Trump signed the $1.3 trillion government spending bill—which includes the CLOUD Act—into law Friday morning.
"People deserve the right to a better process." Those are the words of Jim McGovern, representative for Massachusetts and member of the House of Representatives Committee on Rules, when, after 8:00 PM EST on Wednesday, he and his colleagues were handed a 2,232-page bill to review and approve for a floor vote by the next morning.
In the final pages of the bill—meant only to appropriate future government spending—lawmakers snuck in a separate piece of legislation that made no mention of funds, salaries, or budget cuts. Instead, this final, tacked-on piece of legislation will erode privacy protections around the globe.
[...] As we wrote before, the CLOUD Act is a far-reaching, privacy-upending piece of legislation that will:
- Enable foreign police to collect and wiretap people's communications from U.S. companies, without obtaining a U.S. warrant.
- Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.
- Allow the U.S. president to enter "executive agreements" that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
- Allow foreign police to collect someone's data without notifying them about it.
- Empower U.S. police to grab any data, regardless if it's a U.S. person's or not, no matter where it is stored.
Source: https://www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes
See also: As the CLOUD Act sneaks into the omnibus, big tech butts heads with privacy advocates
(Score: 2) by frojack on Tuesday March 27 2018, @12:16AM (11 children)
Left unsaid is whether cloud providers will play along, whether the SCOTUS will play along, and whether cloud business can survive this at all.
If you live but the cloud then apply your own encryption before you put your data there.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Tuesday March 27 2018, @01:00AM (10 children)
That's what I'm doing right now. I'm going to have to figure out what to do about email, but my backups are already being hosted by a provider that allows me to set my own key.
The problem though tends to be knowing if the software is actually encrypting things as it can be rather hard to know.
(Score: 3, Insightful) by takyon on Tuesday March 27 2018, @01:09AM (3 children)
You could encrypt on your own machine using the relevant software and just upload the encrypted blob to the hosting provider, right?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday March 27 2018, @02:20AM (2 children)
For the archive yes, but in order to do anything useful with email, it has to be decrypted by somebody at some point. Unfortunately, that some point tends to be before it goes over the wire as there remains no practical means of encrypting emails and few bother. I don't think I even know anybody that has theirs encrypted, which makes it pointless for me to encrypt mine as nobody would be able to read it.
It's a sucky position to be in as the 4th and 5th amendments don't apply the way that they probably should.
(Score: 2) by takyon on Tuesday March 27 2018, @02:50AM
Yeah I meant the other data, not email.
Theoretically it ought to be possible to do seamless public-private key encryption/decryption of all email with very little work for the user, but only some providers will do this.
What does seem to be popular are encrypted chat apps. These are being used by younger people in place of email, are associated with big IPOs and lots of user growth, can be used seamlessly on smartphones, etc. The security implementation might be opaque or too centralized (to the point of being useless for the paranoid) for your tastes, but at least it would be less work to get someone to use it. Using it on the smartphone could be risky due to insecurities in that system, so you could find one with a desktop app or ability to work with something like Pidgin (I see plugins [pidgin.im] for Telegram and WhatsApp).
You would still run into fragmentation issues and need to convince people to use the app, but that seems to be where we're heading. You want practical and "secure" communications.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by edIII on Tuesday March 27 2018, @07:27PM
Email encryption is possible, and it's fairly easy at this point. Enterprise email does offer these features.
With the appropriate settings, you can prevent unencrypted connections between your mail server and others. Preventing that trick that downgrades secure connections between email servers is also trivial with the right settings.
You can't worry about the other side, but concentrate on yourself. One way governments win, is when fucking everybody is using gmail. Google then dictates the future of email technology, because it doesn't fucking matter what I'm running. If a user cannot email somebody at gmail, then your email is faulty and worthless. Even if technically superior.
All you can do is pay to run your own server. Use a VM provider, use full disk encryption, and security harden it. That way the government has to spend resources to crack thousands, or hundreds of thousands of email servers to get the data, versus a single connection to Google downloading all of the data.
Basically, in the end, the ONLY way to protect ourselves is to have possession of the keys and transmit 100% encrypted data all the time. The government cannot be trusted to act properly, nor can it be trusted to have the security required to protect itself, or our data.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Insightful) by Anonymous Coward on Tuesday March 27 2018, @01:50AM (5 children)
If you run your own email server like was intended then as far as your archive at rest, you have control. Yes, anything you send someone is open to being hoovered from that someones account, but your stored archive is safe.
And, no, I don't mean 'run email on Linode or other host', I mean "run your email server from your basement, where it is totally under your control".
(Score: 2) by Grishnakh on Tuesday March 27 2018, @02:48AM (4 children)
And, no, I don't mean 'run email on Linode or other host', I mean "run your email server from your basement, where it is totally under your control".
No one does that any more. Try it and you'll be blacklisted by all the major email players, so you won't be able to communicate with anyone. The spammers ruined that part of the internet for everyone.
What we really need is email 2.0, which lets people run their own servers again, has encryption baked-in, and somehow prevents spam from being a problem. I don't know offhand how this would work though.
(Score: 2) by frojack on Tuesday March 27 2018, @03:58AM
If you have the proper certificates from let's encrypt or someone, you can do this just fine.
But it's not necessary as you can encrypt mail just fine without running your own server.
And your mail may sit on several different mail servers along the way. Someone may figure out who you talk to, but not what you talk about.
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by NotSanguine on Tuesday March 27 2018, @04:26AM
I've been running my own email server on my own hardware for more than 15 years. A couple of times back in the mid 2000's, I got blacklisted for no apparent reason. I used the tools available to me to get off said blacklists with minimal effort.
These days, you don't get blacklisted when you're using SPF/DKIM to validate the email sourced from your server.
I guess that your "email 2.0" is here and it's called SPF [wikipedia.org]/DKIM [wikipedia.org], as we can (not that we ever couldn't) run our own email servers again.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Tuesday March 27 2018, @03:28PM (1 child)
Hillary sure did. Just sayin'.
(Score: 2) by tangomargarine on Tuesday March 27 2018, @08:15PM
Hillary also has slightly more money than me. I can't just throw money at all my problems until they go away.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"