Das Versprechen

We the Net People
We the Net People

Was bisher geschah: Vor Jahren meinte ich, Verschlüsselung im Netz sei etwas, das jeden Menschen im Netz interessieren müsste, und verfasste längliche Anleitungen, wie man E-Mail (und andere Dateien) sicher und zuverlässig verschlüsseln könne. Gelesen wurden diese Texte wahrscheinlich, und vielleicht hat sie auch der eine oder die andere befolgt; Feedback oder gar dank dieser Anleitungen verschlüsselte Mail habe ich aber nie bekommen.

Dann eben nicht, dachte ich mir pampig, und hörte (mehr oder weniger) auf, mit dem Thema anderen auf die Nerven zu gehen öffentlich Kryptografie zu predigen. Und es geschah weiterhin nichts.

Gestern nun erreichte mich die Mail eines Menschen, der das Thema Verschlüsselung so wichtig findet wie ich vor Jahren, und veranlasste mich zu dem Text über den andauernden Kampf. Das reichte dem Menschen nicht, der auch einen Hinweis auf die von ihm empfohlenen Anleitungen auf meiner Kontakt-Seite sehen wollte, wie er mir in einer weiteren Mail schrieb, aber: Pech, das hier ist mein Weblog.

Ebenfalls gestern erklärte Phil Zimmermann, Erfinder der Krypto-Software, dass wir jetzt erst recht verschlüsseln sollten. Eigentlich.

Und heute hielt Anne Roth (@annalist) auf der Abschlusskundgebung der „Freiheit statt Angst 2013“ eine Rede mit dem Titel „Der Kaiser ist nackt“ und mit ein paar Vorschlägen, darunter diesen beiden:

Nehmt Euch vor, mindestens einmal pro Woche jemandem Mailverschlüsselung beizubringen.
Akzeptiert nicht mehr, dass Eure Freund_innen G-Mail benutzen.

OK. Das geht. Punkt zwei ist sowieso klar: Meine GMail-Adresse wird zwar weiterhin aktiv bleiben, solange ich ein Google-Konto habe (was u.a. mit meiner Vorliebe für Android-Handies zu tun hat), aber jeder, der mir noch – egal, welchen Provider er selbst benutzt – über diese Adresse schreibt, bekommt einen freundlichen Hinweis, dass das nicht nötig sei. Ob ich Menschen, die selbst begeisterte GMail-Nutzer sind, eine Alternative schmackhaft machen kann, wird sich zeigen.

Und zu Punkt eins: Gebongt. Ich verspreche hiermit, jedem (und auch jeder), der/die es wissen will, in meinem geografischen Einzugsbereich zu finden ist und nicht auf der Benutzung von Microsoftware besteht, bei einem Bier (oder so) PGP-basierte Verschlüsselung zu erklären und auf seinem/ihren Rechner einzurichten. Der Microsoft-Ausschluss bezieht sich dabei nicht auf Windows, sondern auf MS Outlook, Outlook Express oder sonstige Microsoft-Mailprodukte, für die es zwar auch Verschlüsselung gibt, aber (meist) nur gegen Geld. Und gute Sicherheit muss nichts kosten.

Anfragen bitte – logischerweise unverschlüsselt – über meine Kontaktseite. Wer verschlüsselt anfragt, bekommt verschlüsselt die Antwort, dass ich ihm oder ihr nichts beibringen kann.

Und ja, ich weiß, dass ich hier überwiegend zu Bekehrten predige, die selbst längst Bescheid wissen. Aber kann ich was dafür, dass ihr hier mitlest?

4 Gedanken zu „Das Versprechen“

  1. I’ve been reading your recent posts with great interest. I’ve also made an effort to read up on the subjects that have been raised in the ongoing series of disclosures made by Mr Snowden in various other media. And I’ve been keenly following the contributions and subsequent discussions in some influential forums by people universally regarded as very knowledgeable on related subjects.

    As a consequence I’ve learned a few things, or should I say I’ve been painfully reminded of my own gullibility.

