What about uncontroversal things like setting up Father's Day plans or someone's birthday party? Most of my emails are so innocuous I can't imagine anyone other than the recipient, let alone the NSA, being remotely interested in them.

From a security standpoint it's much better to just encrypt by default

On the other hand, if you don't really care if your emails and other stuff is seen by people you don't expect, there's no real reason to use encryption. My email inquiries about my parents' failing health, for example, needs no encryption, and neither do most of the emails we send. Frankly, that stuff just isn't interesting to anyone.

This is from a couple of Presidents ago, but some of the same players are still in the game.

http://partners.nytimes.com/library/cyber/week/071097encrypt.html

encryption tools are free of key extraction back doors. Little confidence at all. But then, I don't really send anything through the Internet that needs encryption, so it's not an issue for me, personally.

The best you can do is to use keys that are sufficiently large that brute force won't be possible any time during your lifetime.

Or learn to communicate through things like metaphor, private jokes, the Navajo language, etc. Another good method is putting out a lot of noise that looks like information but is meaningless.

in our daily affairs, or we use secure internet URLs when disclosing stuff like credit card info or SS#s.

If security is critical, the best answer is to meet in person to exchange information, with nothing written down at all. Frankly, I've never been in any situation where such efforts were necessary. Back in my dope-smoking days, buying some grass was done in person only, of course, but the cops weren't all that interested in minor marijuana transactions in the 70s in California, so we were pretty darned casual about it.

These days, I deal with some business information for the companies whose websites I write, but it's not that serious, and we never bother to encrypt anything. Small businesses...small risks, really.

I keep toying with making a 1TP TLS system, but the pad management is a nightmare.

... when our supply through normal crypto channels was interrupted by an inconvenient little skirmish.

I had a hell of a time trying to figure out how to generate some really random sequences using the computer we had available at the time. (A TRS-80 ) I ended up going old school and pulling tokens out of a basket. It was a royal PITA, but it worked. OTPs are great except for distributing the pads.

For example, if the computation required 2000 Quads of energy to do, that is 4 times the annual global energy supply. So you would be pretty safe.

A back door is logically impossible there.

on routine communications.

Most people don't understand the technology. And most people have no need for it, either.

Except for SSL, the systems I mentioned are symmetric key based, which means there isn't a backdoor for the government to get in the first place.

e.g. hidden volumes in TrueCrypt

http://www.truecrypt.org/docs/?s=hidden-volume

Of course the tech savvy torturers will just say "ok, what's the *real* password to the *real* volume" *whack whack thud*

won't take 23 trillion years to crack?

But really, most of the rest of the solutions can be worked around with collusion of industry groups, and most of them are in the tank with Big Brother.

Installing software other than something from Microsoft is generally frowned upon.

The dichotomy of the Internet is this: we want the world to be accessible to us 24/7 but we also want it to be private.

It just doesn't work that way except with lots of hoops and configurations.

[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]

Then they would have to explain why they tolerate the racketeering that goes on in my City.

... whether use an https server to access their site or not. As on the backend your search history will be kept in clear text or other means that can be looked at by the PTB, whether it is just Google, or the government looking over their shoulder.

Ultimately, it won't stop the government looking at your purchase history at Amazon.

You remember the old days when they had the clipper chip that was talked about heavily that was encryption that allowed for a back door for government to be able to break it? If you back up your data online to carbonite servers, and you feel it is being encrypted there and not visible to arbitrary spying, ask yourself is a clipper style encryption mechanism is in place that allows the government to come in and do a thorough scan of what you thought was private on your home computer that is backed up there. And though Al Gore has railed against the latest efforts in this area, back in the day when the clipper chip legislation was being debated, Al Gore supported it and said something to the effect that if we all knew what was going on behind closed doors that we would see the "need for it". That tells me that we're not hearing the complete story of how our data and online life is being monitored, and what that monitoring is being used for.

Also, unless EVERYONE uses pgp to encrypt their data, your using such to protect email, etc. has your data stand out when they are monitoring everyone's search habits. Then they will look more closely at other parts of your online communications that aren't encrypted that much more than others would be monitored.

