-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/23/2010 02:48 PM, Christopher Kunzler wrote:
> On Thu, Jul 22, 2010 at 10:13 PM, Christopher Howard
> <choward@indicium.us> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 07/23/10 03:48, Christopher Kunzler wrote:
>>> On Thu, Jul 22, 2010 at 7:20 PM, Christopher Howard <choward@indicium.us> wrote:
>>>
>>>>
>>>> Somebody tell me if this is OT. But it seems very related to me:
>>>>
>>>> I don't understand the Google bashing. Google has probably done more for
>>>> open source than any company on the planet, depending on the measuring
>>>> stick you use, of course. Google has supported Google Summer of Code for
>>>> years. Google pays 85% of the expenses of the Mozilla foundation, and is
>>>> therefore pretty much responsible for giving us the only truly
>>>> marketable open-source browser (outside of Google Chrome). Google's
>>>> flagship mobile OS -- Android -- is released almost entirely under the
>>>> Apache license. Google gave us Google Apps which, outside of OpenOffice,
>>>> has been pretty much the only successful crack in the Microsoft Office
>>>> market.
>>>>
>>>> Outside of their search technology, virtually every software project
>>>> they've every championed (that I know of) has either been an open source
>>>> project or has advanced open standards in some way.
>>>>
>>>> I hear some people bash Google over privacy concerns. I'm not
>>>> unilaterally standing behind them, and maybe you can educate us better
>>>> on that. But there is no law saying that you have to send search queries
>>>> over an unencrypted connection to Google, in order to get a free
>>>> response back. And Gmail is a free e-mail service provided to almost 200
>>>> million people. Can we really expect Google to exhaust their company
>>>> savings defending client privacy when some agency comes along demanding
>>>> particular information?
>>>>
>>>> - --
>>>> Christopher Howard
>>>> frigidcode.com
>>>> theologia.indicium.us
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v2.0.15 (GNU/Linux)
>>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>>
>>>
>>> I love Google--Google is one of the few big corporations I don't
>>> believe to be evil. However I can understand why some have concerns.
>>> Google has access to a crazy amount of information.
>>>
>>>
>>
>> Well, sure they do... every company and publisher on the planet wants
>> them to. They are a web search company, crawling the web like Yahoo and
>> Alexa and anyone else can freely.
>>
>
> Good point. They also have all the search data people enter.
>
Yeah. But again, you're sending text data over an unsecured connection
to a remote server to get free query results. How can there be any
reasonable expectation of privacy?
>> Now, there is the question of people storing their entire life's worth
>> of personal e-mail communication on a server they haven't paid for or
>> have no control over. But if we all really cared about that, we could
>> just PGP encrypt our e-mails and do the decryption locally. (That way,
>> you can store the e-mails on any server you wanted and only you would be
>> able to read them.)
>>
>> - --
>
>
> Good idea and convincing pitch. I think I might start doing that
> then. How do you keep your keys safe? I'm afraid I'd encrypt stuff
> then lose the ability to open my email.
>
Keep one backup copy in some secure location. There are probably quite a
few approaches you could take to keeping the backup secure. First of
all, you can encrypt the key pair itself with pass-phrase-based
encryption, so that even if somebody steals your private key, they can't
use it. (GPG makes this easy.) Then, you could drop the backup file in
an encfs that is itself protected with a pass-phrase (along with your
other confidential backup data), and upload the encfs raw data to your
remote backup server. Then anyone (including your remote-backup company)
would have to break through two-layers of high-grade security to get to
the private key.
Another approach would be to actually print the key data out onto a
piece of paper (in ASCII format), throw it in a capsule, and bury it in
some secret location.
- --
Christopher Howard
http://frigidcode.com
http://theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxKJX4ACgkQQ5FLNdi0BcW4WQCePxu2wzwoCtVJvVMbKqF0dsY0
cq4An3U5hlsFETEmAErqXDMt5zpGZ/ks
=TzpS
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jul 23 15:28:05 2010
This archive was generated by hypermail 2.1.8 : Fri Jul 23 2010 - 15:28:05 AKDT