GPG, encryption, and signatures

A useful feature of this blog, at least for me, is getting me to do the things I should be doing. I’d let my GPG software slip to the point that it didn’t work with my current version of Thunderbird. This past weekend I got it back up to date. Since my PGP key was five years old and not strong enough by current standards, I revoked it and created a new key.

GnuPG logoAt the same time, I updated my Enigmail add-on for Thunderbird, which is what lets it encrypt and sign messages and decrypt and verify incoming ones. From now on, I’ll sign many of my messages. You’ll need to have some kind of PGP / GPG software on your end to verify the signatures; if you don’t, you’ll just see some meaningless-looking characters at the end, so it’s harmless.
Continue reading GPG, encryption, and signatures

Confide is eyes-only communication, but is it secure?

Screenshot from getconfide.comThe messaging app Confide got a big publicity boost from Donald Trump’s using it. It does seem like a useful thing for highly confidential communication, if it works well. (Also for evading public records requirements.) It lets you read a message only once, a line at a time, with no going back. But it’s valuable only if it’s really secure, and some people have disputed that.
Continue reading Confide is eyes-only communication, but is it secure?

The return of Lavabit

Lavabit is back.

In 2013, the federal government launched an all-out attack on the secure Lavabit email service in its efforts to get Edward Snowden. This led to Lavabit’s shutdown. It was a classic secret police operation; at the time, Ladar Levison wasn’t even allowed to talk about what the government was demanding. In 2014, Levison published more details.

The Feds ordered the installation of surveillance equipment on Lavabit and demanded its private SSL keys. This would have let the Feds read anything that users sent over the supposedly secure connection to the site, including their passwords. Levison endured weeks of outrageous treatment by the legal system. Just read his article; no summary could do it justice. In the end, he faced the choice of letting the government snoop all 400,000 of Lavabit’s customers’ accounts or shutting it down. He shut it down.

All this was under Obama. We can only expect worse from Trump. So it was on Trump’s inauguration day that Levison chose to relaunch Lavabit.
Continue reading The return of Lavabit