We really need some ground rules put in place that protect us from unwarranted and blanket surveillance that can be used for other agendas other than just law enforcement trying to protect us from things like terrorism. At least conceptually where the boundaries should be need to be made public, so that if people feel their privacy has been abused, there's a basis they use to challenge in court someone's abusing those rights without warrant.

But as far as that goes, the government is the least of my concerns...

The PGP authors used to get hassled for export laws to make sure they weren't carrying source of the pgp algorithms outside of the country in the older days, as stupid as that might sound.

I used to have a shirt that had that and the Rijndael algorithm in very short Perl on it.

My home page https://duckduckgo.com

I kind of feel sorry for any poor NSA schmuck who has to read through it.

Kidding! Kidding! Really!

[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]

remember that the NSA has teams of people working to hack such solutions, so don't let using such practices lull you into s sense of complete security.

I said "fuck it" years ago. Let 'em look. If they don't like what they see, it's their own damned fault.

I just thought this was a good teachable moment for reminding people of some best practices.

Like any crime-prevention strategy, it can't provide complete safety. But it will increase your safety to a degree.

Why should I encrypt my emails if all I'm doing is telling my wife I think we should weed the garden this weekend? Why use secure google to search for a Mexican chicken soup recipe? Frankly, if I was a snooper at the NSA, I'd spend my time looking at people who were encrypting everything rather than people doing everything in the open.

... by picking through people's garbage.

... they don't publish lists of "this week we're looking for x-type of bad guy", people just knock on your door and want to "talk".
One can't be sure what terms they're flagging, or what an innocuous statement may get you aligned with.

And aside from all that, why the hell should you allow anyone but you or your intended recipient to read the email in the first place?
It's simply none of their damn business.

by making it much more expensive for them to do their unconstitutional blanket spying on all Americans.

Money seems to be the only thing that get's their attention nowadays.

Lack of transparency is what got us into this mess, transparency will get us out.

Someday I'd like to see a government that keeps no secrets.

The NSA can crack the encryption in fractions of a second.

And, at any rate, you can always double your key size...

*surfing.. the TOR Browser is a standalone executable firefox with TOR built in. it's as easy to use as your regular browser, only slower and a mazillion times more secure. it can be downloaded for Windows, Mac & Linux here..

Tor Browser Bundle.. https://www.torproject.org/projects/torbrowser.html.en

if you aren't feeling that paranoid, but still don't want to be *tracked*.. make sure to have the browser addon/extension (firefox or chrome) 'Adblock Plus' and possibly 'Ghostery'. if you search for them in the addons/extensions page they should pop right up.

*https.. keep forgetting to stick that extra 's' in there? this addon/extension from the Electronic Frontier Foundation will remember for you.. for either Chrome or Firefox..

HTTPS Everywhere.. https://www.eff.org/https-everywhere

*encrypted email.. keep forgetting to encrypt your important emails or maybe too lazy? there's a free webmail service that offers crypto called Hushmail..

Hushmail.. http://www.hushmail.com/

*cell phone.. paranoid or private when talking on the phone over the cell network? gee i wonder why. it's not a complete solution but there are numerous VOIP apps that will allow you to make and receive calls over the internet using either Wifi or 3/4G data. no call log to pass on to the NSA.. just 'data usage statistics'.

i personally use a combo of Google Voice, Google Chat (aka Google Talk), and a pair of Android apps called 'GrooVeIP' and 'GrooVeIP Forwarder' (total cost.. about $7). originally i needed them because i live in the woods with no cell service, but i do have internet. this way i can make/receive calls seamlessly, but it has a nice side effect. there are plenty of other, probably more secure, options, however..

I cannot imagine why anybody would find my dull life worth examining, but just in case, they can spend the next few decades trying to decrypt them.

I'm sure Im not the only one, but I suspect the gov would probably frown on any company that tried to make it easy for people to do that with ALL their communications (not just google searches).

But it certainly could be done, if anyone with business savvy, and guts, who wants to put together a solid business plan, and do a proposal on kick starter, and also needs a tech partner, I would be willing to discuss it, just PM me

I worked both sides of the Federal lawsuit against Microsoft, then it just went away.

Draw you own conclusions.