    From now on I’ll act on the premise that all my electronic communications, in whatever shape or form, are immediately available to the relevant state agencies for interception, inspection and decryption when necessary. Also all products, commercial or otherwise, to facilitate secure digital communications should never be used to transmit truly confidential information. And that by simply using them, you’ll make yourself easily stand out and seen to act suspiciously by those agencies.
    IMHO it’s not worth it, drawing that sort of attention to yourself in the world we currently live in. In a manner of speaking Guantanamo Bay is just around the corner …

    Regarding securing digital communications, I think it’s safe to say that a little knowledge could be dangerous, even harmful. Using any protocol we deem safe will merely serve to give us a false sense of security.
    Lacking the knowledge to make an informed judgement, it would IMHO be much safer to consider those protocols suspect or, even better, compromised in one way or another to begin with.
    As the great Ken Thompsom alreay said in 1984 (!!!): „You can’t trust code that you did not totally create yourself.“

    If the Snowden disclosures mentioned are to be taken at face value it appears we’ve been extremely naive, foolish even, to blindly trust various (state) institutions and other entities. It now appears the people we’ve elected and empowered to keep us safe have knowingly abused that trust by betraying us. That’s immoral.

    And make no mistake : there’s no way back from here. Whatever we’ll be told or promised in the future, that will never happen. From now on the digital world will never be the same : digital privacy no longer exists.

    • As with any good and useful discussion, I agree and disagree with you at the same time.

      I agree in that privacy may already be obsolete; I remember having written something to that extend already. I also agree that the general assumption that this kind of technology or that is (still?) safe may be dangerously misleading.

      On the other hand, what we see is a race between those who work for privacy and security of our data and those who want to render attempts to privacy futile. We can assume that the NSA and others have planted backdoors into privacy software; the suspicion has been around for basically forever. We also can assume that NSA and company employ some of the brightest mathematicians and programmers available. But it is equally safe to assume that there are others who don’t work for the Dark Side, but are working on Open Source solutions to the problem – solutions that can be checked for backdoors and the like, which would make such solutions safe(r) again. For what other reason would the Dark Side employ „social engineering“, i.e. pay or force their way into software which otherwise would be impenetrable?

      For the time being, I still assume (and there are experts who confirm this belief) that end-to-end encryption cannot (yet?) be cracked in real time. I also belief that it is the wrong thing to flip over backwards to expose the bellies of our privacy, so to speak.

      And while you may be right that using strong encryption can draw unwanted attention from the Dark Side, the risk would be minimized if it weren’t just a few using encryption tools but the unwashed enlightened masses – in which case using enxryption wouldn’t make you stick out any more.

      In any case, I refuse to make things easy for them. If they would ever (they wouldn’t because I don’t fit into their patterns of terror suspects) be forced to apply even just a tiny bit of their computing force to crack my laundry list, so be it.

  2. I appreciate some of the comments you’ve made in your reply. But being an incurable pessimist, in this particular case I’d like to err on the side of caution. While I agree that we should never give in to the Forces of Evil and strive to combat their dishonourable practices, it makes it extremely difficult that we are no longer being able to trust anyone. Not just state agencies, but also many of the well-known major players in the digital arena, who may have been coerced into covertly siding with The Enemy.

    We’ve been more or less voluntarily sacrificed our privacy over the years by using cellphones (giving up not only our private conversations but also our current and past whereabouts and travel schemes), chipcards (leaving traces of digital payments and travel), CCTV surveillance (mostly used for all the wrong reasons) etc.
    All of this data hoarding has already contributed to the fact that personal privacy has already been degraded to a mere word in the dictionary.

    Unthinkingly posting our indiscretions on Facebook and/or Twitter will have these available for future reference by anyone who is interested. Mostly to be used against us in some way or form, I’m convinced. But we should by now be more or less aware of that and voluntarily make an informed decision about participating.

    But when we can’t know The Enemy’s identity, can’t see where he’s hiding or operating, cannot easily recognise his subversion, will not be able know if our counter-surveillance measures (e.g. envryption) are good enough, matters become of a different magnitude altogether, as far as I’m concerned.

    And I suspect adequate counter-surveillance measures – proven beyond any doubt to be just that – will not be available to us without a fight by the relevant state agancies. IIRC high-grade encryption protocols cannot be ‚exported‘ from the US. Any commercially available (as in ‚easy to install and use‘), proprietary software coming from the US or UK is suspect. And I fear that all Open Source efforts in that area will require an effort by the user that will crucially slow down the adoption rate. The digitally challenged will be left vulnerable as before.

    I will continue to have faith in the few who dedicate their efforts to combat the efforts of the Forces of Evil, but in light of their awesome adversary, I seriously doubt the former will ever gain the upper hand over the latter. Let’s face it : we’re now all assumed guilty until proven innocent. We’ve all become digital collateral damage in global covert cyberwarfare. It just took a small crack in the enemies defences to make us realise that beyond any reasonable doubt.

    My apologies for being so long-winded …

Kommentare sind geschlossen.