
OSTIF, QuarksLab, and VeraCrypt E-mails Are Being Intercepted - y0ghur7_xxx
https://ostif.org/ostif-quarklab-and-veracrypt-e-mails-are-being-intercepted/
======
Kadin
While their emails may well be getting intercepted, I find it somewhat
implausible that a nation-state-level actor would go to all the work of
intercepting their messages, but do so in such a way that they disappeared in
transmission. That doesn't make a ton of sense. Sure, anything's possible, but
have they really considered simpler explanations?

My recollection of how Gmail works is that posting messages to the "Sent"
folder is a bit odd: in contrast to other email providers, where the SMTP
server is completely separate from the IMAP / incoming server, Gmail has them
connected so that if you send messages out via Google's SMTP, a copy of the
message is automatically put in your "Sent" folder. (At least, this is how it
worked for me, last time I checked.) This normally gets noticed because if you
have your MUA set up in a sane way, where it files a copy of each sent message
via IMAP into the "Sent" folder, you'll end up with duplicates. Thus, you have
to suppress the normal MUA behavior when using Gmail and Google's SMTP
servers.

Cf.: [http://superuser.com/questions/224524/sending-mails-via-
mutt...](http://superuser.com/questions/224524/sending-mails-via-mutt-and-
gmail-duplicates)

I wonder if perhaps someone had this Gmail configuration in their MUA, and
then sent messages via an alternate SMTP server. Doing this would cause the
messages not to show in Gmail's "Sent" box, and if that SMTP server was badly
configured or behaving, could easily cause the messages to 'disappear'.

Since many MUAs will roll from one SMTP server to another if the first one is
unreachable, it's not hard to imagine this happening 'mysteriously'.

~~~
dmix
NSA would definitely never make this mistake. PRISM works directly with Google
to intercept emails. So this would assume Google made the mistake in Gmail,
which is questionable. So that only leaves some other countries (assuming it
is a country and not technical anomaly or human error).

China has been known to be sloppy like this when monitoring activists but that
was probably not their top level secret services who monitor hacker groups -
those people are usually going to be good.

Not using gmail is probably a good start regardless though.

------
daveloyall
These folks are probably smarter than me, but they might not be less paranoid.

I have previously been 100% sure something nefarious was going on, (somebody
edited this file!!) and then discovered that I was connected to the wrong
server, for example.

This is only meant to help them think clearly as they investigate.

------
micah94
Why do I feel like I'm being trolled here? But maybe I'm missing something.
Why are they using Gmail? Did they not get the various memos from Snowden? Are
they not familiar with what happened to CIA director Petraeus?

